Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe

Overview

General Information

Sample name:Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
renamed because original name is a hash value
Original sample name:Dowody potwierdzajce naruszenie praw wasnoci CDN 21.10.exe
Analysis ID:1538456
MD5:4864a55cff27f686023456a22371e790
SHA1:6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
SHA256:08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
Infos:

Detection

Score:9
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: certificate valid
Source: Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF-no-MuPDF.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF-1.5.3.0.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: libmupdf.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0049668D _wcspbrk,__getdrive,FindFirstFileW,_wcspbrk,__wfullpath_helper,_wcslen,_IsRootUNCName,GetDriveTypeW,___loctotime64_t,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,0_2_0049668D
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0054A8F0 _wcscpy,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_wcscpy,_wcscpy,_wcscpy,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,0_2_0054A8F0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00644A50 Concurrency::SchedulerPolicy::SchedulerPolicy,FindFirstFileW,FindNextFileW,FindClose,codecvt,0_2_00644A50
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0062F200 FindFirstFileW,FindNextFileW,FindClose,0_2_0062F200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00693520 CreateFileW,InternetOpenW,InternetOpenUrlW,InternetReadFile,WriteFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00693520
Source: global trafficHTTP traffic detected: GET /pdfversion.htm HTTP/1.1Accept: */*User-Agent: HDMHost: www.drm-x.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: www.drm-x.com
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://HDMHDMLoading...%s
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://blog.kowalczyk.infoKrzysztof
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://itexmac.sourceforge.net/SyncTeX.htmlJ
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://mupdf.comMuPDFpdf
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://p.yusukekamiyamane.com/Yusuke
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://william.famille-blum.org/William
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drm-x.com/
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drm-x.com/0E
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drm-x.com/C
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drm-x.com/pdfversion.htm
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030562916.00000000027D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drm-x.com/pdfversion.htmHH
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.flashvidz.tk/Zenonprogram
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.freetype.org/FreeTypefont
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.haihaisoft.com
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.haihaisoft.com/Contact.aspx
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.haihaisoft.com/PDF_Reader_download.aspx
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.haihaisoft.comSumatraPDF
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.winimage.com/zLibDll
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.winimage.com/zLibDllbad
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: http://www.zeniko.ch/#SumatraPDFSimon
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: https://www.globalsign.com/repository/0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: https://www.globalsign.com/repository/06
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0060B1A0 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,lstrcpyW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0060B1A0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0060B1A0 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,lstrcpyW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0060B1A0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00549A90: CreateFileW,DeviceIoControl,CloseHandle,0_2_00549A90
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005C20F00_2_005C20F0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005401A00_2_005401A0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005C25C00_2_005C25C0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_006066100_2_00606610
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004AE85B0_2_004AE85B
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005E28700_2_005E2870
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005848300_2_00584830
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004A2A510_2_004A2A51
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00540A000_2_00540A00
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00544AC00_2_00544AC0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00512AF00_2_00512AF0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00586AB00_2_00586AB0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0053CC600_2_0053CC60
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004B2C8E0_2_004B2C8E
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0049ADE90_2_0049ADE9
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00524F700_2_00524F70
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00586F200_2_00586F20
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005130400_2_00513040
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005472000_2_00547200
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0053F2200_2_0053F220
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005873200_2_00587320
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0069D3A00_2_0069D3A0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0053F4500_2_0053F450
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005414500_2_00541450
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004B37160_2_004B3716
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005138800_2_00513880
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_005F7A400_2_005F7A40
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004A5B530_2_004A5B53
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00495BA00_2_00495BA0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0048FFAC0_2_0048FFAC
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: String function: 00637FA0 appears 31 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: String function: 00412DB0 appears 807 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: String function: 00594130 appears 56 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: String function: 00427270 appears 36 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: String function: 00497F54 appears 44 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: String function: 004060C0 appears 47 times
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000000.1792774025.00000000006C9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: 0has caused the Haihaisoft PDF Reader to exit. Please close all screen capture software and open the Haihaisoft PDF Reader again.\\VarFileInfo\TranslationOriginalFilename, , , , A:\B:\cccgoogledrivesync.exeaaa, Domain parse error 4./HaihaisoftWeb page content length is 0.ntdll.dllRtlGetNtVersionNumbersindivstr is empty!%s\Haihaisoft\XPDF\%s.lic%s\Haihaisoft\XPDF\V3.licindivstr2013 is empty!%s\Haihaisoft\XPDF\%s.licq1Ggw0sW0raah/rGgDOENvB7EvvftEWPYBEHVgshiJN3ce+NsnD4IzY=GetIndivStr failed. %s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b>q1Ggw0sW0raah/rGgDOENvB7EvvSvlyPYBEHVgshiJN3ce+NsnD4IzY=%s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b/>q1Ggw0sW0uacjfrJgHiUavkkB/jE9UvPfw5HBlxMndR4XemQ/3DiLmWBRkTJYQ==q1Ggw0sW0uacjfrJgHiUavU3A73dslvPdFUZAVV+xc1yZMCC5G3UN27dXVnLY9C5l7Xo..cnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopenhttp://www.haihaisoft.com/PDF_Reader_download.aspxopencng vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000000.1793020358.00000000009FC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamehpreader.exeL vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: 0has caused the Haihaisoft PDF Reader to exit. Please close all screen capture software and open the Haihaisoft PDF Reader again.\\VarFileInfo\TranslationOriginalFilename, , , , A:\B:\cccgoogledrivesync.exeaaa, Domain parse error 4./HaihaisoftWeb page content length is 0.ntdll.dllRtlGetNtVersionNumbersindivstr is empty!%s\Haihaisoft\XPDF\%s.lic%s\Haihaisoft\XPDF\V3.licindivstr2013 is empty!%s\Haihaisoft\XPDF\%s.licq1Ggw0sW0raah/rGgDOENvB7EvvftEWPYBEHVgshiJN3ce+NsnD4IzY=GetIndivStr failed. %s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b>q1Ggw0sW0raah/rGgDOENvB7EvvSvlyPYBEHVgshiJN3ce+NsnD4IzY=%s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b/>q1Ggw0sW0uacjfrJgHiUavkkB/jE9UvPfw5HBlxMndR4XemQ/3DiLmWBRkTJYQ==q1Ggw0sW0uacjfrJgHiUavU3A73dslvPdFUZAVV+xc1yZMCC5G3UN27dXVnLY9C5l7Xo..cnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopenhttp://www.haihaisoft.com/PDF_Reader_download.aspxopencng vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeBinary or memory string: 0has caused the Haihaisoft PDF Reader to exit. Please close all screen capture software and open the Haihaisoft PDF Reader again.\\VarFileInfo\TranslationOriginalFilename, , , , A:\B:\cccgoogledrivesync.exeaaa, Domain parse error 4./HaihaisoftWeb page content length is 0.ntdll.dllRtlGetNtVersionNumbersindivstr is empty!%s\Haihaisoft\XPDF\%s.lic%s\Haihaisoft\XPDF\V3.licindivstr2013 is empty!%s\Haihaisoft\XPDF\%s.licq1Ggw0sW0raah/rGgDOENvB7EvvftEWPYBEHVgshiJN3ce+NsnD4IzY=GetIndivStr failed. %s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b>q1Ggw0sW0raah/rGgDOENvB7EvvSvlyPYBEHVgshiJN3ce+NsnD4IzY=%s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b/>q1Ggw0sW0uacjfrJgHiUavkkB/jE9UvPfw5HBlxMndR4XemQ/3DiLmWBRkTJYQ==q1Ggw0sW0uacjfrJgHiUavU3A73dslvPdFUZAVV+xc1yZMCC5G3UN27dXVnLY9C5l7Xo..cnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopenhttp://www.haihaisoft.com/PDF_Reader_download.aspxopencng vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeBinary or memory string: OriginalFilenamehpreader.exeL vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: clean9.winEXE@1/0@2/1
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0060AEC0 GetLastError,FormatMessageW,LocalFree,0_2_0060AEC0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00548A50 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_00548A50
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_006207D0 CreateToolhelp32Snapshot,GetCurrentProcessId,Thread32First,Thread32Next,CloseHandle,0_2_006207D0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0063A190 CoCreateInstance,0_2_0063A190
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004767EF FindResourceW,LoadResource,FreeResource,0_2_004767EF
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeFile created: C:\Users\user\AppData\Roaming\Haihaisoft PDF ReaderJump to behavior
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: PdfVersion%d.%d Adobe Extension Level %d%d.%dRootPageLayoutRightTwoViewerPreferencesDirectionR2LRootBaseURITypeFilespecUFF\/EF.pdf%s:%d:%dSGoToRFF\/LaunchURLScrollToEFLaunchEmbeddedLaunchFileGoToRSDScrollToExScrollToExDLaunchEmbeddedFUFEFXYZFitRFitHFitBHFitFitVFitBFitBV%PDF.pdfhttp:https:mailto:<FixedPage<FixedPageFixedPageWidthHeightDeviceRGB%s#%s
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeString found in binary or memory: 0WarningVirtual printing was deniedPrinting problem.Cannot print this fileDevices%S,%S,%S,%SPrinting problem.Printer with given name doesn't existPrinting problem.Could not open PrinterPrinting problem.Could not obtain Printer propertiesPrinting problem.Couldn't initialize printerCPDFLoginDlg%I64uhttp://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?cid=%s&kid=%s&ci=%s&vid=%s&lt=%s&session=%sButtonOKButtonCancelres://Loading...3licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x2<TD></TD><TD></TD><TD></TD><TD></TD><TD></TD>&#13;&#10;%s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD><TD></TD><TD></TD>"== = =content=name=>%d,%d,%d,%d,%d,%d,%d,%d,Incorrect web page!PlayerVersionSettings&#13;&#10;%s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file Cannot get CSIDL_COMMON_APPDATAlicstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD></LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>Cannot write license file<LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>%s\Haihaisoft\XPDF\bad allocationSUMATRA_PDF_NOTIFICATION_WINDOWSUMATRA_PDF_NOTIFICATION_WINDOWbad allocation&OpenCtrl+O&CloseCtrl+W&Print...Ctrl+P-----Save S&hortcut...Ctrl+Shift+SOpen in &Adobe ReaderOpen in &Foxit ReaderOpen in PDF-XChangeSend by &E-mail...-----P&ropertiesCtrl+D-----E&xitCtrl+Q&Single PageCtrl+6&FacingCtrl+7&Book ViewCtrl+8Show &pages continuously-----Rotate &LeftCtrl+Shift+-Rotate &RightCtrl+Shift++-----Pr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar-----Select &AllCtrl+A&Copy SelectionCtrl+C&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right Arrow-----Fin&d...Ctrl+FFit &PageCtrl+0&Actual SizeCtrl+1Fit &WidthCtrl+2Fit &ContentCtrl+3Custom &Zoom...Ctrl+Y-----6400%3200%1600%800%400%200%150%125%100%50%25%12.5%8.33%Change Language&Options...Add to favoritesRemove from favoritesShow FavoritesVisit &Website&ManualCheck for &Updates-----&About&Copy SelectionCopy &Link AddressCopy Co&mment-----Select &All-----&Print...P&roperties&Open Document&Pin Document-----&Remove Document&%d) %s-----&File&View&Go To&ZoomF&avorites&Settings&Help&Print... (denied)&OpenCtrl+O&CloseCtrl+W-----E&xitCtrl+QPr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: sendmail.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeWindow detected: Number of UI elements: 12
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: certificate valid
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic file information: File size 6365288 > 1048576
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: section name: RT_CURSOR
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: section name: RT_BITMAP
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: section name: RT_ICON
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: section name: RT_MENU
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: section name: RT_DIALOG
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: section name: RT_STRING
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: section name: RT_ACCELERATOR
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: section name: RT_GROUP_ICON
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2c7a00
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2b5e00
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF-no-MuPDF.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF-1.5.3.0.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: libmupdf.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004AB925 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_004AB925
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00497E0C push ecx; ret 0_2_00497E1F
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00497F99 push ecx; ret 0_2_00497FAC
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00642830 DefWindowProcW,SetTimer,DefWindowProcW,IsIconic,DefWindowProcW,0_2_00642830
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00640C10 IsZoomed,IsIconic,0_2_00640C10
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00415630 IsIconic,0_2_00415630
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00639F30 IsZoomed,IsIconic,IsIconic,0_2_00639F30
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00639F30 IsZoomed,IsIconic,IsIconic,0_2_00639F30
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0061EF40 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0061EF40
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_006207D0 CreateToolhelp32Snapshot,GetCurrentProcessId,Thread32First,Thread32Next,CloseHandle,0_2_006207D0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeAPI coverage: 8.5 %
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0049668D _wcspbrk,__getdrive,FindFirstFileW,_wcspbrk,__wfullpath_helper,_wcslen,_IsRootUNCName,GetDriveTypeW,___loctotime64_t,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,0_2_0049668D
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0054A8F0 _wcscpy,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_wcscpy,_wcscpy,_wcscpy,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,0_2_0054A8F0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00644A50 Concurrency::SchedulerPolicy::SchedulerPolicy,FindFirstFileW,FindNextFileW,FindClose,codecvt,0_2_00644A50
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0062F200 FindFirstFileW,FindNextFileW,FindClose,0_2_0062F200
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0061FC80 GetSystemInfo,GlobalMemoryStatusEx,0_2_0061FC80
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D5A000.00000004.00000020.00020000.00000000.sdmp, Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWg
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$m
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeAPI call chain: ExitProcess graph end nodegraph_0-71164
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeAPI call chain: ExitProcess graph end nodegraph_0-70703
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00491A4F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00491A4F
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_006207D0 CreateToolhelp32Snapshot,GetCurrentProcessId,Thread32First,Thread32Next,CloseHandle,0_2_006207D0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004AB925 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_004AB925
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004B47D9 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_004B47D9
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00493699 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00493699
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00491A4F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00491A4F
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0048FA8E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0048FA8E
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00446200 cpuid 0_2_00446200
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,0_2_004A4AAF
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,0_2_004A5008
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: GetLocaleInfoA,0_2_004B42C3
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: GetLocaleInfoA,0_2_004B2A91
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_004A4F65
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_004A4FCC
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: GetLocaleInfoA,GetLocaleInfoA,0_2_0061F5F0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: _calloc,GetLocaleInfoW,0_2_00619620
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeQueries volume information: C:\Program Files (x86) VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeQueries volume information: C:\Program Files (x86) VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeQueries volume information: C:\Program Files (x86) VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeQueries volume information: C:\Program Files (x86) VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_00669090 std::_Iterator_base::_Iterator_base,Concurrency::details::ContextBase::GetWorkQueueIdentity,_DebugHeapAllocator,_DebugHeapAllocator,GetLocalTime,SystemTimeToFileTime,_DebugHeapAllocator,Sleep,MultiByteToWideChar,Concurrency::details::ContextBase::GetWorkQueueIdentity,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,ShellExecuteW,std::_Iterator_base::_Iterator_base,0_2_00669090
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_004AA2E5 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,0_2_004AA2E5
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exeCode function: 0_2_0046F16D _memset,GetVersionExW,0_2_0046F16D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Access Token Manipulation		1
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Access Token Manipulation		LSASS Memory31
Security Software Discovery		Remote Desktop Protocol2
Clipboard Data		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials34
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.winimage.com/zLibDll0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.drm-x.com.wswebpic.com
163.171.156.15
truefalse
    		unknown
    www.drm-x.com
    		unknown
    		unknownfalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://www.drm-x.com/pdfversion.htmfalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.zeniko.ch/#SumatraPDFSimonDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
          		unknown
          http://www.drm-x.com/0EDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D78000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://www.apache.org/licenses/LICENSE-2.0Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
              		unknown
              http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlTheDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                		unknown
                http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?cDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                  		unknown
                  http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                    		unknown
                    http://www.drm-x.com/Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D78000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://itexmac.sourceforge.net/SyncTeX.htmlJDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                        		unknown
                        http://HDMHDMLoading...%sDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                          		unknown
                          http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSoDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                            		unknown
                            http://www.haihaisoft.com/PDF_Reader_download.aspxDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                              		unknown
                              http://www.flashvidz.tk/ZenonprogramDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                		unknown
                                http://www.drm-x.com/pdfversion.htmHHDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030562916.00000000027D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://p.yusukekamiyamane.com/YusukeDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                    		unknown
                                    http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPagDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                      		unknown
                                      http://www.haihaisoft.com/Contact.aspxDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                        		unknown
                                        http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensedDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                          		unknown
                                          http://www.freetype.org/FreeTypefontDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                            		unknown
                                            http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMSDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                              		unknown
                                              http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContributeDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                		unknown
                                                http://www.haihaisoft.comDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                  		unknown
                                                  http://william.famille-blum.org/WilliamDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                    		unknown
                                                    http://www.apache.org/licenses/LICENSE-2.0DigitizedDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                      		unknown
                                                      http://mupdf.comMuPDFpdfDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                        		unknown
                                                        http://www.drm-x.com/CDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://www.winimage.com/zLibDllbadDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                            		unknown
                                                            http://www.winimage.com/zLibDllDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopenDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                              		unknown
                                                              http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftwareDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                                		unknown
                                                                http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BDDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                                  		unknown
                                                                  http://blog.kowalczyk.infoKrzysztofDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                                    		unknown
                                                                    http://www.haihaisoft.comSumatraPDFDowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exefalse
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      163.171.156.15
                                                                      		www.drm-x.com.wswebpic.comEuropean Union
                                                                      		54994QUANTILNETWORKSUSfalse

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1538456
                                                                      Start date and time:2024-10-21 10:35:38 +02:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 5m 23s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:6
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
                                                                      renamed because original name is a hash value
                                                                      Original Sample Name:Dowody potwierdzajce naruszenie praw wasnoci CDN 21.10.exe
                                                                      Detection:CLEAN
                                                                      Classification:clean9.winEXE@1/0@2/1
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:Failed
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • VT rate limit hit for: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      No simulations

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      163.171.156.15https://www.easeus.com/backup-recovery/refresh-windows-11.htmlGet hashmaliciousUnknownBrowse
                                                                        https://download2.easeus.com/installer_rss_new.phpGet hashmaliciousUnknownBrowse
                                                                          https://www.czbfjt.com/video/139239.htmlGet hashmaliciousUnknownBrowse

                                                                            Domains

                                                                            No context

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            QUANTILNETWORKSUSSecuriteInfo.com.Adware.Softcnapp.188.23310.11521.exeGet hashmaliciousUnknownBrowse
                                                                            • 168.235.193.123
                                                                            mips.elfGet hashmaliciousMiraiBrowse
                                                                            • 220.242.145.246
                                                                            https://pub-6e60812ea6034887a73a58b17a92a80f.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                            • 163.171.138.116
                                                                            https://f120987.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                            • 163.171.133.124
                                                                            https://kucoinexplora.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                            • 163.171.128.148
                                                                            nuklear.arm.elfGet hashmaliciousUnknownBrowse
                                                                            • 116.254.184.24
                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                            • 220.242.145.204
                                                                            http://ipfs.io/ipfs/bafybeidgkzr2gy7npe4yonk6p7s4chmwvgd2cp7bk7u6llfwiutgvt77tqGet hashmaliciousHTMLPhisherBrowse
                                                                            • 157.185.188.1
                                                                            http://alibinaadi.com/.well-known/alibaba/Alibaba/index.phpGet hashmaliciousUnknownBrowse
                                                                            • 157.185.188.1
                                                                            SecuriteInfo.com.Win32.Adware-gen.4366.267.exeGet hashmaliciousUnknownBrowse
                                                                            • 163.171.128.148

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            No created / dropped files found

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):6.974813635942095
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
                                                                            File size:6'365'288 bytes
                                                                            MD5:4864a55cff27f686023456a22371e790
                                                                            SHA1:6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
                                                                            SHA256:08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
                                                                            SHA512:4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
                                                                            SSDEEP:98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
                                                                            TLSH:DA56CE11A7419439F4E304B28A7DF2AEA968BF31071651C7A2CC3D9D9AB4AF23D31717
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........N..HN..HN..Hih.H\..HP.BHF..H..PHF..HG.SHu..HG.BH...HN..HQ..HG.EH...Hih.Hk..HN..H%..HG.OHw..HP.RHO..HG.WHO..HRichN..H.......

                                                                            File Icon

                                                                            Icon Hash:3272d68e92d6f213

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x48fa84
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:true
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x5A153724 [Wed Nov 22 08:36:52 2017 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:5
                                                                            OS Version Minor:0
                                                                            File Version Major:5
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:5
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:6b2179c3562d13ffc88ec65e11e4495d

                                                                            Authenticode Signature

                                                                            Signature Valid:true
                                                                            Signature Issuer:CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
                                                                            Signature Validation Error:The operation completed successfully
                                                                            Error Number:0
                                                                            Not Before, Not After
                                                                            • 13/11/2017 16:48:11 13/02/2021 16:48:11
                                                                            Subject Chain
                                                                            • E=joseph@haihaisoft.com, CN=Haihaisoft Limited, O=Haihaisoft Limited, L=Hong Kong, S=Hong Kong, C=HK
                                                                            Version:3
                                                                            Thumbprint MD5:2D757C5C03EBFA847C0B1FF834BD4927
                                                                            Thumbprint SHA-1:0B7A2FE0EAD24F581342C9A5D0A80109383D3F7F
                                                                            Thumbprint SHA-256:2A509A4D7B56940F1E4D43D0D62F57BE6F2F59ECD73162AC9863CD0E27C1E287
                                                                            Serial:6AE185C29281E414EA620E1D

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            call 00007F4624D5F613h
                                                                            jmp 00007F4624D54B9Eh
                                                                            cmp ecx, dword ptr [00980920h]
                                                                            jne 00007F4624D54D24h
                                                                            rep ret
                                                                            jmp 00007F4624D5F695h
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push edi
                                                                            push esi
                                                                            mov esi, dword ptr [ebp+0Ch]
                                                                            mov ecx, dword ptr [ebp+10h]
                                                                            mov edi, dword ptr [ebp+08h]
                                                                            mov eax, ecx
                                                                            mov edx, ecx
                                                                            add eax, esi
                                                                            cmp edi, esi
                                                                            jbe 00007F4624D54D2Ah
                                                                            cmp edi, eax
                                                                            jc 00007F4624D54ECAh
                                                                            cmp ecx, 00000100h
                                                                            jc 00007F4624D54D41h
                                                                            cmp dword ptr [009F9F10h], 00000000h
                                                                            je 00007F4624D54D38h
                                                                            push edi
                                                                            push esi
                                                                            and edi, 0Fh
                                                                            and esi, 0Fh
                                                                            cmp edi, esi
                                                                            pop esi
                                                                            pop edi
                                                                            jne 00007F4624D54D2Ah
                                                                            pop esi
                                                                            pop edi
                                                                            pop ebp
                                                                            jmp 00007F4624D5F7D8h
                                                                            test edi, 00000003h
                                                                            jne 00007F4624D54D37h
                                                                            shr ecx, 02h
                                                                            and edx, 03h
                                                                            cmp ecx, 08h
                                                                            jc 00007F4624D54D4Ch
                                                                            rep movsd
                                                                            jmp dword ptr [0048FC14h+edx*4]
                                                                            nop
                                                                            mov eax, edi
                                                                            mov edx, 00000003h
                                                                            sub ecx, 04h
                                                                            jc 00007F4624D54D2Eh
                                                                            and eax, 03h
                                                                            add ecx, eax
                                                                            jmp dword ptr [0048FB28h+eax*4]
                                                                            jmp dword ptr [0048FC24h+ecx*4]
                                                                            nop
                                                                            jmp dword ptr [0048FBA8h+ecx*4]
                                                                            nop
                                                                            cmp bl, bh
                                                                            dec eax
                                                                            add byte ptr [ebx+edi*8+48h], ah
                                                                            add byte ptr [eax+230048FBh], cl
                                                                            ror dword ptr [edx-75F877FAh], 1
                                                                            inc esi
                                                                            add dword ptr [eax+468A0147h], ecx
                                                                            add al, cl
                                                                            jmp 00007F46251CD527h

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [ C ] VS2005 build 50727
                                                                            • [C++] VS2008 build 21022
                                                                            • [ASM] VS2008 SP1 build 30729
                                                                            • [C++] VS2008 SP1 build 30729
                                                                            • [ C ] VS2008 SP1 build 30729
                                                                            • [IMP] VS2005 build 50727
                                                                            • [RES] VS2008 build 21022
                                                                            • [LNK] VS2008 SP1 build 30729

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x57ace40x17c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x5fc0000x2ea08.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x6104000x1c68.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x2c9d400x1c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x550e480x40.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2c90000xb98.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x57ac5c0x40.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x2c795c0x2c7a00b2f1ce23f4584edb4677acf4fffa98ccunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x2c90000x2b5d1a0x2b5e0020e056de60b1e7e3d8df6cd391a500e0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0x57f0000x7c05c0x63c00e41be4b9351bea0378e7d0777bcb86beFalse0.2800115523182957data5.1983138540831515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x5fc0000x2ea080x2ec006b617440f7640f6c28b906e5a3d07dd7False0.18612654578877005data4.773076953797002IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_CURSOR0x5fd8880x134dataChineseChina0.29545454545454547
                                                                            RT_CURSOR0x5fd9bc0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                            RT_CURSOR0x5fdaf00xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                            RT_CURSOR0x5fdba40x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
                                                                            RT_CURSOR0x5fdcd80x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
                                                                            RT_CURSOR0x5fde0c0x134dataEnglishUnited States0.37337662337662336
                                                                            RT_CURSOR0x5fdf400x134dataEnglishUnited States0.37662337662337664
                                                                            RT_CURSOR0x5fe0740x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                            RT_CURSOR0x5fe1a80x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
                                                                            RT_CURSOR0x5fe2dc0x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                            RT_CURSOR0x5fe4100x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                            RT_CURSOR0x5fe5440x134dataEnglishUnited States0.44155844155844154
                                                                            RT_CURSOR0x5fe6780x134dataEnglishUnited States0.4155844155844156
                                                                            RT_CURSOR0x5fe7ac0x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
                                                                            RT_CURSOR0x5fe8e00x134dataEnglishUnited States0.2662337662337662
                                                                            RT_CURSOR0x5fea140x134dataEnglishUnited States0.2824675324675325
                                                                            RT_CURSOR0x5feb480x134dataEnglishUnited States0.3246753246753247
                                                                            RT_BITMAP0x5fec7c0x2728Device independent bitmap graphic, 208 x 16 x 24, image size 0, resolution 3780 x 3780 px/mChineseChina0.3254189944134078
                                                                            RT_BITMAP0x6013a40x328Device independent bitmap graphic, 16 x 16 x 24, image size 768ChineseChina0.7091584158415841
                                                                            RT_BITMAP0x6016cc0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.24931192660550458
                                                                            RT_BITMAP0x6027d40x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2509174311926605
                                                                            RT_BITMAP0x6038dc0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.25045871559633026
                                                                            RT_BITMAP0x6049e40x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.23876146788990826
                                                                            RT_BITMAP0x605aec0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2408256880733945
                                                                            RT_BITMAP0x606bf40x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.23990825688073394
                                                                            RT_BITMAP0x607cfc0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.23509174311926606
                                                                            RT_BITMAP0x608e040x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2371559633027523
                                                                            RT_BITMAP0x609f0c0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.23509174311926606
                                                                            RT_BITMAP0x60b0140x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.24885321100917432
                                                                            RT_BITMAP0x60c11c0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.25045871559633026
                                                                            RT_BITMAP0x60d2240x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2506880733944954
                                                                            RT_BITMAP0x60e32c0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2672018348623853
                                                                            RT_BITMAP0x60f4340x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.26559633027522933
                                                                            RT_BITMAP0x61053c0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2706422018348624
                                                                            RT_BITMAP0x6116440x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.24747706422018348
                                                                            RT_BITMAP0x61274c0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2543577981651376
                                                                            RT_BITMAP0x6138540x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2529816513761468
                                                                            RT_BITMAP0x61495c0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2467889908256881
                                                                            RT_BITMAP0x615a640x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.2536697247706422
                                                                            RT_BITMAP0x616b6c0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.25321100917431194
                                                                            RT_BITMAP0x617c740x110aDevice independent bitmap graphic, 36 x 40 x 24, image size 4322, resolution 2834 x 2834 px/mChineseChina0.1350298028427327
                                                                            RT_BITMAP0x618d800x110aDevice independent bitmap graphic, 36 x 40 x 24, image size 4322, resolution 2834 x 2834 px/mChineseChina0.1350298028427327
                                                                            RT_BITMAP0x619e8c0x110aDevice independent bitmap graphic, 36 x 40 x 24, image size 4322, resolution 2834 x 2834 px/mChineseChina0.14695093993580927
                                                                            RT_BITMAP0x61af980x110aDevice independent bitmap graphic, 36 x 40 x 24, image size 4322, resolution 2834 x 2834 px/mChineseChina0.14763869784502523
                                                                            RT_BITMAP0x61c0a40x110aDevice independent bitmap graphic, 36 x 40 x 24, image size 4322, resolution 2834 x 2834 px/mChineseChina0.14832645575424117
                                                                            RT_BITMAP0x61d1b00x110aDevice independent bitmap graphic, 36 x 40 x 24, image size 4322, resolution 2834 x 2834 px/mChineseChina0.14786795048143053
                                                                            RT_BITMAP0x61e2bc0x1108Device independent bitmap graphic, 36 x 40 x 24, image size 4320ChineseChina0.010091743119266056
                                                                            RT_BITMAP0x61f3c40xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                            RT_BITMAP0x61f47c0x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                            RT_ICON0x61f5c00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.30304878048780487
                                                                            RT_ICON0x61fc280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.40456989247311825
                                                                            RT_ICON0x61ff100x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5033783783783784
                                                                            RT_ICON0x6200380xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4005863539445629
                                                                            RT_ICON0x620ee00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.4232851985559567
                                                                            RT_ICON0x6217880x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.35621387283236994
                                                                            RT_ICON0x621cf00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.32479253112033196
                                                                            RT_ICON0x6242980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.37922138836772984
                                                                            RT_ICON0x6253400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6108156028368794
                                                                            RT_MENU0x6257a80x9feMatlab v4 mat-file (little endian) O, numeric, rows 4587536, columns 7077993, imaginaryChineseChina0.46442533229085226
                                                                            RT_MENU0x6261a80x372dataChineseChina0.4671201814058957
                                                                            RT_DIALOG0x62651c0x3f8dataEnglishUnited States0.4271653543307087
                                                                            RT_DIALOG0x6269140x140dataChineseChina0.55
                                                                            RT_DIALOG0x626a540x1c0dataChineseChina0.515625
                                                                            RT_DIALOG0x626c140x102dataChineseChina0.624031007751938
                                                                            RT_DIALOG0x626d180xd0dBase III DBT, next free block index 4294901761EnglishUnited States0.6586538461538461
                                                                            RT_DIALOG0x626de80x132dataChineseChina0.5784313725490197
                                                                            RT_DIALOG0x626f1c0x500dataChineseChina0.43828125
                                                                            RT_DIALOG0x62741c0x198dataEnglishUnited States0.5563725490196079
                                                                            RT_DIALOG0x6275b40x10cdataEnglishUnited States0.5970149253731343
                                                                            RT_DIALOG0x6276c00x148dataEnglishUnited States0.5914634146341463
                                                                            RT_DIALOG0x6278080x76dataEnglishUnited States0.8135593220338984
                                                                            RT_DIALOG0x6278800x2acdataChineseChina0.43128654970760233
                                                                            RT_DIALOG0x627b2c0x254dataChineseChina0.45302013422818793
                                                                            RT_DIALOG0x627d800x6cdataEnglishUnited States0.7592592592592593
                                                                            RT_DIALOG0x627dec0x40dataEnglishUnited States0.8125
                                                                            RT_DIALOG0x627e2c0x6cdataEnglishUnited States0.7592592592592593
                                                                            RT_DIALOG0x627e980xe8dataEnglishUnited States0.6336206896551724
                                                                            RT_DIALOG0x627f800x34dataEnglishUnited States0.9038461538461539
                                                                            RT_STRING0x627fb40xcadataEnglishUnited States0.5792079207920792
                                                                            RT_STRING0x6280800x4adataEnglishUnited States0.6216216216216216
                                                                            RT_STRING0x6280cc0x54dataEnglishUnited States0.6071428571428571
                                                                            RT_STRING0x6281200x328dataEnglishUnited States0.34405940594059403
                                                                            RT_STRING0x6284480x70dataEnglishUnited States0.625
                                                                            RT_STRING0x6284b80x106dataEnglishUnited States0.5763358778625954
                                                                            RT_STRING0x6285c00xdadataEnglishUnited States0.43119266055045874
                                                                            RT_STRING0x62869c0x46dataEnglishUnited States0.7428571428571429
                                                                            RT_STRING0x6286e40xc6dataEnglishUnited States0.41919191919191917
                                                                            RT_STRING0x6287ac0x1f8dataEnglishUnited States0.36706349206349204
                                                                            RT_STRING0x6289a40x86dataEnglishUnited States0.6567164179104478
                                                                            RT_STRING0x628a2c0x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                            RT_STRING0x628ab00x2adataEnglishUnited States0.5476190476190477
                                                                            RT_STRING0x628adc0x184dataEnglishUnited States0.48711340206185566
                                                                            RT_STRING0x628c600x4e6dataEnglishUnited States0.37719298245614036
                                                                            RT_STRING0x6291480x264dataEnglishUnited States0.3333333333333333
                                                                            RT_STRING0x6293ac0x2dadataEnglishUnited States0.3698630136986301
                                                                            RT_STRING0x6296880x8adataEnglishUnited States0.6594202898550725
                                                                            RT_STRING0x6297140xacdataEnglishUnited States0.45348837209302323
                                                                            RT_STRING0x6297c00xdedataEnglishUnited States0.536036036036036
                                                                            RT_STRING0x6298a00x4a8dataEnglishUnited States0.3221476510067114
                                                                            RT_STRING0x629d480x228dataEnglishUnited States0.4003623188405797
                                                                            RT_STRING0x629f700x2cdataEnglishUnited States0.5227272727272727
                                                                            RT_STRING0x629f9c0x42dataEnglishUnited States0.6060606060606061
                                                                            RT_ACCELERATOR0x629fe00x168dataEnglishUnited States0.5472222222222223
                                                                            RT_GROUP_CURSOR0x62a1480x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.25
                                                                            RT_GROUP_CURSOR0x62a15c0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                            RT_GROUP_CURSOR0x62a1800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a1940x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a1a80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a1bc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a1d00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a1e40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a1f80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a20c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a2200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a2340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a2480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a25c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a2700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x62a2840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_ICON0x62a2980x84dataEnglishUnited States0.6363636363636364
                                                                            RT_VERSION0x62a31c0x324dataEnglishUnited States0.43159203980099503
                                                                            RT_HTML0x62a6400x143HTML document, ASCII text, with CRLF line terminatorsChineseChina0.5913312693498453
                                                                            RT_MANIFEST0x62a7840x26eASCII text, with CRLF line terminatorsEnglishUnited States0.5176848874598071
                                                                            None0x62a9f40x12dataEnglishUnited States1.4444444444444444

                                                                            Imports

                                                                            DLLImport
                                                                            WININET.dllHttpOpenRequestW, HttpQueryInfoW, InternetConnectW, FtpCommandA, FtpFindFirstFileA, HttpEndRequestW, InternetWriteFile, HttpSendRequestExA, InternetQueryOptionW, HttpSendRequestA, InternetGetCookieA, InternetGetLastResponseInfoW, InternetConnectA, HttpQueryInfoA, InternetGetLastResponseInfoA, InternetCloseHandle, InternetSetOptionW, InternetOpenA, InternetCreateUrlA, InternetCrackUrlA, InternetCanonicalizeUrlA, InternetReadFile, InternetOpenUrlW, HttpOpenRequestA, InternetOpenW
                                                                            gdiplus.dllGdipGetImageWidth, GdipInvertMatrix, GdipCloneImage, GdipDeleteMatrix, GdipSaveImageToFile, GdipTransformMatrixPoints, GdipCreateHBITMAPFromBitmap, GdipGetImageEncoders, GdipRotateMatrix, GdipDisposeImage, GdipGetImageEncodersSize, GdipTranslateMatrix, GdipDrawImageI, GdipGetImageVerticalResolution, GdipSetWorldTransform, GdipSetClipRectI, GdipCreateMatrix, GdipCreateBitmapFromStream, GdipGetImageHeight, GdipScaleMatrix, GdipCloneBitmapAreaI, GdipGetImageHorizontalResolution, GdipCreateBitmapFromStreamICM, GdipFillEllipseI, GdipCreatePen1, GdipDrawLineI, GdipFillRectangleI, GdipSetCompositingQuality, GdipCreateFromHDC, GdipSetPageUnit, GdipAlloc, GdipCreateSolidFill, GdipSetSmoothingMode, GdipDeleteGraphics, GdipCloneBrush, GdipDeletePen, GdipFree, GdiplusShutdown, GdipDeleteBrush, GdipSetPenDashOffset, GdipSetPenLineJoin, GdipSetPixelOffsetMode, GdipCreatePath, GdipCloneFontFamily, GdipRestoreGraphics, GdipBitmapLockBits, GdipStringFormatGetGenericTypographic, GdipSetInterpolationMode, GdipGetCellAscent, GdipFillPath, GdipCreateFontFamilyFromName, GdipCreateRegion, GdipDeletePrivateFontCollection, GdipFillRectangle, GdipTranslateWorldTransform, GdipSetCompositingMode, GdipGetWorldTransform, GdipNewPrivateFontCollection, GdipDrawString, GdipCreateImageAttributes, GdipGetGenericFontFamilySansSerif, GdipClonePath, GdipDeleteRegion, GdipTransformPath, GdipGetClipBoundsI, GdipDeletePath, GdipCreateRegionPath, GdipCreateFont, GdipCreateMatrix2, GdipSaveGraphics, GdiplusStartup, GdipDisposeImageAttributes, GdipBitmapUnlockBits, GdipIsStyleAvailable, GdipSetClipRegion, GdipGetFontCollectionFamilyList, GdipCreatePath2, GdipSetImageAttributesColorMatrix, GdipDrawImageRectRectI, GdipGetEmHeight, GdipAddPathPath, GdipFillPolygon, GdipPrivateAddFontFile, GdipGetFamilyName, GdipDrawImagePointsRect, GdipSetTextRenderingHint, GdipSetPageScale, GdipDrawPath, GdipGetClip, GdipDeleteFont, GdipCreateBitmapFromScan0, GdipGetDpiY, GdipSetPenDashArray, GdipGetImageGraphicsContext, GdipDrawImageRectI, GdipGetFontCollectionFamilyCount, GdipGetMatrixElements, GdipTransformRegion, GdipCreateRegionRectI, GdipGetRegionBounds, GdipSetPenLineCap197819, GdipWidenPath, GdipCreatePen2, GdipDeleteFontFamily, GdipSetPenMiterLimit
                                                                            VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                            KERNEL32.dllWaitForMultipleObjects, QueryPerformanceCounter, SetThreadExecutionState, QueryPerformanceFrequency, GetSystemTime, GetTickCount, CreateFileA, GetFileSize, SetFilePointer, ReadFile, LocalFree, FormatMessageW, SetLastError, GetVersionExA, GetModuleHandleW, lstrcmpW, LoadLibraryA, CompareStringW, GlobalFindAtomW, FreeResource, GetModuleFileNameW, MoveFileW, GetThreadLocale, WriteFile, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, DuplicateHandle, GetVolumeInformationW, GetFullPathNameW, FileTimeToLocalFileTime, GetFileAttributesExW, LocalFileTimeToFileTime, SetFileTime, GetFileAttributesW, GetFileSizeEx, GetFileTime, InterlockedExchange, CompareStringA, LoadLibraryExW, lstrcmpA, EnumResourceLanguagesW, ConvertDefaultLocale, WritePrivateProfileStringW, ResetEvent, GlobalGetAtomNameW, RaiseException, LocalAlloc, TlsGetValue, GlobalReAlloc, GlobalHandle, TlsAlloc, TlsSetValue, LocalReAlloc, TlsFree, lstrlenA, GlobalFlags, SetErrorMode, GetSystemDirectoryW, GetStartupInfoW, HeapAlloc, HeapFree, UnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, GetDriveTypeW, HeapReAlloc, RtlUnwind, VirtualProtect, VirtualAlloc, HeapSize, GetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, VirtualFree, GetCPInfo, GetOEMCP, IsValidCodePage, GetConsoleCP, GetConsoleMode, LCMapStringW, InitializeCriticalSectionAndSpinCount, GetStringTypeA, GetStringTypeW, GetFileAttributesA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, GetFileInformationByHandle, PeekNamedPipe, GetCurrentDirectoryA, SetCurrentDirectoryA, GetTimeZoneInformation, LCMapStringA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateProcessA, GetProcessHeap, FreeEnvironmentStringsA, GetEnvironmentStrings, SetEnvironmentVariableA, GetDriveTypeA, GetFullPathNameA, GetLongPathNameW, AllocConsole, CreateProcessW, SetConsoleScreenBufferSize, GetConsoleScreenBufferInfo, GetVersion, InterlockedCompareExchange, CreateDirectoryA, FindFirstFileA, FindNextFileA, DeleteFileA, IsDBCSLeadByte, SetFileAttributesA, DeviceIoControl, lstrcpynW, GetWindowsDirectoryW, GetOverlappedResult, ReadDirectoryChangesW, ResumeThread, SuspendThread, GetCurrentProcessId, Module32NextW, GetCurrentThreadId, GetModuleHandleA, GetModuleFileNameA, GetSystemInfo, Module32FirstW, GlobalMemoryStatusEx, OpenThread, CreateFileW, Thread32Next, GetVersionExW, Thread32First, FormatMessageA, GetCurrentThread, SetEvent, SetUnhandledExceptionFilter, VirtualQuery, GetLocaleInfoA, GetThreadContext, GetLogicalDrives, GetShortPathNameW, GetTempPathW, GetExitCodeProcess, GetTempFileNameW, GetEnvironmentVariableW, GetUserDefaultUILanguage, GetTimeFormatW, GetLocaleInfoW, GetDateFormatW, DeleteCriticalSection, CreateEventW, EnterCriticalSection, GetPrivateProfileIntW, LeaveCriticalSection, InitializeCriticalSection, GetPrivateProfileStringW, GetSystemTimeAsFileTime, GetCommandLineW, GlobalAddAtomW, GlobalDeleteAtom, GlobalUnlock, WaitForSingleObject, GetProfileStringW, GlobalLock, InterlockedIncrement, MulDiv, InterlockedDecrement, FreeLibrary, GetProcAddress, LoadLibraryW, GetCurrentProcess, lstrcatW, lstrcpyW, QueryDosDeviceW, lstrcmpiW, GetLogicalDriveStringsW, GlobalFree, GlobalAlloc, TerminateProcess, OpenProcess, TerminateThread, GetACP, WideCharToMultiByte, SetFileAttributesW, CreateDirectoryW, FileTimeToSystemTime, lstrlenW, Sleep, SystemTimeToFileTime, GetLocalTime, FindClose, DeleteFileW, FindResourceW, LoadResource, LockResource, SizeofResource, FindNextFileW, FindFirstFileW, Process32NextW, Process32FirstW, GetLastError, CreateToolhelp32Snapshot, CreateThread, MultiByteToWideChar, CloseHandle, MoveFileA
                                                                            USER32.dllSetWindowTextW, IsWindowEnabled, GetWindowThreadProcessId, CharUpperW, GetNextDlgTabItem, CreateDialogIndirectParamW, GetActiveWindow, GetDesktopWindow, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, MapDialogRect, SetWindowContextHelpId, RegisterClipboardFormatW, ValidateRect, TranslateMessage, GetMessageW, ShowOwnedPopups, LoadMenuW, TranslateAcceleratorW, BringWindowToTop, SetRectEmpty, InsertMenuItemW, LoadAcceleratorsW, InflateRect, GetSysColorBrush, GetMenuItemInfoW, UnregisterClassW, CharNextW, CopyAcceleratorTableW, IsRectEmpty, SetRect, InvalidateRgn, PostThreadMessageW, MonitorFromWindow, OemToCharA, CharToOemA, CharLowerA, CharUpperA, CharToOemBuffW, OemToCharBuffA, GetClassInfoW, RegisterClassW, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetDlgCtrlID, CopyRect, PtInRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindow, GetMenuState, GetMenuItemCount, GetSubMenu, IsCharAlphaNumericW, wsprintfA, GetMonitorInfoW, MonitorFromRect, FindWindowExW, LoadImageW, GetNextDlgGroupItem, ClientToScreen, SetWindowRgn, DrawFocusRect, OffsetRect, DrawEdge, WindowFromPoint, HideCaret, ShowCaret, SetClassLongW, PostQuitMessage, IsZoomed, IsDialogMessageW, TrackMouseEvent, IsCharUpperW, CharLowerW, GetForegroundWindow, GetScrollInfo, LoadBitmapW, ShowScrollBar, GetCursor, IsWindowVisible, UnregisterHotKey, SetScrollInfo, GetScrollPos, DialogBoxIndirectParamW, DialogBoxParamW, EndDialog, SendDlgItemMessageW, CheckDlgButton, IsDlgButtonChecked, CheckRadioButton, SetDlgItemTextW, SetActiveWindow, CloseClipboard, SetCapture, GetCapture, EmptyClipboard, OpenClipboard, ReleaseCapture, SetClipboardData, PostMessageW, ReuseDDElParam, MessageBeep, UnpackDDElParam, GetDlgItem, EndPaint, SetCursor, ScreenToClient, DrawTextW, BeginPaint, GetDC, ReleaseDC, GetSysColor, SetWindowPos, GetCursorPos, DrawFrameControl, GetMenuItemID, GetParent, ModifyMenuW, CheckMenuRadioItem, SetMenu, InsertMenuW, CheckMenuItem, GetMenu, DrawIcon, GetSystemMetrics, IsIconic, FillRect, wsprintfW, MoveWindow, SetParent, IsWindow, FindWindowW, DestroyWindow, GetWindowRect, TrackPopupMenu, SetForegroundWindow, CreateMenu, SetFocus, GetWindowLongW, AppendMenuW, EnableMenuItem, SetWindowLongW, RedrawWindow, CreatePopupMenu, RemoveMenu, MapWindowPoints, DestroyMenu, SetMenuItemInfoW, CallWindowProcW, GetMessagePos, RegisterClassExW, LoadIconW, CreateWindowExW, UpdateWindow, DefWindowProcW, EnableWindow, InvalidateRect, KillTimer, GetFocus, SetTimer, RegisterHotKey, ShowWindow, SystemParametersInfoW, GetWindowDC, GrayStringW, DrawTextExW, TabbedTextOutW, RegisterWindowMessageW, SendDlgItemMessageA, WinHelpW, IsChild, SetWindowsHookExW, CallNextHookEx, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, SendMessageW, LoadCursorW, GetClientRect, GetWindowTextLengthW, GetWindowTextW, GetLastActivePopup, DispatchMessageW, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, PeekMessageW, GetKeyState, GetClassInfoExW, MessageBoxW
                                                                            GDI32.dllGetObjectW, BitBlt, GetPixel, CreateRectRgn, CombineRgn, CreateDIBitmap, GetClipBox, SaveDC, RestoreDC, GetViewportExtEx, GetWindowExtEx, PtVisible, RectVisible, TextOutW, ExtTextOutW, Escape, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, CreateCompatibleBitmap, ScaleWindowExtEx, LineTo, ExtSelectClipRgn, CreatePatternBrush, CreateBitmap, CreateRectRgnIndirect, GetMapMode, GetBkColor, GetTextColor, GetRgnBox, Rectangle, StretchBlt, GetDIBits, SelectClipRgn, SetDIBits, CreateCompatibleDC, ExcludeClipRect, SetWorldTransform, SetGraphicsMode, SetStretchBltMode, CreateRoundRectRgn, CreatePen, RoundRect, GetStockObject, EndPage, StartPage, DeleteDC, CreateDCW, SetMapMode, StartDocW, EndDoc, AbortDoc, SetTextColor, CreateFontIndirectW, GetDeviceCaps, SetBkColor, SetBkMode, SelectObject, CreateSolidBrush, DeleteObject, GetTextExtentPoint32W, CreateFontW, SetWindowExtEx, FloodFill, MoveToEx
                                                                            MSIMG32.dllAlphaBlend
                                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW, CommDlgExtendedError, PrintDlgExW, GetFileTitleW
                                                                            WINSPOOL.DRVDocumentPropertiesW, OpenPrinterW, ClosePrinter
                                                                            ADVAPI32.dllRegOpenKeyExW, SetFileSecurityA, SetFileSecurityW, RegQueryValueExW, RegDeleteValueW, RegQueryValueExA, RegSetKeySecurity, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCloseKey, RegQueryValueW, RegDeleteKeyW, RegOpenKeyW, RegEnumKeyW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, RegSetValueExW, RegCreateKeyExW
                                                                            SHELL32.dllSHGetFileInfoW, SHChangeNotify, SHAddToRecentDocs, DragQueryFileW, DragFinish, SHGetFolderPathW, SHGetDesktopFolder, ShellExecuteExW, SHBindToParent, DragAcceptFiles, SHGetSpecialFolderPathW, ShellExecuteW
                                                                            COMCTL32.dllInitCommonControlsEx, CreatePropertySheetPageW, _TrackMouseEvent, ImageList_Draw
                                                                            SHLWAPI.dllStrStrW, StrRStrIW, StrStrIW, PathStripToRootW, PathIsUNCW, PathFindFileNameW, PathFindExtensionW, SHDeleteKeyW, PathAppendW, SHSetValueW, PathIsRelativeW
                                                                            oledlg.dllOleUIBusyW
                                                                            ole32.dllCoSetProxyBlanket, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromProgID, CLSIDFromString, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoRegisterMessageFilter, CreateStreamOnHGlobal, CoCreateGuid, CoUninitialize, CoCreateInstance, CoInitialize
                                                                            OLEAUT32.dllSysStringLen, VariantClear, VariantInit, SysAllocString, SysAllocStringLen, VariantChangeType, VariantCopy, DispCallFunc, LoadRegTypeLib, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetElemsize, SafeArrayCreate, SafeArrayDestroy, VariantTimeToSystemTime, SystemTimeToVariantTime, OleCreateFontIndirect, SysFreeString
                                                                            PSAPI.DLLEnumProcesses, GetProcessImageFileNameW
                                                                            WS2_32.dllclosesocket, recv, gethostname, gethostbyname, WSAStartup, socket, htons, bind, listen, WSAGetLastError, accept, send, connect

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            ChineseChina
                                                                            EnglishUnited States

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Oct 21, 2024 10:36:43.737109900 CEST4973380192.168.2.4163.171.156.15
                                                                            Oct 21, 2024 10:36:43.742259026 CEST8049733163.171.156.15192.168.2.4
                                                                            Oct 21, 2024 10:36:43.742351055 CEST4973380192.168.2.4163.171.156.15
                                                                            Oct 21, 2024 10:36:43.743783951 CEST4973380192.168.2.4163.171.156.15
                                                                            Oct 21, 2024 10:36:43.748632908 CEST8049733163.171.156.15192.168.2.4
                                                                            Oct 21, 2024 10:36:44.580391884 CEST8049733163.171.156.15192.168.2.4
                                                                            Oct 21, 2024 10:36:44.580413103 CEST8049733163.171.156.15192.168.2.4
                                                                            Oct 21, 2024 10:36:44.580507040 CEST4973380192.168.2.4163.171.156.15
                                                                            Oct 21, 2024 10:37:44.700659990 CEST8049733163.171.156.15192.168.2.4
                                                                            Oct 21, 2024 10:37:44.700798988 CEST4973380192.168.2.4163.171.156.15
                                                                            Oct 21, 2024 10:38:32.296247005 CEST4973380192.168.2.4163.171.156.15
                                                                            Oct 21, 2024 10:38:32.301341057 CEST8049733163.171.156.15192.168.2.4

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Oct 21, 2024 10:36:42.323470116 CEST5557753192.168.2.41.1.1.1
                                                                            Oct 21, 2024 10:36:43.311660051 CEST5557753192.168.2.41.1.1.1
                                                                            Oct 21, 2024 10:36:43.716856956 CEST53555771.1.1.1192.168.2.4
                                                                            Oct 21, 2024 10:36:43.716873884 CEST53555771.1.1.1192.168.2.4

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Oct 21, 2024 10:36:42.323470116 CEST192.168.2.41.1.1.10xe3b4Standard query (0)www.drm-x.comA (IP address)IN (0x0001)false
                                                                            Oct 21, 2024 10:36:43.311660051 CEST192.168.2.41.1.1.10xe3b4Standard query (0)www.drm-x.comA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Oct 21, 2024 10:36:43.716856956 CEST1.1.1.1192.168.2.40xe3b4No error (0)www.drm-x.comwww.drm-x.com.wswebpic.comCNAME (Canonical name)IN (0x0001)false
                                                                            Oct 21, 2024 10:36:43.716856956 CEST1.1.1.1192.168.2.40xe3b4No error (0)www.drm-x.com.wswebpic.com163.171.156.15A (IP address)IN (0x0001)false
                                                                            Oct 21, 2024 10:36:43.716856956 CEST1.1.1.1192.168.2.40xe3b4No error (0)www.drm-x.com.wswebpic.com163.171.128.241A (IP address)IN (0x0001)false
                                                                            Oct 21, 2024 10:36:43.716873884 CEST1.1.1.1192.168.2.40xe3b4No error (0)www.drm-x.comwww.drm-x.com.wswebpic.comCNAME (Canonical name)IN (0x0001)false
                                                                            Oct 21, 2024 10:36:43.716873884 CEST1.1.1.1192.168.2.40xe3b4No error (0)www.drm-x.com.wswebpic.com163.171.156.15A (IP address)IN (0x0001)false
                                                                            Oct 21, 2024 10:36:43.716873884 CEST1.1.1.1192.168.2.40xe3b4No error (0)www.drm-x.com.wswebpic.com163.171.128.241A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • www.drm-x.com

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.449733163.171.156.15807372C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 21, 2024 10:36:43.743783951 CEST132OUTGET /pdfversion.htm HTTP/1.1
                                                                            Accept: */*
                                                                            User-Agent: HDM
                                                                            Host: www.drm-x.com
                                                                            Connection: Keep-Alive
                                                                            Cache-Control: no-cache
                                                                            Oct 21, 2024 10:36:44.580391884 CEST666INHTTP/1.1 200 OK
                                                                            Date: Mon, 21 Oct 2024 08:36:44 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: keep-alive
                                                                            Last-Modified: Thu, 05 Feb 2015 14:26:47 GMT
                                                                            ETag: "802dc5c54f41d01:0"
                                                                            Server: Microsoft-IIS/10.0
                                                                            X-Powered-By: ASP.NET
                                                                            Age: 6561
                                                                            X-Via: 1.1 luoshan64:9 (Cdn Cache Server V2.0), 1.1 PS-FRA-01seK96:4 (Cdn Cache Server V2.0)
                                                                            x-ws-request-id: 6716129c_PS-FRA-01IuY95_6483-32137
                                                                            Cache-Control: no-store
                                                                            Set-Cookie: FECN=acdab0906846a37705203ef438f9a016625b91be698acfb5a4f4ebf4164f8a1a9bba5da1667a9d30a12717e0faa77390fb876e626132ea8a958e2de4bee4256ba230c5dece333b509014df2dec666a82d4; Expires=Thu, 19-Oct-34 08:36:44 GMT; Path=/
                                                                            Oct 21, 2024 10:36:44.580413103 CEST17INData Raw: 37 0d 0a 31 2e 35 2e 32 2e 30 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 71.5.2.00


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:04:36:40
                                                                            Start date:21/10/2024
                                                                            Path:C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe"
                                                                            Imagebase:0x400000
                                                                            File size:6'365'288 bytes
                                                                            MD5 hash:4864A55CFF27F686023456A22371E790
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:false

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:2.5%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:11.9%
                                                                              Total number of Nodes:1474
                                                                              Total number of Limit Nodes:23
                                                                              execution_graph 70444 415650 SendMessageW 70445 414900 70448 4767ef 70445->70448 70447 414918 70449 476807 70448->70449 70454 4736e0 70449->70454 70462 481077 70454->70462 70456 4736ef 70457 473712 FindResourceW LoadResource 70456->70457 70473 480b6e 8 API calls 3 library calls 70456->70473 70459 4767b0 LockResource 70457->70459 70509 476783 70459->70509 70463 481083 __EH_prolog3 70462->70463 70465 4810d1 70463->70465 70474 480da8 TlsAlloc 70463->70474 70478 480c90 EnterCriticalSection 70463->70478 70500 46bc18 2 API calls 4 library calls 70463->70500 70493 480b02 EnterCriticalSection 70465->70493 70470 4810e4 70501 480e4f 78 API calls 6 library calls 70470->70501 70471 4810f7 std::locale::_Locimp::_Locimp 70471->70456 70473->70456 70475 480dd9 InitializeCriticalSection 70474->70475 70476 480dd4 70474->70476 70475->70463 70502 46bbe0 2 API calls 4 library calls 70476->70502 70479 480cb3 70478->70479 70481 480cec 70479->70481 70482 480d01 GlobalHandle GlobalUnlock 70479->70482 70491 480d72 _memset 70479->70491 70480 480d89 LeaveCriticalSection 70480->70463 70503 46bd88 70481->70503 70483 46bd88 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71 API calls 70482->70483 70485 480d1f GlobalReAlloc 70483->70485 70487 480d2b 70485->70487 70488 480d52 GlobalLock 70487->70488 70489 480d44 LeaveCriticalSection 70487->70489 70490 480d36 GlobalHandle GlobalLock 70487->70490 70488->70491 70507 46bbe0 2 API calls 4 library calls 70489->70507 70490->70489 70491->70480 70494 480b1d 70493->70494 70495 480b44 LeaveCriticalSection 70493->70495 70494->70495 70496 480b22 TlsGetValue 70494->70496 70497 480b4d 70495->70497 70496->70495 70498 480b2e 70496->70498 70497->70470 70497->70471 70498->70495 70499 480b33 LeaveCriticalSection 70498->70499 70499->70497 70500->70463 70501->70471 70502->70475 70504 46bd9d Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70503->70504 70505 46bdaa GlobalAlloc 70504->70505 70508 4136a0 71 API calls _DebugHeapAllocator 70504->70508 70505->70487 70507->70488 70508->70505 70510 476797 70509->70510 70511 476792 70509->70511 70515 4763fc 70510->70515 70549 46d506 100 API calls 70511->70549 70514 4767ab FreeResource 70514->70447 70516 476408 __EH_prolog3_catch 70515->70516 70517 476419 70516->70517 70518 4736e0 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 100 API calls 70516->70518 70519 4736e0 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 100 API calls 70517->70519 70518->70517 70520 476424 70519->70520 70550 471797 70520->70550 70523 471797 114 API calls 70524 476441 70523->70524 70595 46f16d 70524->70595 70529 47645c std::locale::_Locimp::_Locimp 70529->70514 70532 4764e8 70617 470801 70532->70617 70535 4764b2 70627 48411b 79 API calls DName::DName 70535->70627 70539 4764c1 70628 483e49 GlobalFree 70539->70628 70541 476522 _DebugHeapAllocator 70629 46eb21 101 API calls 2 library calls 70541->70629 70542 4764d8 70542->70532 70544 4764dd GlobalLock 70542->70544 70544->70532 70545 476570 70546 476591 70545->70546 70547 476588 DestroyWindow 70545->70547 70546->70529 70548 476596 GlobalUnlock GlobalFree 70546->70548 70547->70546 70548->70529 70549->70510 70551 4736e0 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 100 API calls 70550->70551 70552 4717a4 _memset 70551->70552 70553 4736e0 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 100 API calls 70552->70553 70593 4717b1 70552->70593 70554 4717dc 70553->70554 70555 47180d 70554->70555 70637 471494 106 API calls 4 library calls 70554->70637 70557 47182f 70555->70557 70638 471494 106 API calls 4 library calls 70555->70638 70559 471856 70557->70559 70639 471494 106 API calls 4 library calls 70557->70639 70561 47187c 70559->70561 70563 471753 108 API calls 70559->70563 70562 4718a9 70561->70562 70630 471753 70561->70630 70565 4718ca 70562->70565 70640 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70562->70640 70563->70561 70567 4718eb 70565->70567 70641 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70565->70641 70568 471908 70567->70568 70642 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70567->70642 70571 471921 70568->70571 70643 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70568->70643 70573 47193e 70571->70573 70644 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70571->70644 70575 47195b 70573->70575 70645 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70573->70645 70576 471978 70575->70576 70646 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70575->70646 70579 471995 70576->70579 70647 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70576->70647 70581 4719b2 70579->70581 70648 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70579->70648 70583 4719cb 70581->70583 70649 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70581->70649 70584 4719e4 70583->70584 70650 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70583->70650 70587 471a01 70584->70587 70651 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70584->70651 70589 471a1e 70587->70589 70652 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70587->70652 70594 471a37 70589->70594 70653 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70589->70653 70593->70523 70594->70593 70654 46f114 106 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 70594->70654 70596 4736e0 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 100 API calls 70595->70596 70597 46f188 70596->70597 70599 46f1f6 70597->70599 70600 46f19c _memset 70597->70600 70664 46bc18 2 API calls 4 library calls 70597->70664 70656 48fa8e 70599->70656 70602 46f1af GetVersionExW 70600->70602 70602->70597 70604 46f1cd 70602->70604 70603 46f207 70603->70529 70609 405cf0 70603->70609 70605 4736e0 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 100 API calls 70604->70605 70608 46f1e6 70604->70608 70606 46f1db 70605->70606 70665 46e894 105 API calls 3 library calls 70606->70665 70608->70599 70610 405cfc 70609->70610 70667 40a970 70610->70667 70612 405d05 70613 4841fb 70612->70613 70615 48420a 70613->70615 70614 476499 70614->70532 70626 4841bf 72 API calls _DebugHeapAllocator 70614->70626 70615->70614 70672 412db0 71 API calls _DebugHeapAllocator 70615->70672 70618 481077 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 94 API calls 70617->70618 70619 470817 70618->70619 70620 470822 70619->70620 70673 46bc18 2 API calls 4 library calls 70619->70673 70622 470852 CreateDialogIndirectParamW 70620->70622 70623 470830 GetCurrentThreadId SetWindowsHookExW 70620->70623 70622->70541 70623->70622 70624 47084d 70623->70624 70674 46bbe0 2 API calls 4 library calls 70624->70674 70626->70535 70627->70539 70628->70542 70629->70545 70631 4736e0 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 100 API calls 70630->70631 70632 471768 LoadIconW 70631->70632 70633 471780 LoadIconW 70632->70633 70634 47178b 70632->70634 70633->70634 70655 471494 106 API calls 4 library calls 70634->70655 70636 471791 70636->70562 70637->70555 70638->70557 70639->70559 70640->70565 70641->70567 70642->70568 70643->70571 70644->70573 70645->70575 70646->70576 70647->70579 70648->70581 70649->70583 70650->70584 70651->70587 70652->70589 70653->70594 70654->70593 70655->70636 70657 48fa98 IsDebuggerPresent 70656->70657 70658 48fa96 70656->70658 70666 49b6cf 70657->70666 70658->70603 70661 49a4da SetUnhandledExceptionFilter UnhandledExceptionFilter 70662 49a4ff GetCurrentProcess TerminateProcess 70661->70662 70663 49a4f7 __invoke_watson 70661->70663 70662->70603 70663->70662 70664->70597 70665->70608 70666->70661 70668 40a979 70667->70668 70670 40a999 _DebugHeapAllocator 70668->70670 70671 4136a0 71 API calls _DebugHeapAllocator 70668->70671 70670->70612 70671->70668 70672->70614 70673->70620 70674->70622 70675 414980 KiUserCallbackDispatcher 70676 4149a0 70679 46b924 70676->70679 70682 46b92c 70679->70682 70681 4149ac 70682->70681 70683 48fe54 70682->70683 70684 48fe66 70683->70684 70685 48ff07 70683->70685 70687 48fe77 70684->70687 70693 48feff 70684->70693 70694 48fec3 RtlAllocateHeap 70684->70694 70696 48fef3 70684->70696 70699 48fef8 70684->70699 70704 48fe05 67 API calls 4 library calls 70684->70704 70705 49b3f4 6 API calls __decode_pointer 70684->70705 70708 49b3f4 6 API calls __decode_pointer 70685->70708 70687->70684 70701 4995f1 67 API calls 2 library calls 70687->70701 70702 499446 67 API calls 7 library calls 70687->70702 70703 493f79 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 70687->70703 70688 48ff0d 70709 497f0b 67 API calls __getptd_noexit 70688->70709 70693->70682 70694->70684 70706 497f0b 67 API calls __getptd_noexit 70696->70706 70707 497f0b 67 API calls __getptd_noexit 70699->70707 70701->70687 70702->70687 70704->70684 70705->70684 70706->70699 70707->70693 70708->70688 70709->70693 70710 41a5b0 70711 41a5c3 codecvt 70710->70711 70712 41a5cd 70711->70712 70713 41a5f2 70711->70713 70714 41a5d8 70711->70714 70713->70712 70716 41a601 SetTimer 70713->70716 70717 642830 70714->70717 70716->70712 70718 642842 70717->70718 70770 64285f 70717->70770 70719 64284b 70718->70719 70866 641e40 726 API calls 4 library calls 70718->70866 70771 63a0f0 GetParent 70719->70771 70722 642872 70723 64287e DefWindowProcW 70722->70723 70724 642899 70722->70724 70723->70770 70725 6428d9 70724->70725 70726 6428b5 70724->70726 70727 642b49 70724->70727 70728 642ba2 70725->70728 70729 642994 70725->70729 70730 6429c6 70725->70730 70731 642930 70725->70731 70732 642902 70725->70732 70733 642962 70725->70733 70734 642aac 70725->70734 70735 6429f8 70725->70735 70736 642b88 70725->70736 70737 642919 70725->70737 70738 642a4a 70725->70738 70739 642a7b 70725->70739 70726->70725 70726->70728 70746 642b13 70726->70746 70747 642b6d IsIconic 70726->70747 70748 642b5f 70726->70748 70761 642add 70726->70761 70879 640eb0 741 API calls 70727->70879 70858 419d30 70728->70858 70871 63c3b0 79 API calls _Smanip 70729->70871 70872 641a50 739 API calls 2 library calls 70730->70872 70869 63ea70 85 API calls 3 library calls 70731->70869 70867 63b5f0 GetScrollInfo SetScrollInfo GetScrollInfo 70732->70867 70870 63dbb0 245 API calls _Smanip 70733->70870 70876 641860 752 API calls HandleT 70734->70876 70759 642a07 SetTimer 70735->70759 70735->70770 70881 63ed10 84 API calls _Smanip 70736->70881 70868 63b4b0 GetScrollInfo SetScrollInfo GetScrollInfo 70737->70868 70874 63b770 SetCapture GetCursor SetCursor SetFocus SetFocus 70738->70874 70875 63ada0 5 API calls _Smanip 70739->70875 70773 63bb10 70746->70773 70757 642b7e 70747->70757 70747->70770 70818 63fab0 BeginPaint 70748->70818 70880 637550 91 API calls 2 library calls 70757->70880 70873 639c00 SetCursor _Smanip 70759->70873 70764 642aec 70761->70764 70765 642afe 70761->70765 70877 650840 99 API calls 4 library calls 70764->70877 70878 650f70 730 API calls codecvt 70765->70878 70766 642b31 DefWindowProcW 70766->70770 70767 64295a 70767->70770 70770->70712 70772 63a10c codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 70771->70772 70772->70722 70774 63bb3f 70773->70774 70775 63bbb7 70774->70775 70776 63bb46 GetCursorPos 70774->70776 70778 63bbc6 70775->70778 70779 63bbd5 70775->70779 70776->70775 70777 63bb54 ScreenToClient 70776->70777 70777->70775 70789 63bb66 70777->70789 70883 636710 SendMessageW _memset 70778->70883 70781 63bbe1 70779->70781 70782 63bbe9 70779->70782 70884 636710 SendMessageW _memset 70781->70884 70785 63bc12 SetCursor 70782->70785 70786 63bc40 SetCursor 70782->70786 70787 63bc5b GetCursor 70782->70787 70788 63bc29 SetCursor 70782->70788 70808 63bdf6 70782->70808 70783 63bbce 70783->70808 70785->70808 70786->70808 70791 63bc69 GetCursorPos 70787->70791 70792 63bdfd 70787->70792 70788->70808 70789->70775 70790 63bb90 70789->70790 70882 6367c0 72 API calls 2 library calls 70790->70882 70791->70792 70795 63bc7b ScreenToClient 70791->70795 70892 636710 SendMessageW _memset 70792->70892 70795->70792 70797 63bc91 _Smanip 70795->70797 70796 63bba0 SetCursor 70796->70808 70885 61a4a0 68 API calls 70797->70885 70799 63bcb4 70800 63bdb8 70799->70800 70805 63bcc1 _DebugHeapAllocator 70799->70805 70890 636710 SendMessageW _memset 70800->70890 70802 63bdc0 70891 61a420 68 API calls 70802->70891 70804 63bdd3 70806 63bdda SetCursor 70804->70806 70807 63bde9 SetCursor 70804->70807 70886 619d70 68 API calls 70805->70886 70806->70808 70807->70808 70808->70766 70808->70770 70810 63bd1a Concurrency::details::ContextBase::GetWorkQueueIdentity 70887 6367c0 72 API calls 2 library calls 70810->70887 70812 63bd2f 70813 63bda7 70812->70813 70814 63bd7f SetCursor 70812->70814 70889 424740 67 API calls __GetLocaleForCP 70813->70889 70888 424740 67 API calls __GetLocaleForCP 70814->70888 70817 63bdb6 70817->70802 70819 63fadc 70818->70819 70820 63fb6a 70819->70820 70822 63fae7 70819->70822 70823 63fc33 70820->70823 70824 63fb7d 70820->70824 70821 63fb38 70963 6457b0 106 API calls 70821->70963 70822->70821 70831 63fb0e 70822->70831 70826 63fc45 70823->70826 70827 63fc4d FillRect 70823->70827 70965 418aa0 70824->70965 70829 63fc64 FillRect 70826->70829 70836 63fc4b 70826->70836 70830 63fcac EndPaint 70827->70830 70828 63fb90 Concurrency::details::ContextBase::GetWorkQueueIdentity 70968 4197c0 SelectObject 70828->70968 70829->70830 70832 48fa8e DName::DName 5 API calls 70830->70832 70893 644d70 CreatePen CreatePen CreatePen 70831->70893 70834 63fcc7 70832->70834 70834->70770 70835 63fb33 70964 60aa80 BitBlt 70835->70964 70988 63f320 136 API calls 5 library calls 70836->70988 70840 63fba5 SetBkMode FillRect 70969 637fa0 70840->70969 70842 63fc97 70989 60aa80 BitBlt 70842->70989 70847 63fbdf Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 70980 415880 70847->70980 70851 63fc16 70985 424740 67 API calls __GetLocaleForCP 70851->70985 70853 63fc21 70986 4197f0 SelectObject 70853->70986 70855 63fc29 70987 418ad0 DeleteObject 70855->70987 70857 63fb65 70857->70830 70859 419d63 Concurrency::details::ContextBase::GetWorkQueueIdentity 70858->70859 70860 419d67 DefWindowProcW 70859->70860 71132 419420 EnterCriticalSection 70859->71132 70860->70770 70862 419d78 codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 70863 419dea 70862->70863 71133 413f20 __VEC_memcpy _memset _memmove_s 70862->71133 71134 419450 LeaveCriticalSection 70863->71134 70866->70719 70867->70770 70868->70770 70869->70767 70870->70770 70871->70770 70872->70767 70873->70767 70874->70770 70875->70770 70876->70770 70877->70767 70878->70770 70879->70767 70880->70770 70881->70767 70882->70796 70883->70783 70884->70782 70885->70799 70886->70810 70887->70812 70888->70783 70889->70817 70890->70802 70891->70804 70892->70808 70894 418aa0 8 API calls 70893->70894 70895 644de2 70894->70895 70896 418aa0 8 API calls 70895->70896 70897 644dfc Concurrency::details::ContextBase::GetWorkQueueIdentity 70896->70897 70898 644e08 SelectObject 70897->70898 70899 415880 GetClientRect 70898->70899 70900 644e28 70899->70900 70990 415bf0 70900->70990 70903 644e6d 70993 643f60 70903->70993 70905 644e83 _Smanip 70906 644eab SelectObject SetBkMode SetTextColor 70905->70906 70907 415bf0 68 API calls 70906->70907 70908 644f05 FillRect 70907->70908 71014 418ba0 70908->71014 70910 644f21 _Smanip Concurrency::details::ContextBase::GetWorkQueueIdentity 70911 644fef SelectObject 70910->70911 70912 637fa0 76 API calls 70911->70912 70913 645004 numpunct 70912->70913 70914 645017 GetTextExtentPoint32W 70913->70914 70915 64504e 70914->70915 70916 415bf0 68 API calls 70915->70916 70917 64508c DrawTextW 70916->70917 71021 405ff0 70917->71021 70919 6450a5 SelectObject GetStockObject SelectObject 71022 423230 67 API calls 2 library calls 70919->71022 70921 645575 SetTextColor SelectObject 70924 6455de 70921->70924 70926 637fa0 76 API calls 70924->70926 70925 645141 70925->70921 71028 418140 67 API calls 2 library calls 70925->71028 70927 6455e8 numpunct 70926->70927 70928 6455fb GetTextExtentPoint32W 70927->70928 70929 64563a 70928->70929 70930 415bf0 68 API calls 70929->70930 70931 645675 DrawTextW 70930->70931 70933 6456a2 70931->70933 70932 6450d1 HandleT codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 70932->70925 70934 64523b CreateRoundRectRgn SelectClipRgn 70932->70934 71023 644960 153 API calls 4 library calls 70932->71023 71029 60ab60 MoveToEx LineTo 70933->71029 70939 645299 70934->70939 70937 64522d 70937->70934 70938 645343 RoundRect 70937->70938 70941 64538d HandleT 70938->70941 70940 6452da 70939->70940 71024 418a00 71 API calls 70939->71024 71025 4187d0 6 API calls 70940->71025 70946 415bf0 68 API calls 70941->70946 70944 6456ac 71030 418cc0 69 API calls HandleT 70944->71030 70949 64540f 70946->70949 70947 645314 70950 64532a SelectClipRgn DeleteObject 70947->70950 71026 418a00 71 API calls 70947->71026 70948 645746 SelectObject DeleteObject DeleteObject DeleteObject 71031 418ad0 DeleteObject 70948->71031 70954 645420 DrawTextW SHGetFileInfoW 70949->70954 70950->70938 70953 645781 71032 418ad0 DeleteObject 70953->71032 70956 645461 HandleT 70954->70956 70958 645497 ImageList_Draw 70956->70958 70957 645790 70959 48fa8e DName::DName 5 API calls 70957->70959 70961 64550b 70958->70961 70960 6457a9 70959->70960 70960->70835 71027 418cc0 69 API calls HandleT 70961->71027 70963->70835 70964->70857 71081 60afc0 70965->71081 70968->70840 70970 637faf 70969->70970 70976 637fe0 70969->70976 71092 493b45 70970->71092 70975 637fec 70978 637fcc 70975->70978 71101 4156b0 69 API calls HandleT 70975->71101 71100 637ef0 67 API calls HandleT 70976->71100 70979 60a3a0 103 API calls 70978->70979 70979->70847 71131 42a950 70980->71131 70982 415891 GetClientRect 70983 4158a3 70982->70983 70984 60b630 70 API calls 70983->70984 70984->70851 70985->70853 70986->70855 70987->70857 70988->70842 70989->70830 71033 415d00 70990->71033 70992 415c05 FillRect SelectObject SelectObject 70992->70903 70994 643f6e std::_Iterator_base::_Iterator_base 70993->70994 70995 418aa0 8 API calls 70994->70995 70996 643f81 70995->70996 70997 418aa0 8 API calls 70996->70997 70998 643f94 Concurrency::details::ContextBase::GetWorkQueueIdentity 70997->70998 70999 643f9c SelectObject 70998->70999 71056 4129d0 70999->71056 71001 643fbe GetTextExtentPoint32W 71058 405ff0 71001->71058 71003 643fe7 SelectObject 71004 4129d0 numpunct 71003->71004 71005 644006 GetTextExtentPoint32W 71004->71005 71006 4129d0 numpunct 71005->71006 71007 644032 GetTextExtentPoint32W 71006->71007 71008 64404c SelectObject 71007->71008 71059 418ad0 DeleteObject 71008->71059 71011 644091 71060 418ad0 DeleteObject 71011->71060 71013 644099 71013->70905 71015 46b924 _Allocate 67 API calls 71014->71015 71016 418bcf 71015->71016 71017 418bee codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 71016->71017 71064 41a8c0 69 API calls 2 library calls 71016->71064 71061 418ce0 71017->71061 71021->70919 71022->70932 71023->70937 71024->70940 71025->70947 71026->70950 71027->70925 71028->70921 71029->70944 71030->70948 71031->70953 71032->70957 71042 494530 71033->71042 71035 415d1e HandleT 71036 494530 __floor_pentium4 68 API calls 71035->71036 71037 415d3e HandleT 71036->71037 71038 494530 __floor_pentium4 68 API calls 71037->71038 71039 415d5e HandleT 71038->71039 71040 494530 __floor_pentium4 68 API calls 71039->71040 71041 415d7d HandleT 71040->71041 71041->70992 71043 49453d 71042->71043 71046 4a25b4 __ctrlfp __floor_pentium4 71042->71046 71044 49456e 71043->71044 71043->71046 71051 4945b8 71044->71051 71053 4a22f0 67 API calls 2 library calls 71044->71053 71045 4a2621 __floor_pentium4 71050 4a260e __ctrlfp 71045->71050 71055 4a61eb 68 API calls 7 library calls 71045->71055 71046->71045 71049 4a25fe 71046->71049 71046->71050 71054 4a6135 67 API calls 3 library calls 71049->71054 71050->71035 71051->71035 71053->71051 71054->71050 71055->71050 71057 4129dc _wcslen 71056->71057 71057->71001 71058->71003 71059->71011 71060->71013 71065 493c50 71061->71065 71063 418c4f 71063->70910 71064->71017 71066 493c8e 71065->71066 71067 493c67 71065->71067 71075 493cb6 _swap_c 71066->71075 71079 497f0b 67 API calls __getptd_noexit 71066->71079 71067->71066 71068 493c6b 71067->71068 71077 497f0b 67 API calls __getptd_noexit 71068->71077 71071 493ca1 71080 491b77 6 API calls 2 library calls 71071->71080 71072 493c70 71078 491b77 6 API calls 2 library calls 71072->71078 71075->71063 71077->71072 71079->71071 71088 491940 71081->71088 71083 60afe4 GetDeviceCaps MulDiv 71090 609a10 71083->71090 71085 60b037 CreateFontIndirectW 71086 48fa8e DName::DName 5 API calls 71085->71086 71087 418ab8 71086->71087 71087->70828 71089 49194c __VEC_memzero 71088->71089 71089->71083 71091 609a1c _wcsncpy numpunct 71090->71091 71091->71085 71102 4a1f48 71092->71102 71094 493b5f 71098 493b7b 71094->71098 71115 497f0b 67 API calls __getptd_noexit 71094->71115 71096 493b72 71096->71098 71116 497f0b 67 API calls __getptd_noexit 71096->71116 71098->70978 71099 4933f7 74 API calls 3 library calls 71098->71099 71099->70976 71100->70975 71101->70978 71103 4a1f54 __msize 71102->71103 71104 4a1f6c 71103->71104 71110 4a1f8b _memset 71103->71110 71117 497f0b 67 API calls __getptd_noexit 71104->71117 71106 4a1f71 71118 491b77 6 API calls 2 library calls 71106->71118 71108 4a1ffd RtlAllocateHeap 71108->71110 71109 4a1f81 __msize 71109->71094 71110->71108 71110->71109 71119 49a8b8 71110->71119 71126 49b0ca 5 API calls 2 library calls 71110->71126 71127 4a2044 LeaveCriticalSection _doexit 71110->71127 71128 49b3f4 6 API calls __decode_pointer 71110->71128 71115->71096 71116->71098 71117->71106 71120 49a8cd 71119->71120 71121 49a8e0 EnterCriticalSection 71119->71121 71129 49a7f5 67 API calls 9 library calls 71120->71129 71121->71110 71123 49a8d3 71123->71121 71130 493f25 67 API calls 3 library calls 71123->71130 71125 49a8df 71125->71121 71126->71110 71127->71110 71128->71110 71129->71123 71130->71125 71131->70982 71132->70862 71133->70862 71134->70860 71135 421ad0 SetWindowRgn 71136 4941ab 71139 494069 71136->71139 71138 4941bc 71140 494075 __msize 71139->71140 71141 49a8b8 __lock 67 API calls 71140->71141 71142 49407c 71141->71142 71143 494145 __initterm 71142->71143 71144 4940a8 71142->71144 71162 494180 LeaveCriticalSection _doexit 71143->71162 71160 499e25 6 API calls __crt_waiting_on_module_handle 71144->71160 71147 494161 71149 49418f __msize 71147->71149 71150 494167 71147->71150 71148 4940b3 71151 494135 __initterm 71148->71151 71161 499e25 6 API calls __crt_waiting_on_module_handle 71148->71161 71149->71138 71163 49a7de LeaveCriticalSection 71150->71163 71151->71143 71154 494174 71164 493f79 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 71154->71164 71157 499e1c 6 API calls _doexit 71159 4940c8 71157->71159 71158 499e25 6 API calls __decode_pointer 71158->71159 71159->71151 71159->71157 71159->71158 71160->71148 71161->71159 71162->71147 71163->71154 71165 639e70 71169 639e7f codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 71165->71169 71166 639f05 71168 639ec5 ShowScrollBar 71168->71169 71169->71166 71169->71168 71170 639ee5 GetParent 71169->71170 71172 638070 SendMessageW 71169->71172 71173 413c20 SendMessageW 71170->71173 71172->71169 71173->71169 71174 495a2d 71175 495a39 __msize 71174->71175 71176 495a63 71175->71176 71177 495a44 71175->71177 71210 49a071 71176->71210 71261 497f0b 67 API calls __getptd_noexit 71177->71261 71180 495a49 71262 491b77 6 API calls 2 library calls 71180->71262 71184 495a72 71230 4a0e46 71184->71230 71187 495a59 __msize _setlocale 71188 49a8b8 __lock 67 API calls 71189 495a9b 71188->71189 71236 494ca8 71189->71236 71196 495ace _ProcessCodePage 71199 49a8b8 __lock 67 API calls 71196->71199 71197 495b72 71267 494c0f 8 API calls 71197->71267 71201 495af7 71199->71201 71200 495b78 71268 494a37 67 API calls 4 library calls 71200->71268 71263 494cce 75 API calls 3 library calls 71201->71263 71204 495b09 71264 494c0f 8 API calls 71204->71264 71206 495b0f 71209 495b2b _sync_legacy_variables_lk _setlocale 71206->71209 71265 494cce 75 API calls 3 library calls 71206->71265 71266 495b67 LeaveCriticalSection _doexit 71209->71266 71269 499ff8 GetLastError 71210->71269 71212 49a079 71213 495a68 71212->71213 71284 493f25 67 API calls 3 library calls 71212->71284 71215 494d0c 71213->71215 71216 494d18 __msize 71215->71216 71217 49a071 __getptd 67 API calls 71216->71217 71218 494d1d 71217->71218 71219 494d4b 71218->71219 71221 494d2f 71218->71221 71220 49a8b8 __lock 67 API calls 71219->71220 71222 494d52 71220->71222 71223 49a071 __getptd 67 API calls 71221->71223 71310 494cce 75 API calls 3 library calls 71222->71310 71225 494d34 71223->71225 71228 494d42 __msize 71225->71228 71309 493f25 67 API calls 3 library calls 71225->71309 71226 494d65 71311 494d76 LeaveCriticalSection _doexit 71226->71311 71228->71184 71233 4a0e4f 71230->71233 71231 4a1f48 __calloc_impl 66 API calls 71231->71233 71232 495a85 71232->71187 71232->71188 71233->71231 71233->71232 71234 4a0e6d Sleep 71233->71234 71235 4a0e82 71234->71235 71235->71232 71235->71233 71237 494cca 71236->71237 71238 494cb1 71236->71238 71240 495b5b 71237->71240 71238->71237 71312 494b80 8 API calls 71238->71312 71313 49a7de LeaveCriticalSection 71240->71313 71242 495ab5 71243 49571d 71242->71243 71244 495746 71243->71244 71252 495762 71243->71252 71245 495750 71244->71245 71248 49541b __setlocale_set_cat 114 API calls 71244->71248 71251 48fa8e DName::DName 5 API calls 71245->71251 71246 495899 71246->71245 71371 49506d 71 API calls 6 library calls 71246->71371 71248->71245 71249 4958b3 71314 4951ea 71249->71314 71253 495936 71251->71253 71252->71246 71252->71249 71257 495797 _strpbrk _strncmp _strlen _strcspn 71252->71257 71253->71196 71253->71197 71254 4958c8 _ProcessCodePage 71254->71245 71254->71246 71343 49541b 71254->71343 71257->71245 71257->71246 71258 495851 71257->71258 71260 49541b __setlocale_set_cat 114 API calls 71257->71260 71369 4a4998 67 API calls __msize 71257->71369 71258->71257 71370 491a4f 10 API calls 3 library calls 71258->71370 71260->71257 71261->71180 71263->71204 71264->71206 71265->71209 71266->71187 71267->71200 71268->71187 71285 499ea0 TlsGetValue 71269->71285 71272 49a065 SetLastError 71272->71212 71273 4a0e46 __calloc_crt 64 API calls 71274 49a023 71273->71274 71274->71272 71275 49a02b 71274->71275 71290 499e25 6 API calls __crt_waiting_on_module_handle 71275->71290 71277 49a03d 71278 49a05c 71277->71278 71279 49a044 71277->71279 71292 48ff1e 71278->71292 71291 499f11 67 API calls 5 library calls 71279->71291 71282 49a062 71282->71272 71283 49a04c GetCurrentThreadId 71283->71272 71284->71213 71286 499ed0 71285->71286 71287 499eb5 71285->71287 71286->71272 71286->71273 71305 499e25 6 API calls __crt_waiting_on_module_handle 71287->71305 71289 499ec0 TlsSetValue 71289->71286 71290->71277 71291->71283 71293 48ff2a __msize 71292->71293 71294 48ff69 71293->71294 71296 49a8b8 __lock 65 API calls 71293->71296 71300 48ffa3 __dosmaperr __msize 71293->71300 71295 48ff7e HeapFree 71294->71295 71294->71300 71297 48ff90 71295->71297 71295->71300 71302 48ff41 ___sbh_find_block 71296->71302 71308 497f0b 67 API calls __getptd_noexit 71297->71308 71299 48ff95 GetLastError 71299->71300 71300->71282 71301 48ff5b 71307 48ff74 LeaveCriticalSection _doexit 71301->71307 71302->71301 71306 49a91b __VEC_memcpy VirtualFree VirtualFree HeapFree _memmove_s 71302->71306 71305->71289 71306->71301 71307->71294 71308->71299 71309->71228 71310->71226 71311->71225 71312->71237 71313->71242 71315 49a071 __getptd 67 API calls 71314->71315 71317 495225 71315->71317 71316 48fa8e DName::DName 5 API calls 71318 495419 71316->71318 71319 495274 71317->71319 71322 49529d 71317->71322 71328 4952c5 _ProcessCodePage _strlen 71317->71328 71318->71254 71424 49b41c 71319->71424 71322->71316 71323 495290 71433 491a4f 10 API calls 3 library calls 71323->71433 71327 49529a 71327->71322 71332 4953a1 _setlocale 71328->71332 71372 494ed7 71328->71372 71333 49b41c _strcpy_s 67 API calls 71332->71333 71335 4953ee 71333->71335 71334 49535d 71435 4a4998 67 API calls __msize 71334->71435 71335->71322 71336 4953f5 71335->71336 71437 491a4f 10 API calls 3 library calls 71336->71437 71339 495389 71339->71332 71340 495390 71339->71340 71436 491a4f 10 API calls 3 library calls 71340->71436 71342 49539c 71342->71332 71344 49a071 __getptd 67 API calls 71343->71344 71345 495439 71344->71345 71346 4951ea __expandlocale 113 API calls 71345->71346 71350 495464 _ProcessCodePage _strlen 71346->71350 71347 49546b 71348 48fa8e DName::DName 5 API calls 71347->71348 71349 49571b 71348->71349 71349->71254 71350->71347 71466 4a0e01 71350->71466 71352 4954af _setlocale 71352->71347 71353 49b41c _strcpy_s 67 API calls 71352->71353 71354 495520 71353->71354 71355 495527 71354->71355 71359 495536 _setlocale 71354->71359 71472 491a4f 10 API calls 3 library calls 71355->71472 71357 495533 71357->71359 71358 495617 _memcmp 71360 4956bb 71358->71360 71361 49568a 71358->71361 71359->71358 71473 4a2966 91 API calls 2 library calls 71359->71473 71360->71347 71364 4956c7 InterlockedDecrement 71360->71364 71363 48ff1e __GetLocaleForCP 67 API calls 71361->71363 71363->71347 71364->71347 71365 4956df 71364->71365 71366 48ff1e __GetLocaleForCP 67 API calls 71365->71366 71367 4956e6 71366->71367 71368 48ff1e __GetLocaleForCP 67 API calls 71367->71368 71368->71347 71369->71257 71370->71258 71371->71245 71374 494ef0 _memset 71372->71374 71373 494efc 71373->71322 71385 4a5008 71373->71385 71374->71373 71375 494f0e 71374->71375 71381 494f3b _strcspn 71374->71381 71438 4a4998 67 API calls __msize 71375->71438 71377 494f1f 71377->71373 71378 494f26 71377->71378 71439 491a4f 10 API calls 3 library calls 71378->71439 71380 494f30 71380->71373 71381->71373 71383 494fbd 71381->71383 71440 4a4998 67 API calls __msize 71381->71440 71383->71381 71441 491a4f 10 API calls 3 library calls 71383->71441 71386 49a071 __getptd 67 API calls 71385->71386 71390 4a5015 71386->71390 71387 4a5024 GetUserDefaultLCID 71416 4a50a7 71387->71416 71389 4a5050 71391 4a50b0 71389->71391 71394 4a5062 71389->71394 71390->71387 71390->71389 71454 4a4a4d 102 API calls _TranslateName 71390->71454 71391->71387 71397 4a50bb _strlen 71391->71397 71392 495333 71392->71322 71434 495000 67 API calls 3 library calls 71392->71434 71396 4a5074 71394->71396 71399 4a506d 71394->71399 71456 4a4fcc EnumSystemLocalesA _GetPrimaryLen _strlen 71396->71456 71403 4a50c1 EnumSystemLocalesA 71397->71403 71455 4a4f65 EnumSystemLocalesA _GetPrimaryLen _strlen 71399->71455 71402 4a5072 71402->71416 71457 4a4a4d 102 API calls _TranslateName 71402->71457 71403->71416 71404 4a513a IsValidCodePage 71404->71392 71406 4a514c IsValidLocale 71404->71406 71406->71392 71408 4a515f 71406->71408 71407 4a5090 71409 4a50a9 71407->71409 71410 4a50a2 71407->71410 71407->71416 71408->71392 71413 4a5190 71408->71413 71414 4a51b5 GetLocaleInfoA 71408->71414 71459 4a4fcc EnumSystemLocalesA _GetPrimaryLen _strlen 71409->71459 71458 4a4f65 EnumSystemLocalesA _GetPrimaryLen _strlen 71410->71458 71417 49b41c _strcpy_s 67 API calls 71413->71417 71414->71392 71415 4a51c6 GetLocaleInfoA 71414->71415 71415->71392 71418 4a51da 71415->71418 71416->71392 71442 4a4aaf 71416->71442 71419 4a519d 71417->71419 71461 4b43a0 67 API calls _xtoa_s@20 71418->71461 71419->71415 71421 4a51a4 71419->71421 71460 491a4f 10 API calls 3 library calls 71421->71460 71423 4a51b0 71423->71415 71425 49b42d 71424->71425 71426 49b434 71424->71426 71425->71426 71431 49b45a 71425->71431 71463 497f0b 67 API calls __getptd_noexit 71426->71463 71428 49b439 71464 491b77 6 API calls 2 library calls 71428->71464 71430 495287 71430->71322 71430->71323 71431->71430 71465 497f0b 67 API calls __getptd_noexit 71431->71465 71433->71327 71434->71334 71435->71339 71436->71342 71437->71327 71438->71377 71439->71380 71440->71381 71441->71383 71443 4a4b1b GetLocaleInfoA 71442->71443 71444 4a4ac8 _ProcessCodePage 71442->71444 71445 4a4b0d 71443->71445 71446 4a4b37 _ProcessCodePage 71443->71446 71444->71443 71451 4a4ade _ProcessCodePage 71444->71451 71447 48fa8e DName::DName 5 API calls 71445->71447 71449 4a4b4b GetACP 71446->71449 71450 4a4b04 71446->71450 71448 4a4b19 71447->71448 71448->71392 71448->71404 71449->71445 71462 492358 91 API calls __wcstoi64 71450->71462 71451->71450 71453 4a4aef GetLocaleInfoA 71451->71453 71453->71445 71453->71450 71454->71389 71455->71402 71456->71402 71457->71407 71458->71416 71459->71416 71460->71423 71461->71392 71462->71445 71463->71428 71465->71428 71467 4a0e0a 71466->71467 71468 48fe54 _malloc 66 API calls 71467->71468 71469 4a0e40 71467->71469 71470 4a0e21 Sleep 71467->71470 71468->71467 71469->71352 71471 4a0e36 71470->71471 71471->71467 71471->71469 71472->71357 71473->71358 71474 46e9c2 71475 481077 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 94 API calls 71474->71475 71476 46e9d6 71475->71476 71478 46e9df 71476->71478 71479 46bc18 2 API calls 4 library calls 71476->71479 71479->71478 71480 640790 71481 6407bd 71480->71481 71482 6407d4 71481->71482 71483 6407c4 71481->71483 71553 60c770 GetFullPathNameW 71482->71553 71609 63e6b0 264 API calls 2 library calls 71483->71609 71486 6407d1 71486->71482 71487 6407dd Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71488 6407fc 71487->71488 71491 64081a Concurrency::details::ContextBase::GetWorkQueueIdentity 71487->71491 71610 424740 67 API calls __GetLocaleForCP 71488->71610 71490 640812 71498 64093d codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 71491->71498 71563 60c500 GetFileAttributesExW 71491->71563 71495 640970 codecvt 71617 6990d0 67 API calls codecvt 71495->71617 71496 6409b4 71614 424740 67 API calls __GetLocaleForCP 71496->71614 71497 6409d2 71497->71495 71615 665180 74 API calls 2 library calls 71497->71615 71498->71495 71581 63fcd0 71498->71581 71502 64083e HandleT Concurrency::details::ContextBase::GetWorkQueueIdentity 71502->71498 71505 64086a 71502->71505 71503 6409e5 71616 419540 69 API calls codecvt 71503->71616 71506 637fa0 76 API calls 71505->71506 71508 640878 71506->71508 71507 640a0a Concurrency::details::ContextBase::GetWorkQueueIdentity 71618 63ff00 513 API calls 7 library calls 71507->71618 71564 60a3a0 103 API calls 71508->71564 71511 640a65 71512 640a6f Concurrency::details::ContextBase::GetWorkQueueIdentity 71511->71512 71513 640aab 71511->71513 71619 419a80 82 API calls 3 library calls 71512->71619 71514 640b2a Concurrency::details::ContextBase::GetWorkQueueIdentity 71513->71514 71516 46b924 _Allocate 67 API calls 71513->71516 71622 61e030 76 API calls 3 library calls 71514->71622 71515 640881 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71565 64ff30 99 API calls _Allocate 71515->71565 71517 640ac5 71516->71517 71517->71514 71523 46b924 _Allocate 67 API calls 71517->71523 71521 640a82 71525 640a8e 71521->71525 71529 6236a0 155 API calls 71521->71529 71522 6408a9 71566 636780 InvalidateRect UpdateWindow 71522->71566 71532 640adc 71523->71532 71524 640b63 71623 61e130 8 API calls codecvt 71524->71623 71620 424740 67 API calls __GetLocaleForCP 71525->71620 71529->71525 71530 640aa3 71530->71490 71531 6408b6 Concurrency::details::ContextBase::GetWorkQueueIdentity 71567 419a80 82 API calls 3 library calls 71531->71567 71621 419ba0 CreateEventW _memset 71532->71621 71534 640b71 Concurrency::details::ContextBase::GetWorkQueueIdentity 71537 640bb8 Concurrency::details::ContextBase::GetWorkQueueIdentity 71534->71537 71624 4199e0 81 API calls 2 library calls 71534->71624 71536 640be5 71626 424740 67 API calls __GetLocaleForCP 71536->71626 71537->71536 71546 640bdc SHAddToRecentDocs 71537->71546 71538 6408c9 71541 640913 71538->71541 71568 6236a0 71538->71568 71612 424740 67 API calls __GetLocaleForCP 71541->71612 71542 640bb0 71545 6236a0 155 API calls 71542->71545 71545->71537 71546->71536 71547 640926 71613 424740 67 API calls __GetLocaleForCP 71547->71613 71548 640b8f 71548->71542 71625 63d650 163 API calls 2 library calls 71548->71625 71551 6408d5 codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 71551->71541 71611 636780 InvalidateRect UpdateWindow 71551->71611 71554 60c796 71553->71554 71558 60c78f 71553->71558 71555 493b45 _calloc 67 API calls 71554->71555 71556 60c7a1 71555->71556 71557 60c7b1 GetFullPathNameW GetLongPathNameW 71556->71557 71556->71558 71557->71558 71559 60c7e1 71557->71559 71558->71487 71627 496c70 71559->71627 71561 60c7f0 71561->71558 71562 60c801 GetLongPathNameW 71561->71562 71562->71558 71563->71502 71564->71515 71565->71522 71566->71531 71567->71538 71569 6236d0 71568->71569 71572 6236d7 codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 71568->71572 71569->71551 71570 623713 71677 621fb0 71570->71677 71572->71570 71680 63cb40 90 API calls 71572->71680 71574 623718 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71681 6234f0 115 API calls 3 library calls 71574->71681 71576 623747 71577 62378d 71576->71577 71578 62375c FindWindowExW 71576->71578 71682 424740 67 API calls __GetLocaleForCP 71577->71682 71578->71577 71580 623778 PostMessageW 71578->71580 71580->71578 71582 63fd1f 71581->71582 71583 63fd26 71582->71583 71584 63fd34 71582->71584 71859 620d60 72 API calls HandleT 71583->71859 71860 620cb0 SystemParametersInfoW HandleT 71584->71860 71587 63fd2f 71588 46b924 _Allocate 67 API calls 71587->71588 71589 63fd61 71588->71589 71590 63fd82 CreateWindowExW 71589->71590 71861 636c70 81 API calls 7 library calls 71589->71861 71593 63fe1b ShowScrollBar 71590->71593 71594 63fdec 71590->71594 71826 650cf0 CreateMenu CreateMenu 71593->71826 71595 63fe08 71594->71595 71862 41a210 78 API calls codecvt 71594->71862 71595->71496 71595->71497 71600 63fea9 71864 63f9f0 106 API calls 71600->71864 71602 63feb5 71865 638100 SetClassLongW HideCaret SetClassLongW ShowCaret 71602->71865 71604 63fec1 DragAcceptFiles 71866 41aab0 69 API calls HandleT 71604->71866 71606 63fee1 71867 63d860 153 API calls 71606->71867 71608 63feea 71608->71595 71609->71486 71610->71490 71611->71541 71612->71547 71613->71490 71614->71490 71615->71503 71616->71495 71617->71507 71618->71511 71619->71521 71620->71530 71621->71514 71622->71524 71623->71534 71624->71548 71625->71542 71626->71530 71628 496c7c __msize 71627->71628 71629 496c91 71628->71629 71630 496c83 71628->71630 71631 496c98 71629->71631 71632 496ca4 71629->71632 71633 48fe54 _malloc 67 API calls 71630->71633 71634 48ff1e __GetLocaleForCP 67 API calls 71631->71634 71639 496e16 71632->71639 71650 496cb1 ___sbh_resize_block ___sbh_find_block _setlocale 71632->71650 71641 496c8b __dosmaperr __msize 71633->71641 71634->71641 71635 496e49 71673 49b3f4 6 API calls __decode_pointer 71635->71673 71637 49a8b8 __lock 67 API calls 71637->71650 71638 496e1b HeapReAlloc 71638->71639 71638->71641 71639->71635 71639->71638 71642 496e6d 71639->71642 71646 496e63 71639->71646 71672 49b3f4 6 API calls __decode_pointer 71639->71672 71640 496e4f 71674 497f0b 67 API calls __getptd_noexit 71640->71674 71641->71561 71642->71641 71676 497f0b 67 API calls __getptd_noexit 71642->71676 71675 497f0b 67 API calls __getptd_noexit 71646->71675 71647 496e76 GetLastError 71647->71641 71650->71635 71650->71637 71650->71641 71651 496d3c HeapAlloc 71650->71651 71653 496d91 HeapReAlloc 71650->71653 71656 496dfc 71650->71656 71659 496ddf 71650->71659 71660 496d36 _setlocale 71650->71660 71665 49b0ca 5 API calls 2 library calls 71650->71665 71666 49a91b __VEC_memcpy VirtualFree VirtualFree HeapFree _memmove_s 71650->71666 71668 496db4 LeaveCriticalSection _doexit 71650->71668 71669 49b3f4 6 API calls __decode_pointer 71650->71669 71651->71650 71651->71660 71652 496de9 GetLastError 71652->71641 71653->71650 71656->71641 71671 497f0b 67 API calls __getptd_noexit 71656->71671 71670 497f0b 67 API calls __getptd_noexit 71659->71670 71660->71650 71660->71651 71667 49a91b __VEC_memcpy VirtualFree VirtualFree HeapFree _memmove_s 71660->71667 71661 496e09 71661->71641 71661->71647 71663 496de4 71663->71641 71663->71652 71665->71650 71666->71650 71667->71660 71668->71650 71669->71650 71670->71663 71671->71661 71672->71639 71673->71640 71674->71641 71675->71663 71676->71647 71683 6218e0 71677->71683 71680->71572 71681->71576 71682->71569 71684 621913 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71683->71684 71715 621430 71684->71715 71687 621926 71760 60b480 GetModuleFileNameW 71687->71760 71688 621957 SHGetSpecialFolderPathW 71689 62197c 71688->71689 71694 621952 Concurrency::details::ContextBase::GetWorkQueueIdentity 71688->71694 71769 60cca0 103 API calls numpunct 71689->71769 71693 62198d 71696 422390 HandleT 67 API calls 71693->71696 71695 6219d9 71694->71695 71698 6219fa Concurrency::details::ContextBase::GetWorkQueueIdentity 71694->71698 71771 424740 67 API calls __GetLocaleForCP 71695->71771 71700 621999 Concurrency::details::ContextBase::GetWorkQueueIdentity 71696->71700 71772 60cca0 103 API calls numpunct 71698->71772 71700->71694 71706 6219a5 Concurrency::details::ContextBase::GetWorkQueueIdentity 71700->71706 71701 62193d 71766 422390 71701->71766 71704 48ff1e __GetLocaleForCP 67 API calls 71704->71694 71705 48fa8e DName::DName 5 API calls 71708 621a3f 71705->71708 71770 60c260 CreateDirectoryW GetLastError 71706->71770 71708->71574 71709 621a0c 71773 424740 67 API calls __GetLocaleForCP 71709->71773 71711 6219f2 71711->71705 71713 6219b3 71713->71694 71714 422390 HandleT 67 API calls 71713->71714 71714->71694 71716 62144c 71715->71716 71717 62145d 71715->71717 71719 48fa8e DName::DName 5 API calls 71716->71719 71718 60b480 77 API calls 71717->71718 71721 62146c Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71718->71721 71720 621679 71719->71720 71720->71687 71720->71688 71722 621481 71721->71722 71723 62149b _DebugHeapAllocator 71721->71723 71808 424740 67 API calls __GetLocaleForCP 71722->71808 71774 60bcd0 71723->71774 71727 422390 HandleT 67 API calls 71728 6214c5 Concurrency::details::ContextBase::GetWorkQueueIdentity 71727->71728 71729 60bcd0 74 API calls 71728->71729 71731 6214f1 Concurrency::details::ContextBase::GetWorkQueueIdentity 71728->71731 71730 6214e5 71729->71730 71733 422390 HandleT 67 API calls 71730->71733 71732 621597 SHGetSpecialFolderPathW 71731->71732 71809 609ef0 79 API calls 2 library calls 71731->71809 71734 6215bc 71732->71734 71745 6215de Concurrency::details::ContextBase::GetWorkQueueIdentity 71732->71745 71733->71731 71813 424740 67 API calls __GetLocaleForCP 71734->71813 71736 6215cb 71814 424740 67 API calls __GetLocaleForCP 71736->71814 71739 62154a Concurrency::details::ContextBase::GetWorkQueueIdentity 71742 60c9a0 94 API calls 71739->71742 71740 621652 71817 424740 67 API calls __GetLocaleForCP 71740->71817 71746 621561 71742->71746 71743 621661 71818 424740 67 API calls __GetLocaleForCP 71743->71818 71744 621514 Concurrency::details::ContextBase::GetWorkQueueIdentity 71744->71739 71810 60cca0 103 API calls numpunct 71744->71810 71745->71740 71752 621627 71745->71752 71786 60c9a0 CreateFileW CreateFileW 71745->71786 71746->71732 71749 62156b 71746->71749 71811 424740 67 API calls __GetLocaleForCP 71749->71811 71751 62153e 71754 422390 HandleT 67 API calls 71751->71754 71815 424740 67 API calls __GetLocaleForCP 71752->71815 71754->71739 71756 621584 71812 424740 67 API calls __GetLocaleForCP 71756->71812 71757 621640 71816 424740 67 API calls __GetLocaleForCP 71757->71816 71761 60c770 76 API calls 71760->71761 71762 60b4bc 71761->71762 71763 48fa8e DName::DName 5 API calls 71762->71763 71764 60b4c9 71763->71764 71764->71694 71765 60cd10 67 API calls 2 library calls 71764->71765 71765->71701 71767 48ff1e __GetLocaleForCP 67 API calls 71766->71767 71768 4223a2 71767->71768 71768->71704 71769->71693 71770->71713 71771->71711 71772->71709 71773->71711 71775 60bce4 RegOpenKeyExW 71774->71775 71776 60bd05 RegQueryValueExW 71775->71776 71778 60bd5f 71775->71778 71779 60bd26 71776->71779 71780 60bd6d RegCloseKey 71776->71780 71777 60bd9b 71781 60bdb0 71777->71781 71820 60aec0 GetLastError FormatMessageW LocalFree 71777->71820 71778->71775 71778->71777 71778->71780 71819 4139f0 67 API calls 2 library calls 71778->71819 71782 493b45 _calloc 67 API calls 71779->71782 71780->71778 71781->71727 71783 60bd36 RegQueryValueExW 71782->71783 71783->71778 71783->71780 71787 60ca54 CloseHandle CloseHandle 71786->71787 71788 60c9ef 71786->71788 71789 60ca70 71787->71789 71790 60ca78 71787->71790 71788->71787 71791 60c9f5 GetFileInformationByHandle 71788->71791 71789->71745 71792 60c770 76 API calls 71790->71792 71791->71787 71793 60ca07 GetFileInformationByHandle 71791->71793 71794 60ca81 _DebugHeapAllocator 71792->71794 71793->71787 71795 60ca19 71793->71795 71796 60c770 76 API calls 71794->71796 71795->71787 71798 60ca96 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71796->71798 71797 60caba 71821 424740 67 API calls __GetLocaleForCP 71797->71821 71798->71797 71802 60cad9 Concurrency::details::ContextBase::GetWorkQueueIdentity 71798->71802 71800 60cac9 71822 424740 67 API calls __GetLocaleForCP 71800->71822 71823 609660 79 API calls __wcsicoll 71802->71823 71804 60caf0 71824 424740 67 API calls __GetLocaleForCP 71804->71824 71806 60cb01 71825 424740 67 API calls __GetLocaleForCP 71806->71825 71808->71716 71809->71744 71810->71751 71811->71756 71812->71716 71813->71736 71814->71716 71815->71757 71816->71716 71817->71743 71818->71716 71819->71778 71820->71781 71821->71800 71822->71789 71823->71804 71824->71806 71825->71789 71868 650bd0 71826->71868 71829 637fa0 76 API calls 71830 650d1e AppendMenuW CreateMenu 71829->71830 71891 650450 71830->71891 71833 637fa0 76 API calls 71834 650d55 AppendMenuW CreateMenu 71833->71834 71835 650450 79 API calls 71834->71835 71836 650d7c 71835->71836 71837 637fa0 76 API calls 71836->71837 71838 650d8c AppendMenuW CreateMenu 71837->71838 71839 650450 79 API calls 71838->71839 71840 650db3 71839->71840 71841 637fa0 76 API calls 71840->71841 71842 650dc3 AppendMenuW 71841->71842 71843 650dde 71842->71843 71844 650e1f CreateMenu 71843->71844 71845 650de8 CreateMenu 71843->71845 71847 650450 79 API calls 71844->71847 71900 666550 125 API calls 71845->71900 71849 650e32 71847->71849 71848 650dfe 71850 637fa0 76 API calls 71848->71850 71851 637fa0 76 API calls 71849->71851 71852 650e0b AppendMenuW 71850->71852 71853 650e42 AppendMenuW CreateMenu 71851->71853 71852->71844 71854 650450 79 API calls 71853->71854 71855 650e69 71854->71855 71856 637fa0 76 API calls 71855->71856 71857 650e79 AppendMenuW GetParent KiUserCallbackDispatcher 71856->71857 71858 63fe35 ShowWindow UpdateWindow CreateWindowExW 71857->71858 71863 6384d0 126 API calls 71858->71863 71859->71587 71860->71587 71861->71590 71862->71595 71863->71600 71864->71602 71865->71604 71866->71606 71867->71608 71901 413c70 71868->71901 71871 650450 79 API calls 71872 650bef 71871->71872 71905 650b30 71872->71905 71877 650c1d 71918 61e4e0 71877->71918 71881 650c3f 71925 61e480 71881->71925 71885 650c61 71932 63a190 71885->71932 71889 650c83 71889->71829 71894 65045f HandleT Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71891->71894 71892 650556 71892->71833 71893 6504d9 AppendMenuW 71893->71894 71894->71892 71894->71893 71896 637fa0 76 API calls 71894->71896 71898 650513 AppendMenuW 71894->71898 71955 4156b0 69 API calls HandleT 71894->71955 71897 650537 AppendMenuW 71896->71897 71897->71894 71956 424740 67 API calls __GetLocaleForCP 71898->71956 71900->71848 71902 413c73 RemoveMenu 71901->71902 71903 413c88 71902->71903 71904 413c8a 71902->71904 71903->71902 71904->71871 71908 650b3d 71905->71908 71906 650b47 71911 61e420 71906->71911 71907 650bad InsertMenuW 71907->71906 71908->71906 71908->71907 71909 650b8b 71908->71909 71943 650a90 106 API calls 3 library calls 71908->71943 71909->71907 71944 61e1c0 71911->71944 71913 61e42f 71917 61e44c 71913->71917 71948 61e380 75 API calls 3 library calls 71913->71948 71915 61e455 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71949 424740 67 API calls __GetLocaleForCP 71915->71949 71917->71877 71939 4157c0 RemoveMenu 71917->71939 71919 61e1c0 GetFileAttributesExW 71918->71919 71921 61e4ef 71919->71921 71920 61e50c 71920->71881 71940 4157c0 RemoveMenu 71920->71940 71921->71920 71951 61e300 75 API calls 3 library calls 71921->71951 71923 61e515 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71952 424740 67 API calls __GetLocaleForCP 71923->71952 71926 61e1c0 GetFileAttributesExW 71925->71926 71928 61e48f 71926->71928 71927 61e4ac 71927->71885 71941 4157c0 RemoveMenu 71927->71941 71928->71927 71953 61e210 111 API calls 3 library calls 71928->71953 71930 61e4b5 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 71954 424740 67 API calls __GetLocaleForCP 71930->71954 71933 61e1c0 GetFileAttributesExW 71932->71933 71934 63a19f 71933->71934 71935 63a1a9 71934->71935 71936 63a1ad SafeRWList Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71934->71936 71935->71889 71942 4157c0 RemoveMenu 71935->71942 71937 63a1bd CoCreateInstance 71936->71937 71938 63a1e9 71937->71938 71938->71935 71939->71877 71940->71881 71941->71885 71942->71889 71943->71908 71946 61e1ca 71944->71946 71945 61e1d4 71945->71913 71946->71945 71950 60c500 GetFileAttributesExW 71946->71950 71948->71915 71949->71917 71950->71945 71951->71923 71952->71920 71953->71930 71954->71927 71955->71894 71956->71894 71957 669090 71958 6690ab std::_Iterator_base::_Iterator_base __write_nolock 71957->71958 71959 405cf0 71 API calls 71958->71959 71960 6690e2 71959->71960 72048 412f70 71960->72048 71963 669161 72054 413890 71963->72054 71967 669114 71969 4128a0 71 API calls 71967->71969 71968 405cf0 71 API calls 71971 6691b3 71968->71971 71970 66912d 71969->71970 72135 412eb0 RegQueryValueExW 71970->72135 72057 412e80 71971->72057 71975 66913b 71977 669163 71975->71977 71978 66914a 71975->71978 72136 4745de 115 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71977->72136 71979 405690 Concurrency::details::ContextBase::GetWorkQueueIdentity 82 API calls 71978->71979 71982 669155 71979->71982 71981 669292 72063 412c30 71981->72063 71984 413610 _DebugHeapAllocator 71 API calls 71982->71984 71984->71963 71985 6691e1 Concurrency::details::ContextBase::GetWorkQueueIdentity 71985->71981 72137 491d1f 78 API calls __wcstoi64 71985->72137 71987 6691fd 71987->71981 71988 669244 codecvt 71987->71988 72138 413030 RegCloseKey 71988->72138 71991 46b924 67 API calls _Allocate 71997 6692a2 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71991->71997 71992 48fa8e DName::DName 5 API calls 71993 6697cc 71992->71993 71994 413890 _DebugHeapAllocator 71 API calls 71994->71997 71997->71991 71997->71994 71998 66949c Sleep 71997->71998 72001 669467 71997->72001 72003 669438 71997->72003 72071 6671b0 71997->72071 72106 612510 71997->72106 72139 611e20 InitializeCriticalSection Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 71997->72139 71998->72001 72000 405cf0 71 API calls 72002 669503 72000->72002 72001->71997 72001->71998 72009 6694e1 72001->72009 72140 611450 72001->72140 72109 4128a0 72002->72109 72007 611450 InternetCloseHandle 72003->72007 72003->72009 72007->72009 72009->72000 72011 66957f codecvt 72014 412c30 104 API calls 72011->72014 72012 66953c _DebugHeapAllocator 72012->72011 72143 405820 71 API calls _DebugHeapAllocator 72012->72143 72016 66959b 72014->72016 72015 66955a 72017 413610 _DebugHeapAllocator 71 API calls 72015->72017 72122 405c30 72016->72122 72017->72011 72020 6696c0 codecvt std::_Iterator_base::_Iterator_base 72126 412820 RegCreateKeyExW 72020->72126 72024 405370 71 API calls 72025 6695de Concurrency::details::ContextBase::GetWorkQueueIdentity 72024->72025 72153 491cfe 78 API calls __wcstoi64 72025->72153 72026 669715 72158 413030 RegCloseKey 72026->72158 72028 6696f6 Concurrency::details::ContextBase::GetWorkQueueIdentity 72028->72026 72130 4127c0 72028->72130 72031 6695ec Concurrency::details::ContextBase::GetWorkQueueIdentity 72154 491cfe 78 API calls __wcstoi64 72031->72154 72033 669603 72033->72020 72034 405cf0 71 API calls 72033->72034 72035 669629 72034->72035 72155 413130 100 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 72035->72155 72037 66963e 72156 658590 71 API calls 2 library calls 72037->72156 72039 669645 72040 413610 _DebugHeapAllocator 71 API calls 72039->72040 72042 66966d codecvt Concurrency::details::ContextBase::GetWorkQueueIdentity 72040->72042 72041 669727 codecvt 72159 413030 RegCloseKey 72041->72159 72157 4745de 115 API calls Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 72042->72157 72045 669691 72045->72020 72047 6696a0 ShellExecuteW 72045->72047 72046 669287 72046->71992 72047->72020 72049 412f79 72048->72049 72049->72049 72050 412f81 RegOpenKeyExW 72049->72050 72051 412fa9 72050->72051 72052 412fb1 72050->72052 72160 412fe0 RegCloseKey 72051->72160 72052->71963 72134 412eb0 RegQueryValueExW 72052->72134 72161 4137d0 72054->72161 72056 4138a3 GetLocalTime SystemTimeToFileTime 72056->71968 72173 412e10 72057->72173 72060 405c50 72243 40a570 72060->72243 72062 405c5f 72062->71985 72064 412c5b 72063->72064 72065 40a970 _DebugHeapAllocator 71 API calls 72064->72065 72066 412c64 72065->72066 72248 412be0 72066->72248 72069 412c8a 72069->71997 72072 6671cb _memset __write_nolock 72071->72072 72073 405370 71 API calls 72072->72073 72074 66721b _memset Concurrency::details::ContextBase::GetWorkQueueIdentity 72073->72074 72075 66725b WideCharToMultiByte 72074->72075 72254 405cb0 72075->72254 72077 66727d _DebugHeapAllocator 72078 667350 72077->72078 72315 4922a9 103 API calls 3 library calls 72077->72315 72258 612760 72078->72258 72080 6673b7 72282 4059d0 72080->72282 72082 6672e6 72316 4922a9 103 API calls 3 library calls 72082->72316 72085 66731b 72317 4922a9 103 API calls 3 library calls 72085->72317 72092 413890 _DebugHeapAllocator 71 API calls 72093 66740c codecvt 72092->72093 72301 405c10 72093->72301 72096 667436 72304 611600 72096->72304 72097 405c10 71 API calls 72098 667452 72097->72098 72098->72096 72101 405c10 71 API calls 72098->72101 72100 66749f 72312 611480 72100->72312 72101->72096 72103 6674be codecvt Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack Concurrency::details::WorkQueue::PushUnstructured Concurrency::details::FairScheduleGroupSegment::AddToRunnablesCollection 72104 48fa8e DName::DName 5 API calls 72103->72104 72105 667558 72104->72105 72105->71997 72413 6121f0 72106->72413 72108 61254c 72108->71997 72110 413410 Concurrency::details::ContextBase::GetWorkQueueIdentity 71 API calls 72109->72110 72111 4128b5 72110->72111 72112 413450 Concurrency::details::ContextBase::GetWorkQueueIdentity 71 API calls 72111->72112 72113 4128c4 MultiByteToWideChar 72112->72113 72114 405690 72113->72114 72421 40a5d0 72114->72421 72119 413610 72455 413580 72119->72455 72121 413623 72121->72012 72123 405c3b Concurrency::details::ContextBase::GetWorkQueueIdentity 72122->72123 72124 40a570 71 API calls 72123->72124 72125 405c44 72124->72125 72125->72020 72144 405370 72125->72144 72127 412861 72126->72127 72128 412877 72127->72128 72463 412fe0 RegCloseKey 72127->72463 72128->72028 72132 4127c9 72130->72132 72131 4127e3 72131->72026 72132->72131 72133 4127ee lstrlenW RegSetValueExW 72132->72133 72133->72131 72134->71967 72135->71975 72136->71963 72137->71987 72138->72046 72139->71997 72141 611460 InternetCloseHandle 72140->72141 72142 611477 72140->72142 72141->72142 72142->72001 72143->72015 72146 405382 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 72144->72146 72145 40538e 72145->72024 72146->72145 72147 413410 Concurrency::details::ContextBase::GetWorkQueueIdentity 71 API calls 72146->72147 72151 40545e 72147->72151 72148 40553a 72149 4134a0 Concurrency::details::ContextBase::GetWorkQueueIdentity 71 API calls 72148->72149 72149->72145 72151->72148 72464 412080 69 API calls 2 library calls 72151->72464 72465 412420 69 API calls 2 library calls 72151->72465 72153->72031 72154->72033 72155->72037 72156->72039 72157->72045 72158->72041 72159->72046 72160->72052 72162 4137e1 _DebugHeapAllocator 72161->72162 72165 413700 72162->72165 72164 4137ed _DebugHeapAllocator 72164->72056 72167 413720 _DebugHeapAllocator 72165->72167 72166 41373c _DebugHeapAllocator 72166->72164 72167->72166 72169 41376f _DebugHeapAllocator 72167->72169 72171 4136c0 71 API calls _DebugHeapAllocator 72167->72171 72172 4136d0 67 API calls _memcpy_s 72169->72172 72171->72169 72172->72166 72174 412e29 72173->72174 72175 412e1f 72173->72175 72185 412dd0 72174->72185 72197 4136a0 71 API calls _DebugHeapAllocator 72175->72197 72198 492062 72185->72198 72188 413410 72209 4133c0 72188->72209 72191 412df0 72214 491ee2 72191->72214 72194 4134a0 72238 413450 72194->72238 72196 412e72 72196->72060 72197->72174 72201 49200b 72198->72201 72202 49201b 72201->72202 72205 412de0 72201->72205 72207 497f0b 67 API calls __getptd_noexit 72202->72207 72204 492020 72208 491b77 6 API calls 2 library calls 72204->72208 72205->72188 72207->72204 72210 4133d1 _DebugHeapAllocator 72209->72210 72211 412e48 72210->72211 72213 413320 71 API calls 2 library calls 72210->72213 72211->72191 72213->72211 72217 491e57 72214->72217 72218 491e81 72217->72218 72219 491e64 72217->72219 72220 491e8e 72218->72220 72222 491e9b 72218->72222 72232 497f0b 67 API calls __getptd_noexit 72219->72232 72234 497f0b 67 API calls __getptd_noexit 72220->72234 72235 491d35 101 API calls 2 library calls 72222->72235 72224 491e69 72233 491b77 6 API calls 2 library calls 72224->72233 72225 491e93 72237 491b77 6 API calls 2 library calls 72225->72237 72228 491eb2 72230 412e08 72228->72230 72236 497f0b 67 API calls __getptd_noexit 72228->72236 72230->72194 72232->72224 72234->72225 72235->72228 72236->72225 72239 41345d _DebugHeapAllocator 72238->72239 72241 413477 _DebugHeapAllocator 72239->72241 72242 4136a0 71 API calls _DebugHeapAllocator 72239->72242 72241->72196 72242->72241 72244 40a579 72243->72244 72246 40a5a3 Concurrency::details::ContextBase::GetWorkQueueIdentity 72244->72246 72247 4136a0 71 API calls _DebugHeapAllocator 72244->72247 72246->72062 72247->72244 72249 412bf3 72248->72249 72250 412c18 72248->72250 72249->72250 72253 412ba0 104 API calls 72249->72253 72250->72069 72252 412db0 71 API calls _DebugHeapAllocator 72250->72252 72252->72069 72253->72250 72255 405cc1 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 72254->72255 72256 405ce2 72255->72256 72318 4131f0 71 API calls 2 library calls 72255->72318 72256->72077 72319 4971c2 72258->72319 72261 4971c2 _TranslateName 102 API calls 72262 6127bb 72261->72262 72263 4971c2 _TranslateName 102 API calls 72262->72263 72268 6127a4 6 library calls 72262->72268 72263->72268 72266 612960 InternetCanonicalizeUrlA 72267 61297f codecvt 72266->72267 72270 612a47 _memset Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack 72266->72270 72269 61298e GetLastError 72267->72269 72278 612840 codecvt Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack _strncpy _strlen _strcspn 72268->72278 72328 497306 72268->72328 72271 612a49 72269->72271 72277 6129a0 Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack _Maklocstr 72269->72277 72273 497306 102 API calls 72270->72273 72338 611400 GetLastError 72271->72338 72276 612b26 InternetCrackUrlA 72273->72276 72274 6129fb InternetCanonicalizeUrlA 72274->72270 72275 612a16 codecvt 72274->72275 72337 611400 GetLastError 72275->72337 72276->72278 72279 612b4a codecvt 72276->72279 72277->72274 72278->72080 72339 611400 GetLastError 72279->72339 72283 4059e6 _DebugHeapAllocator 72282->72283 72284 405a00 72283->72284 72286 405a1a Concurrency::details::ContextBase::GetWorkQueueIdentity 72283->72286 72285 413890 _DebugHeapAllocator 71 API calls 72284->72285 72288 405a0c 72285->72288 72346 40a4e0 71 API calls 72286->72346 72289 4056e0 72288->72289 72290 4056f1 Concurrency::details::ContextBase::GetWorkQueueIdentity 72289->72290 72291 40575d 72290->72291 72347 40a7e0 71 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 72290->72347 72293 405640 72291->72293 72294 405651 _DebugHeapAllocator 72293->72294 72295 413410 Concurrency::details::ContextBase::GetWorkQueueIdentity 71 API calls 72294->72295 72296 405660 72295->72296 72348 412050 72296->72348 72299 4134a0 Concurrency::details::ContextBase::GetWorkQueueIdentity 71 API calls 72300 405682 72299->72300 72300->72092 72302 40a570 71 API calls 72301->72302 72303 405c1f 72302->72303 72303->72096 72303->72097 72305 611450 InternetCloseHandle 72304->72305 72307 611611 Concurrency::details::SchedulerBase::IgnoreAffinity 72305->72307 72306 611629 72306->72100 72307->72306 72308 6116a5 InternetOpenA 72307->72308 72309 6116e2 InternetSetOptionW 72308->72309 72310 6116db 72308->72310 72309->72306 72412 611400 GetLastError 72310->72412 72313 611490 72312->72313 72314 611492 InternetSetOptionW InternetSetOptionW InternetSetOptionW 72312->72314 72313->72103 72314->72313 72315->72082 72316->72085 72317->72078 72318->72256 72320 4971d2 72319->72320 72324 4971fb 72319->72324 72321 4971d7 72320->72321 72320->72324 72340 497f0b 67 API calls __getptd_noexit 72321->72340 72342 4970ed 102 API calls 4 library calls 72324->72342 72325 4971ec 72325->72261 72325->72268 72326 4971dc 72341 491b77 6 API calls 2 library calls 72326->72341 72329 497316 72328->72329 72335 497348 72328->72335 72330 49731b 72329->72330 72329->72335 72343 497f0b 67 API calls __getptd_noexit 72330->72343 72333 497330 72333->72266 72333->72270 72334 497320 72344 491b77 6 API calls 2 library calls 72334->72344 72345 497214 102 API calls 4 library calls 72335->72345 72337->72278 72338->72278 72339->72278 72340->72326 72342->72325 72343->72334 72345->72333 72346->72288 72347->72291 72351 492f80 72348->72351 72354 492f4b 72351->72354 72359 49207e 72354->72359 72360 492091 72359->72360 72364 4920de 72359->72364 72361 49a071 __getptd 67 API calls 72360->72361 72363 492096 72361->72363 72362 4920be 72362->72364 72400 49d520 69 API calls 6 library calls 72362->72400 72363->72362 72365 494d0c _localeconv 75 API calls 72363->72365 72367 492dbb 72364->72367 72365->72362 72368 492df3 _wcsnlen 72367->72368 72369 492dd5 72367->72369 72368->72369 72372 492e0a 72368->72372 72401 497f0b 67 API calls __getptd_noexit 72369->72401 72371 492dda 72402 491b77 6 API calls 2 library calls 72371->72402 72375 492de9 72372->72375 72403 4a0caa 78 API calls _LocaleUpdate::_LocaleUpdate 72372->72403 72377 48fa8e DName::DName 5 API calls 72375->72377 72376 492e55 72378 492e78 72376->72378 72379 492e61 72376->72379 72381 405673 72377->72381 72380 492e7d 72378->72380 72388 492e8e 72378->72388 72404 497f0b 67 API calls __getptd_noexit 72379->72404 72406 497f0b 67 API calls __getptd_noexit 72380->72406 72381->72299 72383 492e66 72405 497f0b 67 API calls __getptd_noexit 72383->72405 72386 492ef0 72408 4a0caa 78 API calls _LocaleUpdate::_LocaleUpdate 72386->72408 72387 492ee0 72407 497f0b 67 API calls __getptd_noexit 72387->72407 72389 48fe54 _malloc 67 API calls 72388->72389 72393 492ea9 _com_util::ConvertStringToBSTR 72388->72393 72389->72393 72392 492f09 72394 492f10 72392->72394 72395 492f23 72392->72395 72393->72386 72393->72387 72409 4977ed 67 API calls __msize 72394->72409 72410 497f0b 67 API calls __getptd_noexit 72395->72410 72398 492f1c 72411 492d9b 67 API calls __GetLocaleForCP 72398->72411 72400->72364 72401->72371 72403->72376 72404->72383 72405->72375 72406->72371 72407->72383 72408->72392 72409->72398 72410->72398 72411->72375 72412->72306 72414 612204 72413->72414 72416 612212 72414->72416 72419 611fc0 110 API calls 4 library calls 72414->72419 72418 612261 Concurrency::details::SchedulerBase::IgnoreAffinity Concurrency::details::ContextBase::GetWorkQueueIdentity 72416->72418 72420 611bc0 103 API calls 6 library calls 72416->72420 72418->72108 72419->72416 72420->72418 72425 40a5e1 Concurrency::details::ContextBase::GetWorkQueueIdentity 72421->72425 72423 40569f 72427 40a660 72423->72427 72424 40a62e Concurrency::details::ContextBase::GetWorkQueueIdentity 72424->72423 72440 40a7e0 71 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 72424->72440 72425->72424 72437 411fe0 72425->72437 72429 40a671 Concurrency::details::ContextBase::GetWorkQueueIdentity 72427->72429 72428 411fe0 Concurrency::details::ContextBase::GetWorkQueueIdentity 78 API calls 72428->72429 72429->72428 72431 40a698 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 72429->72431 72430 4056a6 72430->72119 72431->72430 72432 413410 Concurrency::details::ContextBase::GetWorkQueueIdentity 71 API calls 72431->72432 72433 40a6c8 _DebugHeapAllocator 72432->72433 72454 412080 69 API calls 2 library calls 72433->72454 72435 40a707 72436 4134a0 Concurrency::details::ContextBase::GetWorkQueueIdentity 71 API calls 72435->72436 72436->72430 72441 49316c 72437->72441 72440->72423 72444 4a0d8b 72441->72444 72443 411fed 72443->72425 72445 4a0d9c 72444->72445 72446 4a0da0 72444->72446 72445->72443 72447 4a0dab 72446->72447 72448 4a0dec 72446->72448 72452 4b2886 78 API calls _LocaleUpdate::_LocaleUpdate 72446->72452 72447->72443 72453 4a0d01 78 API calls 2 library calls 72448->72453 72451 4a0dfc 72451->72443 72452->72448 72453->72451 72454->72435 72456 413591 _DebugHeapAllocator 72455->72456 72457 4135de 72456->72457 72459 4135c2 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 72456->72459 72461 4135dc _DebugHeapAllocator 72456->72461 72458 413700 _DebugHeapAllocator 71 API calls 72457->72458 72458->72461 72462 4134c0 71 API calls 3 library calls 72459->72462 72461->72121 72462->72461 72463->72128 72464->72151 72465->72151

                                                                              Executed Functions

                                                                              Function 00669090 Relevance: 46.0, APIs: 15, Strings: 11, Instructions: 456memorytimesleepCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 150 669090-6690ff call 4987b0 call 429e40 call 405cf0 call 412f70 159 669171-6691e9 call 413890 GetLocalTime SystemTimeToFileTime call 405cf0 call 412e80 call 405c50 150->159 160 669101-669148 call 412eb0 call 4128a0 call 412eb0 150->160 179 669292-6692d0 call 412c30 call 612740 call 4101d0 * 2 159->179 180 6691ef-669234 call 405ff0 call 491d1f 159->180 174 669163-66916c call 4745de 160->174 175 66914a-669161 call 405690 call 413610 160->175 174->159 175->159 201 6692d7-6692f5 call 46b924 179->201 180->179 193 669236 180->193 195 669244-66928d call 413640 * 3 call 413030 193->195 196 669238-669242 193->196 216 6697b7-6697cf call 48fa8e 195->216 196->179 196->195 208 6692f7-669308 call 611e20 201->208 209 66930a 201->209 212 669314-66934e call 408960 call 46b924 208->212 209->212 222 669363 212->222 223 669350-669361 call 611760 212->223 225 66936d-669436 call 408960 call 413890 call 6671b0 call 612700 call 612680 call 6126a0 call 6126c0 call 6126e0 call 408940 call 612510 222->225 223->225 247 669438-6694ad call 408940 call 6119c0 225->247 248 669459-66945d 225->248 269 6694c6-6694cd 247->269 270 6694af-6694b9 call 408940 call 6118b0 247->270 250 669476-66947d 248->250 251 66945f-669462 call 408940 248->251 254 66947f-669497 call 408940 call 611450 call 408980 250->254 255 66949c-6694f5 Sleep 250->255 258 669467-669471 call 6118b0 call 4088d0 251->258 254->255 255->201 262 6694fb-669547 call 405cf0 call 4128a0 MultiByteToWideChar call 405690 call 413610 call 406070 255->262 258->250 294 66958e-6695b4 call 412c30 call 405c30 262->294 295 669549-669589 call 405820 call 413610 call 413640 262->295 276 6694cf-6694e7 call 408940 call 611450 call 408980 269->276 277 6694ec 269->277 285 6694be-6694c1 call 4088d0 270->285 276->277 277->262 285->269 305 6696cf-6696f8 call 429e40 call 412820 294->305 306 6695ba-669618 call 405370 * 2 call 405ff0 call 491d14 call 405ff0 call 491d14 294->306 295->294 316 669715-6697b1 call 413030 call 413640 * 2 call 408920 call 4088b0 call 612720 call 413640 * 4 call 413030 305->316 317 6696fa-669710 call 405ff0 call 4127c0 305->317 306->305 335 66961e-66969e call 405cf0 call 413130 call 658590 call 413610 call 413640 call 405ff0 call 4745de 306->335 316->216 317->316 365 6696c0-6696ca call 413640 335->365 366 6696a0-6696ba ShellExecuteW 335->366 365->305 366->365
                                                                              APIs
                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 006690CB
                                                                                • Part of subcall function 00412F70: RegOpenKeyExW.KERNEL32(?,?,00000000,00000000,00000000), ref: 00412F9A
                                                                              • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00669150
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0066915C
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0066917B
                                                                              • GetLocalTime.KERNEL32(?,?,80000001,Software\Haihaisoft PDF Reader,00020019,7F608707,?,006B97BE,000000FF), ref: 00669188
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,006B97BE,000000FF), ref: 00669196
                                                                                • Part of subcall function 00412EB0: RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00412EEC
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0066939F
                                                                              • Sleep.KERNEL32(00002710,?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?), ref: 006694A1
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?,?,?,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00669525
                                                                              • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0066952E
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00669537
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0066957A
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00669668
                                                                              • ShellExecuteW.SHELL32(?,open,http://www.haihaisoft.com/PDF_Reader_download.aspx,00000000,00000000,0000000A), ref: 006696BA
                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 006696D2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorDebugHeap$Time$Base::Concurrency::details::ContextIdentityIterator_baseIterator_base::_QueueWorkstd::_$ByteCharExecuteFileLocalMultiOpenQueryShellSleepSystemValueWide
                                                                              • String ID: %I64u$1.5.7.0$Can not open UpdateDate from project's dialog.$Software\Haihaisoft PDF Reader$Software\Haihaisoft PDF Reader$UpdateDate$UpdateDate$UpdateDate$http://www.drm-x.com/pdfversion.htm$http://www.haihaisoft.com/PDF_Reader_download.aspx$open
                                                                              • API String ID: 3841633957-535597481
                                                                              • Opcode ID: 019d2486918842a677116384a6a9a9cd6d724158fa684c96a8dc4aababb14f56
                                                                              • Instruction ID: c1f4c4bf165e0e58833d5fa4290060c735bcb6ec509717d17a85ac743f5f4265
                                                                              • Opcode Fuzzy Hash: 019d2486918842a677116384a6a9a9cd6d724158fa684c96a8dc4aababb14f56
                                                                              • Instruction Fuzzy Hash: 21126FB0D00218AADB15EB61CD56BEEB779AF14304F1041ADE506772D1EF782B88CF69
                                                                              Function 00642830 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 303windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 742 642830-642840 743 642842-642849 742->743 744 64285f-642864 742->744 745 64284d-64285d call 641e40 743->745 746 64284b 743->746 747 642bc6-642bc9 744->747 748 642869-64287c call 63a0f0 745->748 746->748 753 64287e-642894 DefWindowProcW 748->753 754 642899-6428a6 748->754 753->747 755 6428a8-6428af 754->755 756 6428d9-6428eb 754->756 757 6428b5-6428c2 755->757 758 642b49-642b5d call 640eb0 755->758 759 6428f1-6428fb 756->759 760 642ba2-642bc2 call 419d30 DefWindowProcW 756->760 757->760 773 6428c8-6428d2 757->773 794 642bc4 758->794 759->760 761 642994-6429c1 call 63c3b0 759->761 762 6429c6-6429f3 call 641a50 759->762 763 642930-64295d call 63ea70 759->763 764 642902-642914 call 63b5f0 759->764 765 642962-64298f call 63dbb0 759->765 766 642aac-642ad8 call 641860 759->766 767 6429f8-642a05 call 4014b0 759->767 768 642b88-642ba0 call 63ed10 759->768 769 642919-64292b call 63b4b0 759->769 770 642a4a-642a76 call 63b770 759->770 771 642a7b-642aa7 call 63ada0 759->771 760->747 761->794 762->794 763->794 764->747 765->794 766->794 809 642a07-642a40 SetTimer call 639c00 767->809 810 642a43-642a45 767->810 768->747 769->747 770->794 771->794 773->756 773->760 781 642b13-642b25 call 63bb10 773->781 782 642b6d-642b7c IsIconic 773->782 783 642add-642aea call 4014b0 773->783 784 642b5f-642b63 call 63fab0 773->784 818 642b27-642b2c 781->818 819 642b31-642b47 DefWindowProcW 781->819 796 642b86 782->796 797 642b7e-642b81 call 637550 782->797 816 642aec-642afc call 650840 783->816 817 642afe-642b0b call 650f70 783->817 811 642b68-642b6b 784->811 794->747 796->794 797->796 809->810 810->747 811->794 825 642b0e 816->825 817->825 818->747 819->747 825->794
                                                                              APIs
                                                                              • DefWindowProcW.USER32(00000233,?,?,?), ref: 0064288E
                                                                              • IsIconic.USER32(?), ref: 00642B74
                                                                              • DefWindowProcW.USER32(00000233,000000F6,?,?), ref: 00642BBC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ProcWindow$Iconic
                                                                              • String ID: v
                                                                              • API String ID: 2406004095-1801730948
                                                                              • Opcode ID: 508c6db70f2ecd263fd117b232df33a1764dffd855a1df093b64fbd03d972313
                                                                              • Instruction ID: d36216e7015b10ab11e0a5f2e5005c7bc077f0d7fef9eaf51388dd760ca9451a
                                                                              • Opcode Fuzzy Hash: 508c6db70f2ecd263fd117b232df33a1764dffd855a1df093b64fbd03d972313
                                                                              • Instruction Fuzzy Hash: 76B190B590010AEBDB14DF99DD95DBF33BAEF88700F64892CB9069B281D634DA10DB61
                                                                              Function 004767EF Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceW.KERNEL32(?,?,00000005,?,?,?,?,00414918,?,?), ref: 0047681F
                                                                              • LoadResource.KERNEL32(?,00000000,?,?,?,?,00414918,?,?), ref: 00476827
                                                                              • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,?,00414918,?,?), ref: 0047683E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoad
                                                                              • String ID:
                                                                              • API String ID: 934874419-0
                                                                              • Opcode ID: b7d5c37a8ada17fc81ce1c01d095b72e4a7114f8b0290601ddbbc1af0da8114e
                                                                              • Instruction ID: ece10d7617d8ae23ae925d86ebb430554743c5b3698a4fdf538ea2cbd8b66aee
                                                                              • Opcode Fuzzy Hash: b7d5c37a8ada17fc81ce1c01d095b72e4a7114f8b0290601ddbbc1af0da8114e
                                                                              • Instruction Fuzzy Hash: A5F01D72501A14BBD7146BAA9C8CEEBBBADFF58365B058016F908C3351C77898018BB5
                                                                              Function 00644D70 Relevance: 77.7, APIs: 36, Strings: 8, Instructions: 738COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 644d70-644f5d CreatePen * 3 call 418aa0 * 2 call 405ff0 SelectObject call 415880 call 415bf0 FillRect SelectObject * 2 call 639aa0 call 643f60 call 429ef0 call 423350 SelectObject SetBkMode SetTextColor call 415bf0 FillRect call 418ba0 call 415da0 25 644f75-644f7e 0->25 26 644f5f-644f73 0->26 27 644f84-644fc9 call 429ef0 25->27 26->27 30 644fd4-644fde call 4260c0 27->30 31 644fcb-644fd2 27->31 33 644fe7-645057 call 405ff0 SelectObject call 637fa0 call 4129d0 GetTextExtentPoint32W call 423350 30->33 36 644fe0 30->36 31->33 44 645065-6450a0 call 415bf0 DrawTextW call 405ff0 33->44 45 645059-645062 33->45 36->33 49 6450a5-6450f5 SelectObject GetStockObject SelectObject call 423230 44->49 45->44 53 64554a-645566 49->53 54 6450fb-64511f 49->54 55 64557d 53->55 56 645568-64557b call 418140 53->56 59 645545 54->59 60 645125-64513f call 4260c0 54->60 61 645587-645643 SetTextColor SelectObject call 423350 call 637fa0 call 4129d0 GetTextExtentPoint32W call 423350 55->61 56->61 59->53 67 645175-6451fe call 415c80 call 498dd0 * 2 call 423350 60->67 68 645141-645148 60->68 83 645654-6457ac call 415bf0 DrawTextW call 423350 call 60ab60 call 417cd0 call 415ba0 call 418a50 call 418cc0 SelectObject DeleteObject * 3 call 418ad0 * 2 call 48fa8e 61->83 84 645645-645651 61->84 91 645215-64521f 67->91 92 645200-64520f 67->92 70 64514a-645159 68->70 71 64515b-645161 68->71 75 645167-645170 70->75 71->75 75->59 84->83 94 645221-645235 call 644960 91->94 95 64523b-6452ca CreateRoundRectRgn SelectClipRgn call 4187a0 call 418270 call 423350 91->95 92->91 94->95 103 645343-6453d4 RoundRect call 498dd0 call 423350 94->103 114 6452cc-6452d5 call 418a00 95->114 115 6452da-64531a call 4187d0 95->115 118 6453d6-6453e2 103->118 119 6453e8-64545f call 415bf0 call 60cbe0 DrawTextW SHGetFileInfoW 103->119 114->115 128 64531c-645325 call 418a00 115->128 129 64532a-64533d SelectClipRgn DeleteObject 115->129 118->119 136 645461-645489 call 498dd0 119->136 137 64548b-645491 119->137 128->129 129->103 140 645497-645540 ImageList_Draw call 417cd0 call 418a50 call 418cc0 136->140 137->140 140->59
                                                                              APIs
                                                                              • CreatePen.GDI32(00000000,00000002,00000000), ref: 00644DA5
                                                                              • CreatePen.GDI32(00000000,00000001,00000000), ref: 00644DB4
                                                                              • CreatePen.GDI32(00000000,00000001,00A02000), ref: 00644DC6
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00644E0D
                                                                                • Part of subcall function 00415880: GetClientRect.USER32(?,?), ref: 00415899
                                                                              • FillRect.USER32(00000000,00000000,?), ref: 00644E43
                                                                              • SelectObject.GDI32(00000000,?), ref: 00644E54
                                                                              • SelectObject.GDI32(00000000,?), ref: 00644E62
                                                                                • Part of subcall function 00643F60: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00643F69
                                                                                • Part of subcall function 00643F60: SelectObject.GDI32(006442F1,00000000), ref: 00643FA1
                                                                                • Part of subcall function 00643F60: GetTextExtentPoint32W.GDI32(006442F1,00937DC0,00000000,?), ref: 00643FCA
                                                                                • Part of subcall function 00643F60: SelectObject.GDI32(006442F1,00000000), ref: 00643FEC
                                                                                • Part of subcall function 00643F60: GetTextExtentPoint32W.GDI32(006442F1,00937DEC,00000000), ref: 00644012
                                                                                • Part of subcall function 00643F60: GetTextExtentPoint32W.GDI32(006442F1,00937E00,00000000,?), ref: 0064403E
                                                                                • Part of subcall function 00643F60: SelectObject.GDI32(006442F1,?), ref: 00644075
                                                                              • _Smanip.LIBCPMTD ref: 00644E97
                                                                              • SelectObject.GDI32(00000000,?), ref: 00644EBF
                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00644ECB
                                                                              • SetTextColor.GDI32(00000000,00000000), ref: 00644ED7
                                                                              • FillRect.USER32(00000000,00000000,?), ref: 00644F0A
                                                                              • _Smanip.LIBCPMTD ref: 00644FC0
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00644FF4
                                                                              • GetTextExtentPoint32W.GDI32(00000000,?,00000000,?), ref: 00645023
                                                                              • DrawTextW.USER32(00000000,?,000000FF,00000000,?), ref: 00645097
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 006450AA
                                                                              • GetStockObject.GDI32(00000005), ref: 006450B2
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 006450BD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Select$Text$ExtentPoint32$CreateRect$FillSmanip$ClientColorDrawIterator_baseIterator_base::_ModeStockstd::_
                                                                              • String ID: ($2$<File,Open>$Frequently Read$MS Shell Dlg$MS Shell Dlg$Open a document...$h+d
                                                                              • API String ID: 2914221128-591920416
                                                                              • Opcode ID: 00c91d24f2a109596614ed75f9e2158dd43a2f6472dcb7bfc4db767679b180da
                                                                              • Instruction ID: b1515a250d353ee09ac4d73608add2d97cea9957ca96e55033614d5af69ab9fe
                                                                              • Opcode Fuzzy Hash: 00c91d24f2a109596614ed75f9e2158dd43a2f6472dcb7bfc4db767679b180da
                                                                              • Instruction Fuzzy Hash: E3621CB5A002189FCB14DFA8DC95FEEB7B9BF48304F14819DF50AA7291DA34AA41CF54
                                                                              Function 006671B0 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 243memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • _memset.LIBCMT ref: 00667201
                                                                              • _memset.LIBCMT ref: 00667230
                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00000800,00000000,00000000,?,00947044,%20), ref: 00667263
                                                                              • __snprintf.LIBCMT ref: 006672E1
                                                                              • __snprintf.LIBCMT ref: 00667316
                                                                              • __snprintf.LIBCMT ref: 0066734B
                                                                                • Part of subcall function 004922A9: __output_l.LIBCMT ref: 0049232B
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00667407
                                                                              • Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack.LIBCPMTD ref: 006674D4
                                                                              • Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack.LIBCPMTD ref: 006674DE
                                                                              • Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack.LIBCPMTD ref: 006674E8
                                                                              • Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack.LIBCPMTD ref: 006674F5
                                                                              • Concurrency::details::_Task_impl_base::_SetTaskCreationCallstack.LIBCPMTD ref: 00667502
                                                                              • Concurrency::details::WorkQueue::PushUnstructured.LIBCMTD ref: 0066750C
                                                                              • Concurrency::details::FairScheduleGroupSegment::AddToRunnablesCollection.LIBCMTD ref: 00667516
                                                                              • Concurrency::details::FairScheduleGroupSegment::AddToRunnablesCollection.LIBCMTD ref: 00667520
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CallstackConcurrency::details::_CreationTaskTask_impl_base::_$Concurrency::details::__snprintf$CollectionFairGroupRunnablesScheduleSegment::_memset$AllocatorByteCharDebugHeapMultiPushQueue::UnstructuredWideWork__output_l
                                                                              • String ID: %%%02x$%%%02x$%%%02x$%20$HDM$HDM$ftp$http$http=http://$https
                                                                              • API String ID: 1546753024-2766885421
                                                                              • Opcode ID: c67f225da275ff9a8be54d7069c25817da1ada7e757aaab1f9a2298c1245fb3f
                                                                              • Instruction ID: 7866a58c7d81386a7eab949e1db479cbae5b581b43cbb8798a3354ba4fc0a36d
                                                                              • Opcode Fuzzy Hash: c67f225da275ff9a8be54d7069c25817da1ada7e757aaab1f9a2298c1245fb3f
                                                                              • Instruction Fuzzy Hash: 07A17D70A04218ABDB14EF54CC52BEEB7B5FF44344F0484A9F5456B2C2DBB46A81CF98
                                                                              Function 00650CF0 Relevance: 42.1, APIs: 17, Strings: 7, Instructions: 148windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • CreateMenu.USER32 ref: 00650CF6
                                                                              • CreateMenu.USER32 ref: 00650CFF
                                                                                • Part of subcall function 00637FA0: _calloc.LIBCMT ref: 00637FB6
                                                                              • AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650D2C
                                                                              • CreateMenu.USER32 ref: 00650D32
                                                                                • Part of subcall function 00650450: AppendMenuW.USER32(00650BEF,00000800,00000000,00000000), ref: 006504E6
                                                                                • Part of subcall function 00650450: AppendMenuW.USER32(00650BEF,00000000,00650BEF,00000000), ref: 0065051E
                                                                              • AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650D63
                                                                              • CreateMenu.USER32 ref: 00650D69
                                                                                • Part of subcall function 00650450: AppendMenuW.USER32(00650BEF,00000000,00650BEF,?), ref: 0065054B
                                                                              • AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650D9A
                                                                              • CreateMenu.USER32 ref: 00650DA0
                                                                              • AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650DD1
                                                                              • CreateMenu.USER32 ref: 00650DE8
                                                                              • AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650E19
                                                                              • CreateMenu.USER32 ref: 00650E1F
                                                                              • AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650E50
                                                                              • CreateMenu.USER32 ref: 00650E56
                                                                              • AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650E87
                                                                              • GetParent.USER32(00000233), ref: 00650E98
                                                                              • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00650E9F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Append$Create$CallbackDispatcherParentUser_calloc
                                                                              • String ID: &File$&Go To$&Help$&Settings$&View$&Zoom$F&avorites
                                                                              • API String ID: 785040586-323063042
                                                                              • Opcode ID: cbdf7b98731d8e50efbd2719ddf75489595ac8cf8fb9a9df82678b33a307bce2
                                                                              • Instruction ID: 4248887f642404868e77cf6c477b72ddc865b699f4d44adbf34ee48608b1c4be
                                                                              • Opcode Fuzzy Hash: cbdf7b98731d8e50efbd2719ddf75489595ac8cf8fb9a9df82678b33a307bce2
                                                                              • Instruction Fuzzy Hash: 345143B9D40208BFEB40EFA4EC4EEBE7779EB44705F144068F90596245E6719A40CBB1
                                                                              Function 00612760 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 397networkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 486 612760-6127a2 call 4971c2 489 6127a4-6127ab 486->489 490 6127ad-6127c0 call 4971c2 486->490 491 6127e7-612815 call 4918b0 call 4101d0 489->491 496 6127c2-6127c9 490->496 497 6127cb-6127de call 4971c2 490->497 503 612822-61283e call 4286f0 call 405ff0 491->503 504 612817-612820 491->504 496->491 497->491 502 6127e0 497->502 502->491 522 612840-612859 call 4286c0 503->522 523 61285e-61287d call 428870 call 405ff0 * 2 503->523 504->503 505 612880-612887 504->505 507 612889-6128ac call 46b95e 505->507 508 6128d8-6128e1 505->508 520 6128b5-6128b9 507->520 521 6128ae-6128d6 call 611440 507->521 510 6128e3-6128ed 508->510 511 612945-61295a call 497306 508->511 510->511 514 6128ef-612940 call 496e90 * 2 510->514 526 612960-612979 InternetCanonicalizeUrlA 511->526 527 612a6a-612a77 call 496e90 511->527 545 612bdd-612be4 514->545 520->508 521->505 543 612cc6-612cd7 522->543 523->505 533 612a68 526->533 534 61297f-61299a call 46b953 GetLastError 526->534 539 612a7a-612b48 call 491940 call 497306 InternetCrackUrlA 527->539 533->539 553 6129a0-6129a7 534->553 554 612a49-612a63 call 611400 call 4286c0 534->554 573 612b7b-612b91 call 46b953 539->573 574 612b4a-612b76 call 46b953 call 611400 call 4286c0 539->574 549 612bea-612bf7 545->549 550 612cad-612cc3 call 4286c0 545->550 549->550 557 612bfd-612c0a 549->557 550->543 560 6129a9-6129cf call 46b95e 553->560 561 6129fb-612a14 InternetCanonicalizeUrlA 553->561 554->543 557->550 565 612c10-612c41 call 495c80 call 4918b0 557->565 576 6129d1-6129f9 call 611440 560->576 577 6129d8-6129dc 560->577 566 612a47 561->566 567 612a16-612a42 call 46b953 call 611400 call 4286c0 561->567 596 612c43-612c5c call 4286c0 565->596 597 612c5e-612caa call 496f90 call 496e90 565->597 566->533 567->543 590 612b93-612b9a 573->590 591 612bd5-612bd8 call 6125f0 573->591 574->543 576->553 577->561 590->591 598 612b9c-612ba3 590->598 591->545 596->543 597->550 598->591 603 612ba5-612bac 598->603 603->591 608 612bae-612bb5 603->608 608->591 611 612bb7-612bd0 call 4286c0 608->611 611->543
                                                                              APIs
                                                                              • _strlen.LIBCMT ref: 006127EB
                                                                                • Part of subcall function 00428870: _strlen.LIBCMT ref: 00428885
                                                                              • InternetCanonicalizeUrlA.WININET(?,00000000,?,02000000), ref: 00612971
                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 00612991
                                                                              • InternetCanonicalizeUrlA.WININET(?,00000000,?,02000000), ref: 00612A0C
                                                                              • _strcspn.LIBCMT ref: 00612C1F
                                                                              • _strlen.LIBCMT ref: 00612C36
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$CanonicalizeInternet$ErrorLast_strcspn
                                                                              • String ID: file$file://$ftp://$ftp://$http://$https://
                                                                              • API String ID: 4164098615-54636951
                                                                              • Opcode ID: f4fee8ecdcdfcdd9a856efc2bf8679a07a8ef101a9fb6c34cdec5ac43076ef92
                                                                              • Instruction ID: e63f6e51c3ad49a2ffe003bafab8b79626072e91afa4c2857f75f757496765b5
                                                                              • Opcode Fuzzy Hash: f4fee8ecdcdfcdd9a856efc2bf8679a07a8ef101a9fb6c34cdec5ac43076ef92
                                                                              • Instruction Fuzzy Hash: CFF171B0D00249DFDB04DF99C895BEEBBB2BF44308F18812DE505AB385E7389995CB95
                                                                              Function 00480C90 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 615 480c90-480cb1 EnterCriticalSection 616 480cc0-480cc5 615->616 617 480cb3-480cba 615->617 619 480ce2-480cea 616->619 620 480cc7-480cca 616->620 617->616 618 480d7e-480d81 617->618 622 480d89-480da7 LeaveCriticalSection 618->622 623 480d83-480d86 618->623 624 480cec-480cff call 46bd88 GlobalAlloc 619->624 625 480d01-480d25 GlobalHandle GlobalUnlock call 46bd88 GlobalReAlloc 619->625 621 480ccd-480cd0 620->621 627 480cda-480cdc 621->627 628 480cd2-480cd8 621->628 623->622 632 480d2b-480d2d 624->632 625->632 627->618 627->619 628->621 628->627 633 480d2f-480d34 632->633 634 480d52-480d7b GlobalLock call 491940 632->634 635 480d44-480d4d LeaveCriticalSection call 46bbe0 633->635 636 480d36-480d3e GlobalHandle GlobalLock 633->636 634->618 635->634 636->635
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(009E488C,?,?,?,009E4870,009E4870,?,004810CB,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2), ref: 00480CA3
                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,009E4870,009E4870,?,004810CB,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2), ref: 00480CF9
                                                                              • GlobalHandle.KERNEL32(00CD5A88), ref: 00480D02
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00480D0C
                                                                              • GlobalReAlloc.KERNEL32(00412BB2,00000000,00002002), ref: 00480D25
                                                                              • GlobalHandle.KERNEL32(00CD5A88), ref: 00480D37
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00480D3E
                                                                              • LeaveCriticalSection.KERNEL32(00412C18,?,?,?,009E4870,009E4870,?,004810CB,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2), ref: 00480D47
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00480D53
                                                                              • _memset.LIBCMT ref: 00480D6D
                                                                              • LeaveCriticalSection.KERNEL32(00412C18,?,00412BB2,00412C18,00412C18,00000000), ref: 00480D9B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                              • String ID:
                                                                              • API String ID: 496899490-0
                                                                              • Opcode ID: c5e7ad8dff429c6563fa7ffb4f1ff08028c27c6bf7ba9520e71a2a79e9bbb944
                                                                              • Instruction ID: 92269fc9e3a707415756562ee01b877c69b73c727aac48c55ab59943e61fe873
                                                                              • Opcode Fuzzy Hash: c5e7ad8dff429c6563fa7ffb4f1ff08028c27c6bf7ba9520e71a2a79e9bbb944
                                                                              • Instruction Fuzzy Hash: 3D318E71500704AFD724AFA5CC89E6ABBE9FF44305B00892EE486D7661DB38F949CB64
                                                                              Function 0063FAB0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 171COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • BeginPaint.USER32(00000076,?), ref: 0063FACB
                                                                              • SetBkMode.GDI32(?,00000001), ref: 0063FBAB
                                                                              • FillRect.USER32(?,?,?), ref: 0063FBBF
                                                                              • FillRect.USER32(?,?,?), ref: 0063FC5C
                                                                                • Part of subcall function 00644D70: CreatePen.GDI32(00000000,00000002,00000000), ref: 00644DA5
                                                                                • Part of subcall function 00644D70: CreatePen.GDI32(00000000,00000001,00000000), ref: 00644DB4
                                                                                • Part of subcall function 00644D70: CreatePen.GDI32(00000000,00000001,00A02000), ref: 00644DC6
                                                                                • Part of subcall function 00644D70: SelectObject.GDI32(00000000,00000000), ref: 00644E0D
                                                                                • Part of subcall function 00644D70: FillRect.USER32(00000000,00000000,?), ref: 00644E43
                                                                                • Part of subcall function 00644D70: SelectObject.GDI32(00000000,?), ref: 00644E54
                                                                                • Part of subcall function 00644D70: SelectObject.GDI32(00000000,?), ref: 00644E62
                                                                                • Part of subcall function 00644D70: _Smanip.LIBCPMTD ref: 00644E97
                                                                              • FillRect.USER32(?,?,?), ref: 0063FC73
                                                                              • EndPaint.USER32(00000076,?), ref: 0063FCB7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FillRect$CreateObjectSelect$Paint$BeginModeSmanip
                                                                              • String ID: Error loading %s$MS Shell Dlg$h+d
                                                                              • API String ID: 1614165625-2233427300
                                                                              • Opcode ID: 6fa77673da6ffd20643327af0266937c571558d072448949933c42bf0a9ec48a
                                                                              • Instruction ID: bafbc72adf59c5fdd0d19cd5991c5236cde3d83172b4a81aaf3229476a9dbfb9
                                                                              • Opcode Fuzzy Hash: 6fa77673da6ffd20643327af0266937c571558d072448949933c42bf0a9ec48a
                                                                              • Instruction Fuzzy Hash: 065174B5910108EBCB48EF94DC95DFE77BAFF88304F44816DF4069B291DA34A946CBA4
                                                                              Function 0063FCD0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 169COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • CreateWindowExW.USER32(00020000,SUMATRA_PDF_CANVAS,00000000,40300000,00000000,00000000,00000000,00000000,00010462,00000000,00400000,00000000), ref: 0063FDD7
                                                                              • codecvt.LIBCPMTD ref: 0063FE03
                                                                                • Part of subcall function 00620D60: MonitorFromRect.USER32(00000000,?), ref: 00620DA7
                                                                                • Part of subcall function 00620D60: GetMonitorInfoW.USER32(00000000), ref: 00620DAE
                                                                                • Part of subcall function 00620D60: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00620DC2
                                                                                • Part of subcall function 00620D60: GetSystemMetrics.USER32(00000004), ref: 00620E4B
                                                                              • ShowScrollBar.USER32(00000000,00000003,00000000), ref: 0063FE26
                                                                                • Part of subcall function 00650CF0: CreateMenu.USER32 ref: 00650CF6
                                                                                • Part of subcall function 00650CF0: CreateMenu.USER32 ref: 00650CFF
                                                                                • Part of subcall function 00650CF0: AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650D2C
                                                                                • Part of subcall function 00650CF0: CreateMenu.USER32 ref: 00650D32
                                                                                • Part of subcall function 00650CF0: AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650D63
                                                                                • Part of subcall function 00650CF0: CreateMenu.USER32 ref: 00650D69
                                                                                • Part of subcall function 00650CF0: AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650D9A
                                                                                • Part of subcall function 00650CF0: CreateMenu.USER32 ref: 00650DA0
                                                                                • Part of subcall function 00650CF0: AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650DD1
                                                                                • Part of subcall function 00650CF0: CreateMenu.USER32 ref: 00650DE8
                                                                                • Part of subcall function 00650CF0: AppendMenuW.USER32(?,00000010,?,00000000), ref: 00650E19
                                                                                • Part of subcall function 00650CF0: CreateMenu.USER32 ref: 00650E1F
                                                                              • ShowWindow.USER32(00000000,00000005), ref: 0063FE4A
                                                                              • UpdateWindow.USER32(00000000), ref: 0063FE57
                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,80000003,80000000,80000000,80000000,80000000,00000000,00000000,00400000,00000000), ref: 0063FE91
                                                                                • Part of subcall function 0063F9F0: CreateWindowExW.USER32(00000000,Spliter,009366A4,40000000,00000000,00000000,00000000,00000000,6A04C483,00000000,00400000,00000000), ref: 0063FA1D
                                                                                • Part of subcall function 0063F9F0: InvalidateRect.USER32(?,00000000,00000001,?,?), ref: 0063FA60
                                                                                • Part of subcall function 0063F9F0: UpdateWindow.USER32(?), ref: 0063FA70
                                                                                • Part of subcall function 0063F9F0: InvalidateRect.USER32(?,00000000,00000001,?,?), ref: 0063FA8F
                                                                                • Part of subcall function 0063F9F0: UpdateWindow.USER32(?), ref: 0063FA9F
                                                                                • Part of subcall function 00638100: SetClassLongW.USER32(FFDDABCF,000000F4,?), ref: 00638122
                                                                                • Part of subcall function 00638100: HideCaret.USER32(00000000), ref: 0063812A
                                                                              • DragAcceptFiles.SHELL32(00000000,00000001), ref: 0063FECD
                                                                                • Part of subcall function 0063D860: GetWindowLongW.USER32(00000233,000000EC), ref: 0063D877
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Create$Window$Append$RectUpdate$InfoInvalidateLongMonitorShowSystem$AcceptCaretClassDragFilesFromHideMetricsParametersScrollcodecvt
                                                                              • String ID: SUMATRA_PDF_CANVAS$tooltips_class32
                                                                              • API String ID: 1479564900-3751148558
                                                                              • Opcode ID: c0f6570052fe8730128a415fb953a2dc5503fe5e5af04a94e169c396d50b9fa5
                                                                              • Instruction ID: fe0e070b6dd25f94e84c21c76ce377745165447971cd23dbcf1dde1a57677a72
                                                                              • Opcode Fuzzy Hash: c0f6570052fe8730128a415fb953a2dc5503fe5e5af04a94e169c396d50b9fa5
                                                                              • Instruction Fuzzy Hash: DA61F5B5E04208AFDB18DF94EC85FAEB7B6FB48304F204529E905AB391D775A901CF94
                                                                              Function 00621430 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 157COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .exe$Install_Dir$Install_Dir$Software\Haihaisoft PDF Reader$Software\Haihaisoft PDF Reader
                                                                              • API String ID: 0-2964968855
                                                                              • Opcode ID: 71631835a14ab522c2af091f050298daa3054e6155ecd51f0b7d40bedf82bdcc
                                                                              • Instruction ID: aedaa6d1a62912552f600a41438e4e1c37bd0b4d5973e59fc448a5468d1c23f7
                                                                              • Opcode Fuzzy Hash: 71631835a14ab522c2af091f050298daa3054e6155ecd51f0b7d40bedf82bdcc
                                                                              • Instruction Fuzzy Hash: 4E51A170C08159AADB04EBA1FC66BEE7779AF25308F4001ADA41676183EF781B48DF59
                                                                              Function 004763FC Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 913 4763fc-476412 call 497d67 916 476414-47641c call 4736e0 913->916 917 47641f-476448 call 4736e0 call 471797 * 2 call 46f16d 913->917 916->917 928 476475 917->928 929 47644a-47645a 917->929 930 476478-47647a 928->930 932 47645c-47645e 929->932 934 476463-476473 929->934 930->932 933 47647c-4764a7 call 405cf0 call 4841fb 930->933 935 4765af-4765b4 call 497e0c 932->935 943 4764a9-4764db call 4841bf call 48411b call 483e57 call 483e49 933->943 944 4764e8-4764fb call 470801 933->944 934->930 943->944 965 4764dd-4764e6 GlobalLock 943->965 950 476501 944->950 951 4764fd-4764ff 944->951 952 476504-47651d CreateDialogIndirectParamW call 413830 950->952 951->952 956 476522-476551 952->956 960 476553-476555 956->960 961 47656b-476572 call 46eb21 956->961 960->961 963 476557-476563 960->963 968 476574-476576 961->968 969 47657e-476580 961->969 963->961 965->944 968->969 970 476582-476586 969->970 971 476591-476594 969->971 970->971 972 476588-47658f DestroyWindow 970->972 973 476596-4765a2 GlobalUnlock GlobalFree 971->973 974 4765a8-4765ac 971->974 972->971 973->974 974->935
                                                                              APIs
                                                                              • __EH_prolog3_catch.LIBCMT ref: 00476403
                                                                              • GlobalLock.KERNEL32(?), ref: 004764E0
                                                                              • CreateDialogIndirectParamW.USER32(?,?,?,00475E36,00000000), ref: 0047650F
                                                                              • DestroyWindow.USER32(00000000), ref: 00476589
                                                                              • GlobalUnlock.KERNEL32(?), ref: 00476599
                                                                              • GlobalFree.KERNEL32(?), ref: 004765A2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                                                                              • String ID:
                                                                              • API String ID: 3003189058-0
                                                                              • Opcode ID: b637cbe5b81748e73fa8bc25b45f04cb39f6d1df117c797dd2258867caebe2e8
                                                                              • Instruction ID: 27ae353ff8a987d7009c46998b2b6c95c382f64f5c41455cbd911701461670ed
                                                                              • Opcode Fuzzy Hash: b637cbe5b81748e73fa8bc25b45f04cb39f6d1df117c797dd2258867caebe2e8
                                                                              • Instruction Fuzzy Hash: 8F51B531900609EFCF14EFA4C8899FE7BB6AF44314F15442EF506A7291CB389E41DB69
                                                                              Function 0060C9A0 Relevance: 9.1, APIs: 6, Instructions: 115fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 975 60c9a0-60c9ed CreateFileW * 2 976 60ca54-60ca6e CloseHandle * 2 975->976 977 60c9ef-60c9f3 975->977 978 60ca70-60ca73 976->978 979 60ca78-60caac call 60c770 call 41aad0 call 60c770 call 41aad0 call 405ff0 976->979 977->976 980 60c9f5-60ca05 GetFileInformationByHandle 977->980 981 60cb0f-60cb12 978->981 999 60caba-60cad7 call 424740 * 2 979->999 1000 60caae-60cab8 call 405ff0 979->1000 980->976 983 60ca07-60ca17 GetFileInformationByHandle 980->983 983->976 985 60ca19-60ca1f 983->985 987 60ca21-60ca27 985->987 988 60ca3d 985->988 987->988 989 60ca29-60ca2f 987->989 990 60ca47-60ca50 988->990 989->988 992 60ca31-60ca3b 989->992 990->976 992->990 999->981 1000->999 1005 60cad9-60cb09 call 405ff0 * 2 call 609660 call 424740 * 2 1000->1005 1005->981
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(?,00000000,00000000,00000000,00000003,02000000,00000000), ref: 0060C9C4
                                                                              • CreateFileW.KERNEL32(0062161D,00000000,00000000,00000000,00000003,02000000,00000000), ref: 0060C9E0
                                                                              • GetFileInformationByHandle.KERNEL32(000000FF,?), ref: 0060C9FD
                                                                              • GetFileInformationByHandle.KERNEL32(000000FF,?), ref: 0060CA0F
                                                                              • CloseHandle.KERNEL32(000000FF), ref: 0060CA58
                                                                              • CloseHandle.KERNEL32(?), ref: 0060CA62
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandle$CloseCreateInformation
                                                                              • String ID:
                                                                              • API String ID: 1240749428-0
                                                                              • Opcode ID: 71c210d324ba6e37c7d1730bd2f28abe40b336f0fe041f0a21cbe3fae61eeb96
                                                                              • Instruction ID: 2647f3e5aa775fc8df4631f500ec774e0a03c46753fb71c4a925084984292b6c
                                                                              • Opcode Fuzzy Hash: 71c210d324ba6e37c7d1730bd2f28abe40b336f0fe041f0a21cbe3fae61eeb96
                                                                              • Instruction Fuzzy Hash: 7E41B130A40248AADB14DBA0DC96FFFBB7AAF00314F508258E452762C1DF749A49DB64
                                                                              Function 0060C770 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1018 60c770-60c78d GetFullPathNameW 1019 60c796-60c7ab call 493b45 1018->1019 1020 60c78f-60c791 1018->1020 1024 60c7b1-60c7da GetFullPathNameW GetLongPathNameW 1019->1024 1025 60c7ad-60c7af 1019->1025 1021 60c81c-60c81f 1020->1021 1026 60c7e1-60c7fa call 496c70 1024->1026 1027 60c7dc-60c7df 1024->1027 1025->1021 1030 60c801-60c819 GetLongPathNameW 1026->1030 1031 60c7fc-60c7ff 1026->1031 1027->1021 1030->1021 1031->1021
                                                                              APIs
                                                                              • GetFullPathNameW.KERNEL32(0060B4BC,00000000,00000000,00000000,?,0060B4BC,?), ref: 0060C780
                                                                              • _calloc.LIBCMT ref: 0060C79C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FullNamePath_calloc
                                                                              • String ID:
                                                                              • API String ID: 2167540251-0
                                                                              • Opcode ID: 7489681e3abc9af1c37051a1a2342954441fbcc9022638c7ea3c9cea18969dad
                                                                              • Instruction ID: 13ff66cd4d6ec96eb709b978bf1abfd5f885358e4f04085e1fea075094a80d10
                                                                              • Opcode Fuzzy Hash: 7489681e3abc9af1c37051a1a2342954441fbcc9022638c7ea3c9cea18969dad
                                                                              • Instruction Fuzzy Hash: 97210875E80208FFDB04DBA8D849F9EBBB9AB48711F108598F515A7280D775AA40CF54
                                                                              Function 00471797 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1032 471797-4717af call 4736e0 1035 4717b1-4717b4 1032->1035 1036 4717b9-4717f4 call 491940 call 4736e0 1032->1036 1037 471a85-471a86 1035->1037 1042 4717f6-47180f call 471494 1036->1042 1043 471812-471816 1036->1043 1042->1043 1051 471811 1042->1051 1045 471836-47183a 1043->1045 1046 471818-471831 call 471494 1043->1046 1049 47185d-471861 1045->1049 1050 47183c-471858 call 471494 1045->1050 1046->1045 1058 471833 1046->1058 1054 471883-471886 1049->1054 1055 471863-47187e call 471753 1049->1055 1050->1049 1065 47185a 1050->1065 1051->1043 1056 4718af-4718b3 1054->1056 1057 471888-4718a4 call 471753 1054->1057 1055->1054 1066 471880 1055->1066 1063 4718b5-4718cc call 46f114 1056->1063 1064 4718d3-4718d7 1056->1064 1067 4718a9-4718ab 1057->1067 1058->1045 1063->1064 1069 4718ed-4718f1 1064->1069 1070 4718d9-4718eb call 46f114 1064->1070 1065->1049 1066->1054 1067->1056 1073 4718ad 1067->1073 1071 4718f3-471908 call 46f114 1069->1071 1072 47190a-471912 1069->1072 1070->1069 1071->1072 1077 471914-471921 call 46f114 1072->1077 1078 471923-47192b 1072->1078 1073->1056 1077->1078 1082 471940-471948 1078->1082 1083 47192d-47193e call 46f114 1078->1083 1086 47195d-471965 1082->1086 1087 47194a-47195b call 46f114 1082->1087 1083->1082 1088 471967-471978 call 46f114 1086->1088 1089 47197a-471982 1086->1089 1087->1086 1088->1089 1093 471997-47199f 1089->1093 1094 471984-471995 call 46f114 1089->1094 1098 4719b4-4719bc 1093->1098 1099 4719a1-4719b2 call 46f114 1093->1099 1094->1093 1102 4719be-4719cb call 46f114 1098->1102 1103 4719cd-4719d5 1098->1103 1099->1098 1102->1103 1104 4719d7-4719e4 call 46f114 1103->1104 1105 4719e6-4719ee 1103->1105 1104->1105 1109 471a03-471a0b 1105->1109 1110 4719f0-471a01 call 46f114 1105->1110 1114 471a20-471a28 1109->1114 1115 471a0d-471a1e call 46f114 1109->1115 1110->1109 1118 471a2a-471a37 call 46f114 1114->1118 1119 471a39-471a41 1114->1119 1115->1114 1118->1119 1120 471a56-471a6a 1119->1120 1121 471a43-471a54 call 46f114 1119->1121 1125 471a75-471a84 1120->1125 1126 471a6c-471a72 1120->1126 1121->1120 1125->1037 1126->1125
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: @$@$AfxFrameOrView90su$AfxMDIFrame90su
                                                                              • API String ID: 2102423945-1093365818
                                                                              • Opcode ID: 3a4aaa0e8221fe003d7101753d78b33a5e0207a4c1967542610fd3516d963728
                                                                              • Instruction ID: b1f300a231ae526e9e431edace2114bfc2dfc7a7d8374d9e294f8d00cad741f8
                                                                              • Opcode Fuzzy Hash: 3a4aaa0e8221fe003d7101753d78b33a5e0207a4c1967542610fd3516d963728
                                                                              • Instruction Fuzzy Hash: 729199B1C00208AADB50DFE9D485BDEBFF8AF05384F14C06AF94CE6151E7788A45C7A5
                                                                              Function 0060BCD0 Relevance: 7.6, APIs: 5, Instructions: 81registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1129 60bcd0-60bcdd 1130 60bce4-60bd03 RegOpenKeyExW 1129->1130 1131 60bd05-60bd24 RegQueryValueExW 1130->1131 1132 60bd77-60bd7b 1130->1132 1135 60bd26-60bd5d call 493b45 RegQueryValueExW 1131->1135 1136 60bd6d-60bd71 RegCloseKey 1131->1136 1133 60bd9b-60bd9f 1132->1133 1134 60bd7d-60bd84 1132->1134 1138 60bda1-60bda5 1133->1138 1139 60bdb3-60bdb9 1133->1139 1134->1133 1137 60bd86-60bd8d 1134->1137 1135->1136 1144 60bd5f-60bd6a call 4139f0 1135->1144 1136->1132 1137->1133 1142 60bd8f-60bd96 1137->1142 1138->1139 1143 60bda7-60bdb0 call 60aec0 1138->1143 1142->1130 1143->1139 1144->1136
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNEL32(00000000,00020019,00000000,00020019,00000000,80000002), ref: 0060BCF6
                                                                              • RegQueryValueExW.ADVAPI32(80000002,00000000,00000000,00000000,00000000,?), ref: 0060BD17
                                                                              • _calloc.LIBCMT ref: 0060BD31
                                                                              • RegQueryValueExW.ADVAPI32(80000002,00000000,00000000,00000000,00000000,?), ref: 0060BD50
                                                                              • RegCloseKey.ADVAPI32(80000002), ref: 0060BD71
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: QueryValue$CloseOpen_calloc
                                                                              • String ID:
                                                                              • API String ID: 4018271504-0
                                                                              • Opcode ID: 251cb0fc433838c53bd7e68d1cb824f0d0e5b03a6460f1dbf4dcba7cfe70b99b
                                                                              • Instruction ID: 6351e1897714edebda5d7f1ab961564ec34aa65e48a1dddebeda952984e0398a
                                                                              • Opcode Fuzzy Hash: 251cb0fc433838c53bd7e68d1cb824f0d0e5b03a6460f1dbf4dcba7cfe70b99b
                                                                              • Instruction Fuzzy Hash: D03136B5E40208EBDF18CF94D94ABEFB7BAAF08305F109559E601672C0D3B49A44DBA1
                                                                              Function 00611600 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00611450: InternetCloseHandle.WININET(347402F0), ref: 00611467
                                                                              • InternetOpenA.WININET(00000001,00000003,00000000,-00000001,00000000), ref: 006116C6
                                                                              • InternetSetOptionW.WININET(00000000,00000046,00000001,00000004), ref: 006116F8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Internet$CloseHandleOpenOption
                                                                              • String ID: Internet Explorer
                                                                              • API String ID: 1650374455-1412615936
                                                                              • Opcode ID: 86551f3f54a142382c8edf93dbb4f858327c507565c3a797e39eeaa732bf27eb
                                                                              • Instruction ID: 6e8b2a715d0fb3f2953e13339134ed43d64361a05c9d29e3b7e5de06d5cd3d39
                                                                              • Opcode Fuzzy Hash: 86551f3f54a142382c8edf93dbb4f858327c507565c3a797e39eeaa732bf27eb
                                                                              • Instruction Fuzzy Hash: 40318F70A00208EBDB04DF98C854BFE77B6FB95305F18814DE6129B281CB759A85CB96
                                                                              Function 00639E70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00638070: SendMessageW.USER32(6A0E75D2,00000481,00000000,00000000), ref: 00638083
                                                                              • ShowScrollBar.USER32(0C4D8B00,00000003,00000000,00000000,00000000,0064070E), ref: 00639ED0
                                                                              • GetParent.USER32(00000233), ref: 00639EF1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageParentScrollSendShow
                                                                              • String ID: Haihaisoft PDF Reader
                                                                              • API String ID: 4112323094-763528247
                                                                              • Opcode ID: b532fd05107941d53d3b58850ec03a4046a8b52745dff330bd849dc01671c9c9
                                                                              • Instruction ID: 5191219a8f8e4fdfd7dbfe982d2f4915dd7d323eb1d2cd2f7f029a13d9672d97
                                                                              • Opcode Fuzzy Hash: b532fd05107941d53d3b58850ec03a4046a8b52745dff330bd849dc01671c9c9
                                                                              • Instruction Fuzzy Hash: 5611C470E00208EBCB08EBD1D845AADB776AF44309F1001ADF502AB351DA749E40DBE5
                                                                              Function 006121F0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 250COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Iterator_baseIterator_base::_std::_
                                                                              • String ID: !
                                                                              • API String ID: 370429920-2657877971
                                                                              • Opcode ID: 679d296894391c241b5ebbd19e05a707544c15dc0bd3cbaa93e3231105de2c26
                                                                              • Instruction ID: 4d804ec4389cdc02b73b733837ac4e74fc93b22f64718605f156de7263befd9e
                                                                              • Opcode Fuzzy Hash: 679d296894391c241b5ebbd19e05a707544c15dc0bd3cbaa93e3231105de2c26
                                                                              • Instruction Fuzzy Hash: 4CB1ED74A00109EFDB08DF98C9A0AEDB7B2FF88304F148199E9165B391D775AE91CF44
                                                                              Function 006218E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,7F608707,0000001A,00000001,7F608707), ref: 0062196D
                                                                                • Part of subcall function 0060B480: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0060B4AA
                                                                                • Part of subcall function 0048FF1E: __lock.LIBCMT ref: 0048FF3C
                                                                                • Part of subcall function 0048FF1E: ___sbh_find_block.LIBCMT ref: 0048FF47
                                                                                • Part of subcall function 0048FF1E: ___sbh_free_block.LIBCMT ref: 0048FF56
                                                                                • Part of subcall function 0048FF1E: HeapFree.KERNEL32(00000000,00000000,00961388,0000000C,00614CB6,00000000,-00000104), ref: 0048FF86
                                                                                • Part of subcall function 0048FF1E: GetLastError.KERNEL32 ref: 0048FF97
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileFolderFreeHeapLastModuleNamePathSpecial___sbh_find_block___sbh_free_block__lock
                                                                              • String ID: Haihaisoft PDF Reader
                                                                              • API String ID: 87397074-763528247
                                                                              • Opcode ID: 518112c5e73b91bee8a624b70e9969fe36e8f4801224214bb8cc6e95978939dd
                                                                              • Instruction ID: 07c12e8d07205352f336d38c62bdeecc79378feeb4f66e1935d661064716d150
                                                                              • Opcode Fuzzy Hash: 518112c5e73b91bee8a624b70e9969fe36e8f4801224214bb8cc6e95978939dd
                                                                              • Instruction Fuzzy Hash: DB41D270D1422AAADB14EBA1EC55BFFB3B4AF15314F40062DE816662C1EF38AA44CF55
                                                                              Function 004127C0 Relevance: 3.0, APIs: 2, Instructions: 37registrystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,006B97BE,000000FF), ref: 004127F2
                                                                              • RegSetValueExW.KERNEL32(?,00000000,00000000,?,00000000,00000002), ref: 00412811
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Valuelstrlen
                                                                              • String ID:
                                                                              • API String ID: 799288031-0
                                                                              • Opcode ID: 1d328c046885f092e164432db6f53f65b06ce0636b3ecd9f973edb1de0fd1407
                                                                              • Instruction ID: 1e87635bf6e980359b5549c055125714171c2569df9d7b290cc28b273003bbff
                                                                              • Opcode Fuzzy Hash: 1d328c046885f092e164432db6f53f65b06ce0636b3ecd9f973edb1de0fd1407
                                                                              • Instruction Fuzzy Hash: 55F04F75600109EFCB18DFA4D944FBF77B9AB44301F00C15EE915C7380E6749AA1CB60
                                                                              Function 00470801 Relevance: 3.0, APIs: 2, Instructions: 32threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00481077: __EH_prolog3.LIBCMT ref: 0048107E
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00470830
                                                                              • SetWindowsHookExW.USER32(00000005,004705E1,00000000,00000000), ref: 00470840
                                                                                • Part of subcall function 0046BC18: __CxxThrowException@8.LIBCMT ref: 0046BC2E
                                                                                • Part of subcall function 0046BC18: __EH_prolog3.LIBCMT ref: 0046BC3B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3$CurrentException@8HookThreadThrowWindows
                                                                              • String ID:
                                                                              • API String ID: 1415497866-0
                                                                              • Opcode ID: 0ca1cd2a63cb28cea4f04caac8494561637785e31860ac97a59d9bc6b9f8c08a
                                                                              • Instruction ID: 6534c8e88e0a6b3aa79ad7561b3c9855b4c8938cc304a91794321b2cdccdaf87
                                                                              • Opcode Fuzzy Hash: 0ca1cd2a63cb28cea4f04caac8494561637785e31860ac97a59d9bc6b9f8c08a
                                                                              • Instruction Fuzzy Hash: 2FF0E931602744E7C7306B529805B9776A8CB81B61F11412FF608D6641DF34D880C6FB
                                                                              Function 00471753 Relevance: 3.0, APIs: 2, Instructions: 28windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadIconW.USER32(?,004718A9), ref: 00471777
                                                                              • LoadIconW.USER32(00000000,00007F00), ref: 00471786
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: IconLoad
                                                                              • String ID:
                                                                              • API String ID: 2457776203-0
                                                                              • Opcode ID: 859584995139a11a830d23061eb3e45c985aec478538a05c95537dc76099a090
                                                                              • Instruction ID: 806c2c834d5a615b171baf4427e318c9710f11dfd7e9c75fc709cb638f553e09
                                                                              • Opcode Fuzzy Hash: 859584995139a11a830d23061eb3e45c985aec478538a05c95537dc76099a090
                                                                              • Instruction Fuzzy Hash: 3EE06D72501314AB8B10AFAADC04CABF3ECEF94720705882BF908D7211D678F9008AB4
                                                                              Function 00412820 Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegCreateKeyExW.KERNEL32(00000000,0002001F,00000000,00000000,0002001F,00000000,?,00000000,0002001F,00000000,0002001F,00000000), ref: 00412852
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: 912940a5ef0f2df28b51018844026a73bf9258fc0e450eb681a223fdf3446f12
                                                                              • Instruction ID: 0e72b13ce3da7f354e5a7d80e462df47b100fe1bb60b64d0e056fe2f22207ff7
                                                                              • Opcode Fuzzy Hash: 912940a5ef0f2df28b51018844026a73bf9258fc0e450eb681a223fdf3446f12
                                                                              • Instruction Fuzzy Hash: C811A5B5A00209EFCB04DF98C985AEFBBB9FB48304F108659E915A7340D774AA51CB94
                                                                              Function 00481077 Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 0048107E
                                                                                • Part of subcall function 0046BC18: __CxxThrowException@8.LIBCMT ref: 0046BC2E
                                                                                • Part of subcall function 0046BC18: __EH_prolog3.LIBCMT ref: 0046BC3B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                              • String ID:
                                                                              • API String ID: 2489616738-0
                                                                              • Opcode ID: 4471d3526408d18897e41a2742bdf92df1013226670c883ad123cc830abbf2d0
                                                                              • Instruction ID: 910fe9d3e3a7cecf96e9bdbfb09e35202207c481db4065749658e00e8e91e054
                                                                              • Opcode Fuzzy Hash: 4471d3526408d18897e41a2742bdf92df1013226670c883ad123cc830abbf2d0
                                                                              • Instruction Fuzzy Hash: 0B01B1306142868BDF65BF72C85123E76E6AF81324F10492FE980CB3A1DF388C81CB59
                                                                              Function 00412F70 Relevance: 1.5, APIs: 1, Instructions: 36registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNEL32(?,?,00000000,00000000,00000000), ref: 00412F9A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: 22ed9050743f7d11c9fe15f607fe8b975660a5c13bd493e38ced92c88d82c39b
                                                                              • Instruction ID: 13608a5f6c9efaa02ee31e6d419667fbba8ea14388175cb973c7a6d669733ffd
                                                                              • Opcode Fuzzy Hash: 22ed9050743f7d11c9fe15f607fe8b975660a5c13bd493e38ced92c88d82c39b
                                                                              • Instruction Fuzzy Hash: AA01B675A00208EFCB04DF94D985AAEBBB5EB48300F10C5AAE8159B350D7749AA1DB94
                                                                              Function 0060B480 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0060B4AA
                                                                                • Part of subcall function 0060C770: GetFullPathNameW.KERNEL32(0060B4BC,00000000,00000000,00000000,?,0060B4BC,?), ref: 0060C780
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Name$FileFullModulePath
                                                                              • String ID:
                                                                              • API String ID: 1235081036-0
                                                                              • Opcode ID: 2cc295e4fcc10cffbd6b58f5ff5d63d080447c3d8ea0943612000455d2deb6e4
                                                                              • Instruction ID: 7ff860f902752c7f9c12d487adffad612f7c4ea5019f8963d17c1774bbcf13c5
                                                                              • Opcode Fuzzy Hash: 2cc295e4fcc10cffbd6b58f5ff5d63d080447c3d8ea0943612000455d2deb6e4
                                                                              • Instruction Fuzzy Hash: 11E0927195020C9BDB14EBA0DC8ABFA7374AB58300F4009EDE91947281EAB06A889B85
                                                                              Function 0046B924 Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 0046B942
                                                                                • Part of subcall function 0048FE54: __FF_MSGBANNER.LIBCMT ref: 0048FE77
                                                                                • Part of subcall function 0048FE54: __NMSG_WRITE.LIBCMT ref: 0048FE7E
                                                                                • Part of subcall function 0048FE54: RtlAllocateHeap.NTDLL(00000000,00497F01,00000001,00000000,00000000,?,004A0E12,00497F10,00000001,00497F10,?,0049A842,00000018,009616B8,0000000C,0049A8D3), ref: 0048FECB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap_malloc
                                                                              • String ID:
                                                                              • API String ID: 501242067-0
                                                                              • Opcode ID: 07af8ce67eab3eae3dd91b2419495071d1990bb008a514c31b40f5a5440d6971
                                                                              • Instruction ID: 45c6736d6321fe0fd7fd3a95bad961fd39b38471640b67e476efe32dcc624049
                                                                              • Opcode Fuzzy Hash: 07af8ce67eab3eae3dd91b2419495071d1990bb008a514c31b40f5a5440d6971
                                                                              • Instruction Fuzzy Hash: 3CD02B33204619674B10AA95EC0066B7749DB407B03040033FA08D7320EF24CC8583C9
                                                                              Function 004767B0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LockResource.KERNEL32(?,?,?,0047683B,00000000,?,?,?,?,?,?,00414918,?,?), ref: 004767BB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: LockResource
                                                                              • String ID:
                                                                              • API String ID: 1236514755-0
                                                                              • Opcode ID: 428555ecbee46e5f1d0cbd4823e3758fbef947add1b3f29657525fa0dc91e582
                                                                              • Instruction ID: a771e7b4fbb087c5720faec6c57d5a27fe89d8be73867282c86744be01c3f739
                                                                              • Opcode Fuzzy Hash: 428555ecbee46e5f1d0cbd4823e3758fbef947add1b3f29657525fa0dc91e582
                                                                              • Instruction Fuzzy Hash: 46D0C936100318B7CF252F969C09E9F7F2BEB847B1F01841AFA2D462508976D920D6E4
                                                                              Function 00415650 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00000080,?,?), ref: 0041566B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: c1b740af9f7745285fc6faf00f8554f4ac7b4853db8b2e51518191b42cd5eda1
                                                                              • Instruction ID: 194ad96bb4939bcf4d75931560f7f9ec9279008585c3782479b739ae21c4eb71
                                                                              • Opcode Fuzzy Hash: c1b740af9f7745285fc6faf00f8554f4ac7b4853db8b2e51518191b42cd5eda1
                                                                              • Instruction Fuzzy Hash: 12D09EB5605208BBC748DF88DC45DAAB7ADFB4D310F108289F94887340D671EE509BE4
                                                                              Function 00421AD0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowRgn.USER32(?,?,?), ref: 00421AE6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window
                                                                              • String ID:
                                                                              • API String ID: 2353593579-0
                                                                              • Opcode ID: ee9dac364a3e873929f936b3194da14dea2f5e98ec3a73f7187fb59cdf6d92c5
                                                                              • Instruction ID: 185f5a8e03678f6e1ce8c2e8cdcfe51409055d4d6590580688a93978301c0240
                                                                              • Opcode Fuzzy Hash: ee9dac364a3e873929f936b3194da14dea2f5e98ec3a73f7187fb59cdf6d92c5
                                                                              • Instruction Fuzzy Hash: FED09EB5604108FB8704DF89E844C5AB7BDFB4C310B108249F948C7300D631EE10DBA4
                                                                              Function 00638070 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(6A0E75D2,00000481,00000000,00000000), ref: 00638083
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: 701d07034f8c886b8d30e6f7e06226dd680ab5bae19890f2deffd7ce914c0607
                                                                              • Instruction ID: 5d598ab86f0cb973689d466ba96984b0183a03edf9185feaf14694a4ac1c9419
                                                                              • Opcode Fuzzy Hash: 701d07034f8c886b8d30e6f7e06226dd680ab5bae19890f2deffd7ce914c0607
                                                                              • Instruction Fuzzy Hash: 33C08C70280308BBD7188B40DC0AF94379CD744B30F008441BB080F2D0CAA1F40087A8
                                                                              Function 00414980 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • KiUserCallbackDispatcher.NTDLL(?), ref: 0041498E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CallbackDispatcherUser
                                                                              • String ID:
                                                                              • API String ID: 2492992576-0
                                                                              • Opcode ID: 2d0dae5ff1d3a2edbcbd0f824f1580ebc689414eb36e40eb6b62fad285bc8107
                                                                              • Instruction ID: 177eb5e53b23eb5b75f894bde0e82b7e961225e522c7825067acecada9a9b632
                                                                              • Opcode Fuzzy Hash: 2d0dae5ff1d3a2edbcbd0f824f1580ebc689414eb36e40eb6b62fad285bc8107
                                                                              • Instruction Fuzzy Hash: CBC080B050510CEB8704CF94E904C2977FCE70D30070002CCFC0C43300C532DD008AA4
                                                                              Function 00413C20 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000000C,00000000,?), ref: 00413C2F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: 94d0ea8b209cfbc7b9a2edeb961616924ff61afc797444f16274f9da03d8d6ae
                                                                              • Instruction ID: 3e93d4bf946dd86518caa3efec563c231deb91fe5e44f0eb52e19a9f9ef5b14b
                                                                              • Opcode Fuzzy Hash: 94d0ea8b209cfbc7b9a2edeb961616924ff61afc797444f16274f9da03d8d6ae
                                                                              • Instruction Fuzzy Hash: B7C04C75250308BBEB189B94DC45FE5379DD788B11F404545BB194B180C671F9408768

                                                                              Non-executed Functions

                                                                              Function 0061EF40 Relevance: 54.3, APIs: 15, Strings: 16, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: DBGHELP.DLL$MiniDumpWriteDump$StackWalk64$SymCleanup$SymFromAddr$SymFunctionTableAccess64$SymGetLineFromAddr64$SymGetModuleBase64$SymGetOptions$SymGetSearchPathW$SymInitialize$SymInitializeW$SymRefreshModuleList$SymSetOptions$SymSetSearchPath$SymSetSearchPathW
                                                                              • API String ID: 0-3872630309
                                                                              • Opcode ID: 70d20bbee2f4904df6c95a2e8415b42c47c610d9850da1bbcfaf47f1464f9662
                                                                              • Instruction ID: ffe264ec70dd0dd9409f39c01cc51bfc24e281ed55d1e3f8643c470d25db1461
                                                                              • Opcode Fuzzy Hash: 70d20bbee2f4904df6c95a2e8415b42c47c610d9850da1bbcfaf47f1464f9662
                                                                              • Instruction Fuzzy Hash: 84414AB9A18344EFDB08EFE0ED88C6977F9F714701B144468AA11DA361D7389E05EB21
                                                                              Function 0049668D Relevance: 47.6, APIs: 26, Strings: 1, Instructions: 313COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcspbrk.LIBCMT ref: 004966E5
                                                                                • Part of subcall function 00497F1E: __getptd_noexit.LIBCMT ref: 00497F1E
                                                                                • Part of subcall function 00497F0B: __getptd_noexit.LIBCMT ref: 00497F0B
                                                                                • Part of subcall function 00491B77: __decode_pointer.LIBCMT ref: 00491B82
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __getptd_noexit$__decode_pointer_wcspbrk
                                                                              • String ID: ./\
                                                                              • API String ID: 2357261805-3176372042
                                                                              • Opcode ID: a713f4acd131634cea428e6888de907cfed8d18050fbe31cab0cdb06f5918ba0
                                                                              • Instruction ID: e82db2e9ab99c9051d323a27dbd4532f7631b228628f90b9496ab42313899c8f
                                                                              • Opcode Fuzzy Hash: a713f4acd131634cea428e6888de907cfed8d18050fbe31cab0cdb06f5918ba0
                                                                              • Instruction Fuzzy Hash: 3AC137F1904519AECF209F65CC44AAAB7B8BF09315F0541BFE658E2240E7399E81CF6D
                                                                              Function 0069D3A0 Relevance: 32.0, APIs: 11, Strings: 6, Instructions: 2226COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy
                                                                              • String ID: $ %s$ %s$%s%s $T${
                                                                              • API String ID: 3048848545-3735262708
                                                                              • Opcode ID: b378f41d5dd907246b6470f80030ffe5ff2d34d424928c37f3009532d07dc4e3
                                                                              • Instruction ID: b06d2efdd12ab74a6bc98a04924e7ae78f83d60c198e71232857fe21394f3a12
                                                                              • Opcode Fuzzy Hash: b378f41d5dd907246b6470f80030ffe5ff2d34d424928c37f3009532d07dc4e3
                                                                              • Instruction Fuzzy Hash: 1623D3B0A001189BDF14CF55CC94BEABBB6AF84305F0881E9E949AB682D735DF85CF54
                                                                              Function 0054A8F0 Relevance: 18.3, APIs: 12, Instructions: 302fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00541660: GetVersionExW.KERNEL32(00000114), ref: 0054168D
                                                                              • _wcscpy.LIBCMT ref: 0054A92C
                                                                                • Part of subcall function 0058EA60: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000,00000000,?,0058D35C,00000000,?,01000000), ref: 0058EA84
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0054A962
                                                                              • GetLastError.KERNEL32 ref: 0054A971
                                                                              • FindNextFileW.KERNEL32(000000FF,?), ref: 0054A9CA
                                                                              • GetLastError.KERNEL32 ref: 0054A9DB
                                                                              • _wcscpy.LIBCMT ref: 0054AA0D
                                                                              • _wcscpy.LIBCMT ref: 0054AA2E
                                                                              • _wcscpy.LIBCMT ref: 0054AA9B
                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0054ABA0
                                                                              • GetLastError.KERNEL32 ref: 0054ABAF
                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0054ABFF
                                                                              • GetLastError.KERNEL32 ref: 0054AC10
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileFindLast_wcscpy$FirstNext$ByteCharMultiVersionWide
                                                                              • String ID:
                                                                              • API String ID: 1335110109-0
                                                                              • Opcode ID: 87756e77efb3e4cec994fd827c88e9a14f6397951f56a2d2feeb37c203bc51bb
                                                                              • Instruction ID: 10182708759508aec72c554e726b49379fb0b41ab63f45134ddbd38a42c1effc
                                                                              • Opcode Fuzzy Hash: 87756e77efb3e4cec994fd827c88e9a14f6397951f56a2d2feeb37c203bc51bb
                                                                              • Instruction Fuzzy Hash: 44D182B59002199FDB64DF14DD85BEA77B5BF89304F0482A9F80DAB281DB309D85CF62
                                                                              Function 00606610 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 368fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 00606633
                                                                                • Part of subcall function 0048FE54: __FF_MSGBANNER.LIBCMT ref: 0048FE77
                                                                                • Part of subcall function 0048FE54: __NMSG_WRITE.LIBCMT ref: 0048FE7E
                                                                                • Part of subcall function 0048FE54: RtlAllocateHeap.NTDLL(00000000,00497F01,00000001,00000000,00000000,?,004A0E12,00497F10,00000001,00497F10,?,0049A842,00000018,009616B8,0000000C,0049A8D3), ref: 0048FECB
                                                                              • CreateFileW.KERNEL32(TLc,80000000,00000001,00000000,00000003,00000080,00000000), ref: 006066B3
                                                                              Strings
                                                                              • TLc, xrefs: 006066AF, 006066B2
                                                                              • (, xrefs: 006069F2
                                                                              • ::DataSpace/Storage/MSCompressed/Content, xrefs: 00606980
                                                                              • ::DataSpace/Storage/MSCompressed/ControlData, xrefs: 006069AE
                                                                              • ::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/ResetTable, xrefs: 0060694C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateCreateFileHeap_malloc
                                                                              • String ID: ($::DataSpace/Storage/MSCompressed/Content$::DataSpace/Storage/MSCompressed/ControlData$::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/ResetTable$TLc
                                                                              • API String ID: 1327443360-3190796988
                                                                              • Opcode ID: 0410ea2c4a4f4b9cfac1d56b9537af1712bec2e00d4938f988b4e2f5bd8e1e84
                                                                              • Instruction ID: 94b8e361f4d08275fdaf52177a8de67edf7a889c9736c2890d485488d59d9231
                                                                              • Opcode Fuzzy Hash: 0410ea2c4a4f4b9cfac1d56b9537af1712bec2e00d4938f988b4e2f5bd8e1e84
                                                                              • Instruction Fuzzy Hash: 7002FAB49412198BDB28DF14CC94FDAB3B6BB49304F1481E9E90DA7381D731AE85CF94
                                                                              Function 00548A50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00000020,7F608707,?,005495B0,7F608707,00000000,7F608707,?,005F9416), ref: 00548A73
                                                                              • OpenProcessToken.ADVAPI32(00000000,?,005495B0,7F608707,00000000,7F608707,?,005F9416), ref: 00548A7A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CurrentOpenToken
                                                                              • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                              • API String ID: 2256020841-639343689
                                                                              • Opcode ID: 043bfabe9e4abdf0510c9bb234a5f5fc59be3c039806e434b8aed76e57c2cb79
                                                                              • Instruction ID: e58765e551f3ec34e92e5d28cedc6c95365fc68f8c0461e614abefc310f88666
                                                                              • Opcode Fuzzy Hash: 043bfabe9e4abdf0510c9bb234a5f5fc59be3c039806e434b8aed76e57c2cb79
                                                                              • Instruction Fuzzy Hash: C3115870744305AAEB10DBA19D4EFFE7BB9FB44B05F144059EA01EA1C0DBB4AA04CB72
                                                                              Function 00693520 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 108networkfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000), ref: 0069355E
                                                                              • InternetOpenW.WININET(BaseHTTP,00000000,00000000,00000000,00000000), ref: 0069358E
                                                                              • CloseHandle.KERNEL32(000000FF), ref: 00693666
                                                                              • InternetCloseHandle.WININET(00000000), ref: 00693670
                                                                              • InternetCloseHandle.WININET(00000000), ref: 0069367D
                                                                                • Part of subcall function 0060AEC0: GetLastError.KERNEL32 ref: 0060AED1
                                                                                • Part of subcall function 0060AEC0: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,00000000,00000000,00000000), ref: 0060AEF2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandleInternet$CreateErrorFileFormatLastMessageOpen
                                                                              • String ID: BaseHTTP
                                                                              • API String ID: 1340095259-2140595680
                                                                              • Opcode ID: 98d00f627fba3d53f0a52eafc2446cc09b385d4802fb8543d33f566150945336
                                                                              • Instruction ID: 67fde4f8b88522e082b1894158fc2763b84ab4686a91795da1a6fb496aac6523
                                                                              • Opcode Fuzzy Hash: 98d00f627fba3d53f0a52eafc2446cc09b385d4802fb8543d33f566150945336
                                                                              • Instruction Fuzzy Hash: 644180B0E4021CBBDF20DBA0CC49FED77BAAB08704F1080A9F605A63C1D6745B858F69
                                                                              Function 00644A50 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 204fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::SchedulerPolicy::SchedulerPolicy.LIBCMTD ref: 00644ADE
                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,?,00000000,7F608707), ref: 00644AF7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Scheduler$Concurrency::FileFindFirstPolicyPolicy::
                                                                              • String ID: *.png$hpreaderfcache
                                                                              • API String ID: 101837257-2758899433
                                                                              • Opcode ID: 9f9dd5cc618241ab86ff92997c78bc6a2caa7eaa6f38b2af2132ea8fea8a5223
                                                                              • Instruction ID: d9da11e23f8ea0645f2278852f467a190a3c79592416694d4386e7837b618d50
                                                                              • Opcode Fuzzy Hash: 9f9dd5cc618241ab86ff92997c78bc6a2caa7eaa6f38b2af2132ea8fea8a5223
                                                                              • Instruction Fuzzy Hash: 49816E70D012188BDB14EB61DC9ABEEB374EF50308F5042AEE01A67292EF346E85CF55
                                                                              Function 0060B1A0 Relevance: 12.1, APIs: 8, Instructions: 59clipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenClipboard.USER32(00000000), ref: 0060B1BD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ClipboardOpen
                                                                              • String ID:
                                                                              • API String ID: 2793039342-0
                                                                              • Opcode ID: 74c982f0c903a6b8122e0652eedd4860432dc86e67e846e9b9ff580bee3a4641
                                                                              • Instruction ID: 800567f02a4b138ee206fd16b66f012a3a7d2b301dab76e43bd53c78dcef4959
                                                                              • Opcode Fuzzy Hash: 74c982f0c903a6b8122e0652eedd4860432dc86e67e846e9b9ff580bee3a4641
                                                                              • Instruction Fuzzy Hash: 3E115E74A40208EBDB089FB0D84DBFF7BBAAB48705F00D498E90587281D7348B41DB71
                                                                              Function 0048FA8E Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsDebuggerPresent.KERNEL32 ref: 0049A4C8
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0049A4DD
                                                                              • UnhandledExceptionFilter.KERNEL32(006CF058), ref: 0049A4E8
                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 0049A504
                                                                              • TerminateProcess.KERNEL32(00000000), ref: 0049A50B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                              • String ID:
                                                                              • API String ID: 2579439406-0
                                                                              • Opcode ID: 3034716655993d401800c9ce3f8bf009e05c75dbe8765ef3ab12c5f6ce4faceb
                                                                              • Instruction ID: 7ab851d3f4ba2062a08df110f380a352bee963642422209e57bbb671f831797f
                                                                              • Opcode Fuzzy Hash: 3034716655993d401800c9ce3f8bf009e05c75dbe8765ef3ab12c5f6ce4faceb
                                                                              • Instruction Fuzzy Hash: 6F21EFB442CA84AFD740DF28FC88B143BA0BB48309F52501AE6088B371E7B49D85EF59
                                                                              Function 006207D0 Relevance: 7.5, APIs: 5, Instructions: 43threadprocessCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,?,?,?,006208F7,?,0089FF3C,000000FF), ref: 006207DA
                                                                              • GetCurrentProcessId.KERNEL32(00000004,00000000), ref: 006207F1
                                                                              • Thread32First.KERNEL32(000000FF,0000001C), ref: 00620802
                                                                              • Thread32Next.KERNEL32(000000FF,0000001C), ref: 00620830
                                                                              • CloseHandle.KERNEL32(000000FF), ref: 0062083E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Thread32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
                                                                              • String ID:
                                                                              • API String ID: 2798307357-0
                                                                              • Opcode ID: 28d548dc41ec58f859874dce2fdf835310047ff88929d44fc2d1d21b7a4943ee
                                                                              • Instruction ID: 53bb79db2bb6a5d77d149f2194eca2aba05b57879232f1055acac4606239340b
                                                                              • Opcode Fuzzy Hash: 28d548dc41ec58f859874dce2fdf835310047ff88929d44fc2d1d21b7a4943ee
                                                                              • Instruction Fuzzy Hash: 76012971D01218EBDF10EBE4D945AEEB7BAAF4C314F204659E505B7281D739AE01CBB4
                                                                              Function 005E2870 Relevance: 6.4, APIs: 1, Strings: 2, Instructions: 1187COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: T7^$T7^
                                                                              • API String ID: 2102423945-2358982311
                                                                              • Opcode ID: e906b9dc4983b7cccac5713b0e8fcea10d974f61983ac984c3a13792586b456c
                                                                              • Instruction ID: eccfe815660255efe79fb4026db57d8e455b4b2d99153f5cb35f2756ed305e7b
                                                                              • Opcode Fuzzy Hash: e906b9dc4983b7cccac5713b0e8fcea10d974f61983ac984c3a13792586b456c
                                                                              • Instruction Fuzzy Hash: ECD23674E106198FDB18CFC9C9919EDFBB2BF88309F288619D419AB349D770A946CF44
                                                                              Function 00513880 Relevance: 6.0, APIs: 1, Strings: 1, Instructions: 2547COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 1
                                                                              • API String ID: 0-2212294583
                                                                              • Opcode ID: 4b33d3fcb4b6fc1f2e818b78eabdef00da89185f9fe66f7e798643a895b7e65d
                                                                              • Instruction ID: 378eb6e2fb64507ddee29f40f0a7fd2775de6463b00fdd9bed96a7dc5da55a10
                                                                              • Opcode Fuzzy Hash: 4b33d3fcb4b6fc1f2e818b78eabdef00da89185f9fe66f7e798643a895b7e65d
                                                                              • Instruction Fuzzy Hash: BA435A70904689CFDB24CF18C8946D9BBE1FF89324F15866AF8999B2A1D378DD85CF40
                                                                              Function 005C25C0 Relevance: 5.3, Strings: 3, Instructions: 1558COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: gZ`$gZ`$gZ`
                                                                              • API String ID: 0-2283394595
                                                                              • Opcode ID: 2a067a14ee7d408c79b1ce15d3369c4312a801447f60b6f8ba13979df965f1ab
                                                                              • Instruction ID: 4e99fe28fd681e3a506ee1ddb4198a13e896be0f7301b1be5bdd17e6007aaf69
                                                                              • Opcode Fuzzy Hash: 2a067a14ee7d408c79b1ce15d3369c4312a801447f60b6f8ba13979df965f1ab
                                                                              • Instruction Fuzzy Hash: 37F2C174E042199FDB18CF99C494AADBBB2FF88314F14C51EE869AB345D734AA81CF50
                                                                              Function 0061F5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLocaleInfoA.KERNEL32(00000400,0000005A,00000000,0000001F), ref: 0061F62F
                                                                              • GetLocaleInfoA.KERNEL32(00000400,00000059,00000000,0000001F), ref: 0061F664
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID: Lang: %s %s
                                                                              • API String ID: 2299586839-2912328862
                                                                              • Opcode ID: 79cfb22fea4f5c286f84f98dc3741232e0800d6d898c2e6593091c694fae67a7
                                                                              • Instruction ID: 44f676edcb3a75b53364b018fafce05a1ef5fc566d9da64cb4957a984d9f78dc
                                                                              • Opcode Fuzzy Hash: 79cfb22fea4f5c286f84f98dc3741232e0800d6d898c2e6593091c694fae67a7
                                                                              • Instruction Fuzzy Hash: 1C21C4B0D44248EEDB44DFE9D945AEDBBF4AF5C700F0040AAE609F7291E6B01A049B65
                                                                              Function 00544AC0 Relevance: 5.1, APIs: 3, Instructions: 615COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0046B924: _malloc.LIBCMT ref: 0046B942
                                                                              • codecvt.LIBCPMTD ref: 00544C65
                                                                                • Part of subcall function 0043F1C0: _realloc.LIBCMT ref: 0043F22B
                                                                              • _memset.LIBCMT ref: 00544FAA
                                                                                • Part of subcall function 0043A3B0: _malloc.LIBCMT ref: 0043A3BB
                                                                              • _memset.LIBCMT ref: 005452A6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _malloc_memset$_realloccodecvt
                                                                              • String ID:
                                                                              • API String ID: 2798019432-0
                                                                              • Opcode ID: 9d73a1cc7f8963e504583e4f57a40a3f9782d6948c7d435c9baafcaca3a72ce9
                                                                              • Instruction ID: 86fe2d5ab523ea8678b8a59755921f5a4d6a5650524fa98c8478cd02107f7f43
                                                                              • Opcode Fuzzy Hash: 9d73a1cc7f8963e504583e4f57a40a3f9782d6948c7d435c9baafcaca3a72ce9
                                                                              • Instruction Fuzzy Hash: 53423DB0D011199BDB18DF98D991BADBBB1FF84308F14819DE206AB382DB355D44CF59
                                                                              Function 00524F70 Relevance: 4.8, APIs: 1, Instructions: 3323COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: 149a6d244758b21ebc09ab66c1a351c922e26ba0c0cb35d9267538aaf2ba933a
                                                                              • Instruction ID: b51e88e4bcf10ca72e54e25b6272731d4cb63a3d10c4668a380917f09e17d6fe
                                                                              • Opcode Fuzzy Hash: 149a6d244758b21ebc09ab66c1a351c922e26ba0c0cb35d9267538aaf2ba933a
                                                                              • Instruction Fuzzy Hash: 70737274E1010ADFDB48CF99C4929AEBBF2FF8C314B558699D516AB345C730A982CF90
                                                                              Function 0062F200 Relevance: 4.6, APIs: 3, Instructions: 121fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004139D0: __wcsdup.LIBCMT ref: 004139D7
                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,?,?,7F608707), ref: 0062F284
                                                                              • FindNextFileW.KERNEL32(000000FF,?,?,?,7F608707), ref: 0062F313
                                                                              • FindClose.KERNEL32(000000FF,?,?,7F608707), ref: 0062F321
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$CloseFirstNext__wcsdup
                                                                              • String ID:
                                                                              • API String ID: 3073557508-0
                                                                              • Opcode ID: e40caa4f9480ff3a3bc3222307364711edd8afd9540b86b19cfcd4ae42b46d70
                                                                              • Instruction ID: 954cf979e04fe218a86a5d471c7884f415a4fef09471233348dc727c3276be70
                                                                              • Opcode Fuzzy Hash: e40caa4f9480ff3a3bc3222307364711edd8afd9540b86b19cfcd4ae42b46d70
                                                                              • Instruction Fuzzy Hash: 7C51AE709051289BCF14EBB4EC59BEEB775EF44314F1082ADE42E67282DB345A44CFA4
                                                                              Function 00549A90 Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00587BF0: _wcsncpy.LIBCMT ref: 00587C17
                                                                              • CreateFileW.KERNEL32(?,00000003,00000003,00000000,00000003,0A000000,00000000), ref: 00549AD5
                                                                              • DeviceIoControl.KERNEL32(000000FF,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 00549B0F
                                                                              • CloseHandle.KERNEL32(000000FF), ref: 00549B1F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CloseControlCreateDeviceFileHandle_wcsncpy
                                                                              • String ID:
                                                                              • API String ID: 4129993258-0
                                                                              • Opcode ID: 5d0e587eaad074241ac06b71ca142e59cc014581cd34b58d42fe4c32b587d970
                                                                              • Instruction ID: 2af1112037a1d2463966d8b2027a90488375e9c3e8c04f49155ad17ae874ecac
                                                                              • Opcode Fuzzy Hash: 5d0e587eaad074241ac06b71ca142e59cc014581cd34b58d42fe4c32b587d970
                                                                              • Instruction Fuzzy Hash: 97119070A4020CBBDB14DFA4DC4AFFE77B8BF48700F508698B615AA1C0DA746701CB94
                                                                              Function 0060AEC0 Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32 ref: 0060AED1
                                                                              • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,00000000,00000000,00000000), ref: 0060AEF2
                                                                              • LocalFree.KERNEL32(00000000), ref: 0060AF04
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                              • String ID:
                                                                              • API String ID: 1365068426-0
                                                                              • Opcode ID: 5e01e3131a383ea4b3ad2d3d2a02276f49d6541d70689fabab5929d46bf59e2c
                                                                              • Instruction ID: 2593cdd8610d011fa83b21137498465bf9c26f8aad63505b8acc702e2edb5f2a
                                                                              • Opcode Fuzzy Hash: 5e01e3131a383ea4b3ad2d3d2a02276f49d6541d70689fabab5929d46bf59e2c
                                                                              • Instruction Fuzzy Hash: D7F01CB4544308FFEB14CF90DD4AFAA77BAEB04781F208054FA055A2C0C7B05A40DBA6
                                                                              Function 00640C10 Relevance: 3.2, APIs: 2, Instructions: 213windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004196D0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00419712
                                                                                • Part of subcall function 0061AD60: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0061AE25
                                                                              • IsZoomed.USER32(?), ref: 00640D04
                                                                              • IsIconic.USER32(?), ref: 00640D21
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Iterator_baseIterator_base::_std::_$IconicZoomed
                                                                              • String ID:
                                                                              • API String ID: 3328257340-0
                                                                              • Opcode ID: 0baf927dd0f6bc821f5f36c63888b07b22d13625ad7d2da8d19bea90c0bc8fbd
                                                                              • Instruction ID: 94e409d7bf329e28b5281330741fb30b84691e96494f8a2d2fd56394d8948777
                                                                              • Opcode Fuzzy Hash: 0baf927dd0f6bc821f5f36c63888b07b22d13625ad7d2da8d19bea90c0bc8fbd
                                                                              • Instruction Fuzzy Hash: 8181F570904218DBDB14DFA5DC51BEEBBBAAF44304F14815DF559AB3C2DB38AA04CBA0
                                                                              Function 00619620 Relevance: 3.2, APIs: 2, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 00619645
                                                                                • Part of subcall function 00493B45: __calloc_impl.LIBCMT ref: 00493B5A
                                                                              • GetLocaleInfoW.KERNEL32(00000400,0000000D,00619953,00000002), ref: 00619663
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale__calloc_impl_calloc
                                                                              • String ID:
                                                                              • API String ID: 2792801570-0
                                                                              • Opcode ID: 30b9f8423c34adc15d40e8e6f9338e4bb3a885c564974577a6422ceaded7818e
                                                                              • Instruction ID: 516d56270d9cbaa12e95f9edc6596d93ca728ebfbdce2019e21f0647f84c382f
                                                                              • Opcode Fuzzy Hash: 30b9f8423c34adc15d40e8e6f9338e4bb3a885c564974577a6422ceaded7818e
                                                                              • Instruction Fuzzy Hash: FD714F38E10118DFCB04EFA8E990AEDB7B2FF8A304F148199E5456B351DB71AD85CB51
                                                                              Function 0046F16D Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0046F1AA
                                                                              • GetVersionExW.KERNEL32(?), ref: 0046F1C3
                                                                                • Part of subcall function 0046BC18: __CxxThrowException@8.LIBCMT ref: 0046BC2E
                                                                                • Part of subcall function 0046BC18: __EH_prolog3.LIBCMT ref: 0046BC3B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8H_prolog3ThrowVersion_memset
                                                                              • String ID:
                                                                              • API String ID: 3528868769-0
                                                                              • Opcode ID: bd1135996f7c610478023235bc8f2c018070b3cafb3ec175c49d93a9285160ad
                                                                              • Instruction ID: 15d553ff75500fef3d23caf64b58adf22ea532a31b4b37de44db721f7094a6f5
                                                                              • Opcode Fuzzy Hash: bd1135996f7c610478023235bc8f2c018070b3cafb3ec175c49d93a9285160ad
                                                                              • Instruction Fuzzy Hash: E60192309002099BDB64EF65D846BDA73E4AB05348F4040AAD658D7291EF389E88CB9A
                                                                              Function 0053CC60 Relevance: 2.7, APIs: 1, Instructions: 1177COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 368e7140fe172c93f9d003af3de29d71e57e3d441dab282ff7339b1aaa355aea
                                                                              • Instruction ID: eca107f7e3f1fb957fcc5e521b1ff8e7bc73f8756aa54386855e0665bd368529
                                                                              • Opcode Fuzzy Hash: 368e7140fe172c93f9d003af3de29d71e57e3d441dab282ff7339b1aaa355aea
                                                                              • Instruction Fuzzy Hash: 5EC27878A00109EFCB18CF58D694AADBBB2FF88314F258598D8055B356C735EE82DF91
                                                                              Function 005F7A40 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _malloc
                                                                              • String ID:
                                                                              • API String ID: 1579825452-0
                                                                              • Opcode ID: cf7643c5b31861f561073cf2755b7f1fced13e597a456b60f8c7cef45eccd070
                                                                              • Instruction ID: 56189199a24d7892ba9616613c66b2bb4870c8d48c7ac7de959775eafccde82e
                                                                              • Opcode Fuzzy Hash: cf7643c5b31861f561073cf2755b7f1fced13e597a456b60f8c7cef45eccd070
                                                                              • Instruction Fuzzy Hash: BCC12D71E0810DEFDB04DFA8D991ABEBBB6BF8C300F248518EA15A7245D735AE41CB50
                                                                              Function 00547200 Relevance: 1.8, APIs: 1, Instructions: 290COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: 3f24fa349a7d8d507c6f35bc438d091c0c4cb3099ac6439da486e09035dbe4e8
                                                                              • Instruction ID: a9149c6f2daf2c924f438abc53f2af0959bb801f83ddad840e6251b72e8511ed
                                                                              • Opcode Fuzzy Hash: 3f24fa349a7d8d507c6f35bc438d091c0c4cb3099ac6439da486e09035dbe4e8
                                                                              • Instruction Fuzzy Hash: 7ED10E7490526A8FEB24DB14DC55BE9BB71BF86308F1085DAD8097B281CB719E85CF90
                                                                              Function 00586AB0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 9de53110f0fe847f86a63f1d2ea68fc9ecb4ac80c63dfb3a6c15d19fe04c55cd
                                                                              • Instruction ID: f35c26a1fd917e016ec228ce998894737756c509608c7a8c24bca305f527aff7
                                                                              • Opcode Fuzzy Hash: 9de53110f0fe847f86a63f1d2ea68fc9ecb4ac80c63dfb3a6c15d19fe04c55cd
                                                                              • Instruction Fuzzy Hash: 36E10871D10549EFEB08DF9CD890AADBBB2FF89300F1981ADD502A7755C634AB51DB80
                                                                              Function 0063A190 Relevance: 1.5, APIs: 1, Instructions: 33comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoCreateInstance.OLE32(00936404,00000000,00000017,006D1A84,00000000,?,?,00650C6B,00000000), ref: 0063A1CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CreateInstance
                                                                              • String ID:
                                                                              • API String ID: 542301482-0
                                                                              • Opcode ID: 352bdd6a87269c244dcd9a3e09b749b6b719124151078aee5c66a37327df25a3
                                                                              • Instruction ID: 9142db9da63834cdb32afef983013276cfcf12380897923e79dbf3eb27400ff6
                                                                              • Opcode Fuzzy Hash: 352bdd6a87269c244dcd9a3e09b749b6b719124151078aee5c66a37327df25a3
                                                                              • Instruction Fuzzy Hash: DFF0E234E04208FBDF04EBA0DC47BFDBB7A9F41304F0040A9F84567282EAB45B49E6A5
                                                                              Function 00586F20 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 054cba742382b44eff821199a0592fe923459d20860d4218fac665e1d67eb566
                                                                              • Instruction ID: fd2af69079d5e790b4dd510a5738f394d8f77e809c4018fbcde8eaba4145660b
                                                                              • Opcode Fuzzy Hash: 054cba742382b44eff821199a0592fe923459d20860d4218fac665e1d67eb566
                                                                              • Instruction Fuzzy Hash: AFD1E671D1414AEFEB04DF98D891AADBBB2FF88300F1981AED502A7755C634AB51DF40
                                                                              Function 00415630 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Iconic
                                                                              • String ID:
                                                                              • API String ID: 110040809-0
                                                                              • Opcode ID: 6028c9fedb49a98c7248ba710fafe4a2cdf2c86c3fe2670da0bcdba91f5bdfe8
                                                                              • Instruction ID: 06b977e6e4b70ae7c8ed86147022f5c00316c2c9d209111e2f2d4f7ef8d2256e
                                                                              • Opcode Fuzzy Hash: 6028c9fedb49a98c7248ba710fafe4a2cdf2c86c3fe2670da0bcdba91f5bdfe8
                                                                              • Instruction Fuzzy Hash: 27C08CB091920CEB8708CF88EA04C29BBFCEB0C300B0002CCFC0C83300CA32EE108AA4
                                                                              Function 0053F450 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: a620abb7a0d9ef9e0f7d86e4c4c9ae6037c228680175203b1dfc03610a49f50a
                                                                              • Instruction ID: 94aad1ad4f2f95627c37620f9810bb468721d7b83b39e78b3358214105ce847d
                                                                              • Opcode Fuzzy Hash: a620abb7a0d9ef9e0f7d86e4c4c9ae6037c228680175203b1dfc03610a49f50a
                                                                              • Instruction Fuzzy Hash: 0661B974D0421A8BDB08CF98C594AEDFBF2FF8C310F148669D555AB346C6346981DFA0
                                                                              Function 00584830 Relevance: 1.0, Instructions: 968COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b0feb7767c0b0846c4d62571fa7ee5a0bfd7152f14f3eccb1ab4c6d15a79d29b
                                                                              • Instruction ID: 0a82d35cf54dd5a625920b013c4d7823d2f00bd5716f4652b4212365beb17c58
                                                                              • Opcode Fuzzy Hash: b0feb7767c0b0846c4d62571fa7ee5a0bfd7152f14f3eccb1ab4c6d15a79d29b
                                                                              • Instruction Fuzzy Hash: D2A2B274E00219CFDB18DF98C894AADBBB2FF88304F248559E815AB395D735AD42CF94
                                                                              Function 00513040 Relevance: .5, Instructions: 503COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 41bd4ca659c2c92d3730d1e1988248fd6a3879b4bcb05b1300f0ab2426cd5479
                                                                              • Instruction ID: 95909592b5ee9bea70d19ee5a204bae4ef285a28b50f9c30cc842b1db1a629c2
                                                                              • Opcode Fuzzy Hash: 41bd4ca659c2c92d3730d1e1988248fd6a3879b4bcb05b1300f0ab2426cd5479
                                                                              • Instruction Fuzzy Hash: 61127D70604B008FE329CF25C4E06A6BBF1FB84311F60892DD5AB87A56D774F589CBA1
                                                                              Function 005C20F0 Relevance: .4, Instructions: 402COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4b1fb74f8127ac3062df81a20d8122b4595c2638affefd73a3a0a37d1d6d3531
                                                                              • Instruction ID: c8b73e97c844bca86a49fe6aad76f797ba1783b64e61c294576aa17b4d1aed11
                                                                              • Opcode Fuzzy Hash: 4b1fb74f8127ac3062df81a20d8122b4595c2638affefd73a3a0a37d1d6d3531
                                                                              • Instruction Fuzzy Hash: B302E4B0D0411ADFDF08CF98C491AAEBFB2FF88304F24859DD516AB345D635AA41DBA4
                                                                              Function 00512AF0 Relevance: .4, Instructions: 380COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fd4efca7490bc894d47ba628b81bec1b64ef1c7654222a83d659a9896abb9e64
                                                                              • Instruction ID: b566743062d64760c24d873a78f766e525a3631de2e758d7dd6c45dc0fec2853
                                                                              • Opcode Fuzzy Hash: fd4efca7490bc894d47ba628b81bec1b64ef1c7654222a83d659a9896abb9e64
                                                                              • Instruction Fuzzy Hash: 06F16C75A042018FD718CF15C0C069ABBE2FB98318F7486ADD9885B312C336ED97DBA1
                                                                              Function 005401A0 Relevance: .3, Instructions: 344COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 419390bc3209870ce41bf85e63a86302fa2a958127fb91a034af3f326b8f986c
                                                                              • Instruction ID: d58b449469101323b2f6d5891405cc2538094767fa2be62bbf01a24186fe38d9
                                                                              • Opcode Fuzzy Hash: 419390bc3209870ce41bf85e63a86302fa2a958127fb91a034af3f326b8f986c
                                                                              • Instruction Fuzzy Hash: 6812F0B491D2EC8BCB278F2998A03E9BFB96B5B200F1851D5D8D967342C1315F85DF60
                                                                              Function 00540A00 Relevance: .3, Instructions: 324COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b7aa293b6b91dc25c25319ff02c81a70effe8579974607eec0d511d2c7616095
                                                                              • Instruction ID: 7669baf2ee3c8b56ca8bf30e22333e1f2bf35f0253cbc702329cf47e021cc969
                                                                              • Opcode Fuzzy Hash: b7aa293b6b91dc25c25319ff02c81a70effe8579974607eec0d511d2c7616095
                                                                              • Instruction Fuzzy Hash: 7EE17B30E04259DFCF04CFE8D494AECBFB2BF89309F288599E951A7285C630AA45DF50
                                                                              Function 0053F220 Relevance: .2, Instructions: 155COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a02c0be9bf4f288459ddf67beb96f083b5cb4129081a122b4294937939620082
                                                                              • Instruction ID: 271bfc8cc9073d9714ea994533a262d627c8c64be34aa7d2345486ca4365ecab
                                                                              • Opcode Fuzzy Hash: a02c0be9bf4f288459ddf67beb96f083b5cb4129081a122b4294937939620082
                                                                              • Instruction Fuzzy Hash: 6071C974E011099FDB08CF98D594AEDFBF2FF88304F2481A9E855AB352CA35A942DF50
                                                                              Function 00587320 Relevance: .2, Instructions: 151COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 77bb53bef3a4ec1b8623e08d1c4b9dab05e9a90510da05f79b8e95ec5fa0b846
                                                                              • Instruction ID: 0df953c2029d97a7ea00b433f92be7b93601f5ce71bdf6d176776e0fae2b04a1
                                                                              • Opcode Fuzzy Hash: 77bb53bef3a4ec1b8623e08d1c4b9dab05e9a90510da05f79b8e95ec5fa0b846
                                                                              • Instruction Fuzzy Hash: 52611871514189AFDB44EF29C8A0AA93BA2FF89355F14C22EFD298F245C235E750DF90
                                                                              Function 00541450 Relevance: .1, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 67fbed7778e10ab5d256d06ab8bc2d2abee0d25132cb30919f22ae794233a4b2
                                                                              • Instruction ID: d2be5b4bd83b3a7e1744c8d4bd800d54403560b2331afcc6eb035a4e9e4b36ab
                                                                              • Opcode Fuzzy Hash: 67fbed7778e10ab5d256d06ab8bc2d2abee0d25132cb30919f22ae794233a4b2
                                                                              • Instruction Fuzzy Hash: F851E170924298AFCB44DF19D8A09ED7FB1FF89391F24C15AE9494B244C334EBA1DB90
                                                                              Function 00495BA0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                              • Instruction ID: 1eed1fee2c9c372038dd35d5eaf376df4dbc48bf8bc606a95ade31cb5846350f
                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                              • Instruction Fuzzy Hash: B6115BB724498647DE1A8A3DD4F8AB7AF95EBC5320B3C437BD0424F748D12AF9459708
                                                                              Function 00446200 Relevance: .1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 46f346d183280e6c483a97b4be4d8d4d708bf9113e37b5c2ef151fdac3d02ccf
                                                                              • Instruction ID: b83f53f4337145fc87c73b4c7f36cdbeb9dfc8a977dc2978e27717876cd01338
                                                                              • Opcode Fuzzy Hash: 46f346d183280e6c483a97b4be4d8d4d708bf9113e37b5c2ef151fdac3d02ccf
                                                                              • Instruction Fuzzy Hash: C81152B2D047099FDB14CF59D84179AFBB4FB89724F10826BE419A3780D7356504CB94
                                                                              Function 004AF87E Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 311COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: operator+$NameName::$Decorator::getName::operator+$ThisType$Name::operator|=Scope
                                                                              • String ID: %J
                                                                              • API String ID: 398566123-1216333649
                                                                              • Opcode ID: 2a161e5000ce5daee4693ceb57690e72a421b936af3b0bc47beca7ee50c1e09e
                                                                              • Instruction ID: acdf75d5515f52169a3ed03a65b2590c7fe8486ee6136d9f3d05fe1b952803ca
                                                                              • Opcode Fuzzy Hash: 2a161e5000ce5daee4693ceb57690e72a421b936af3b0bc47beca7ee50c1e09e
                                                                              • Instruction Fuzzy Hash: 34B1A7B1900208AFDB10DFE5D8D1EEE7BB8AF2A304F54406BF505DB291DB389A45CB59
                                                                              Function 0061E8B0 Relevance: 43.8, APIs: 2, Strings: 23, Instructions: 83windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(NTDLL.DLL,0062038A,00000000,009F7E28,00000200,00000000,00000000,?,0062038A), ref: 0061E9E4
                                                                              • FormatMessageA.KERNEL32(00000A00,00000000,?,0062038A), ref: 0061E9F0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FormatHandleMessageModule
                                                                              • String ID: ACCESS_VIOLATION$ARRAY_BOUNDS_EXCEEDED$BREAKPOINT$DATATYPE_MISALIGNMENT$FLT_DENORMAL_OPERAND$FLT_DIVIDE_BY_ZERO$FLT_INEXACT_RESULT$FLT_INVALID_OPERATION$FLT_OVERFLOW$FLT_STACK_CHECK$FLT_UNDERFLOW$GUARD_PAGE$ILLEGAL_INSTRUCTION$INT_DIVIDE_BY_ZERO$INT_OVERFLOW$INVALID_DISPOSITION$INVALID_HANDLE$IN_PAGE_ERROR$NONCONTINUABLE_EXCEPTION$NTDLL.DLL$PRIV_INSTRUCTION$SINGLE_STEP$STACK_OVERFLOW
                                                                              • API String ID: 2046974992-1041383458
                                                                              • Opcode ID: c120506299efde68032180f016448d4e363b33f136b1252d4c9c3f8a517ff506
                                                                              • Instruction ID: 0b987bdef3a82bd69b474432dd9e7845d92241a896ba2a7fe74390b9fdc0707a
                                                                              • Opcode Fuzzy Hash: c120506299efde68032180f016448d4e363b33f136b1252d4c9c3f8a517ff506
                                                                              • Instruction Fuzzy Hash: F031D1206485A8D7DB58AE8DC5445E86962F706305B2C8A76FFC3DF281D126CED7A701
                                                                              Function 00453930 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 395memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453987
                                                                                • Part of subcall function 00403280: task.LIBCPMTD ref: 0040328A
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453A0C
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453A8D
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453B06
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453B7F
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453BFC
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453C7F
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453D00
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453D81
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453DFE
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453E7B
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453EF4
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453F6D
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00453FE6
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0045405F
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 004540D8
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00454151
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 004541CE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorDebugHeap$task
                                                                              • String ID: 000000000000000000000000000000000000000001$3$4
                                                                              • API String ID: 757790273-3802341779
                                                                              • Opcode ID: 302f9744a18b7af7c6145faf051933e2c7892abd73633ff9e7a1e484bb2d7d45
                                                                              • Instruction ID: 08b51ee3d091fce39a9e84181b47652de0aa7f0d94093563552df697e0cd2145
                                                                              • Opcode Fuzzy Hash: 302f9744a18b7af7c6145faf051933e2c7892abd73633ff9e7a1e484bb2d7d45
                                                                              • Instruction Fuzzy Hash: B4225AB042D3848FD714DF6AE85876ABFE8BB81309F00446EE4855B3A1CBF84448EF56
                                                                              Function 006377B0 Relevance: 37.1, APIs: 4, Strings: 17, Instructions: 366COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .pdf$FirstPage$FullScreen$GoBack$GoForward$LastPage$LaunchEmbedded$LaunchFile$LaunchURL$NextPage$PrevPage$Print$SaveAs$ScrollTo$ScrollToEx$ScrollToEx$ZoomTo
                                                                              • API String ID: 0-1877514386
                                                                              • Opcode ID: f768f73026905037038d4efb2af8fb39bbff5e0794d9c37c0924b28c011e547f
                                                                              • Instruction ID: cc0bed780918680f42b2ee40a451b5ef9069eff8b212f3a737c8b6fb2d02c598
                                                                              • Opcode Fuzzy Hash: f768f73026905037038d4efb2af8fb39bbff5e0794d9c37c0924b28c011e547f
                                                                              • Instruction Fuzzy Hash: 57D1A0B5A5421AABDB18EB91DC82EBE7377AF44301F54441DF5026B3C2DA38DD01DBA4
                                                                              Function 00644580 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 237COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreatePen.GDI32(00000000,00000002,00000000), ref: 006445AE
                                                                              • CreatePen.GDI32(00000000,00000001,00000000), ref: 006445BD
                                                                              • CreatePen.GDI32(00000000,00000001,00A02000), ref: 006445CF
                                                                              • SelectObject.GDI32(0064582A,00000000), ref: 00644616
                                                                                • Part of subcall function 00415880: GetClientRect.USER32(?,?), ref: 00415899
                                                                              • FillRect.USER32(0064582A,00000000,?), ref: 00644643
                                                                                • Part of subcall function 00643F60: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00643F69
                                                                                • Part of subcall function 00643F60: SelectObject.GDI32(006442F1,00000000), ref: 00643FA1
                                                                                • Part of subcall function 00643F60: GetTextExtentPoint32W.GDI32(006442F1,00937DC0,00000000,?), ref: 00643FCA
                                                                                • Part of subcall function 00643F60: SelectObject.GDI32(006442F1,00000000), ref: 00643FEC
                                                                                • Part of subcall function 00643F60: GetTextExtentPoint32W.GDI32(006442F1,00937DEC,00000000), ref: 00644012
                                                                                • Part of subcall function 00643F60: GetTextExtentPoint32W.GDI32(006442F1,00937E00,00000000,?), ref: 0064403E
                                                                                • Part of subcall function 00643F60: SelectObject.GDI32(006442F1,?), ref: 00644075
                                                                                • Part of subcall function 00418270: _Smanip.LIBCPMTD ref: 00418287
                                                                              • SelectObject.GDI32(0064582A,?), ref: 00644685
                                                                              • SelectObject.GDI32(0064582A,?), ref: 00644693
                                                                              • SetTextColor.GDI32(0064582A,00000000), ref: 006446B5
                                                                              • SetBkMode.GDI32(0064582A,00000001), ref: 006446C1
                                                                              • SelectObject.GDI32(0064582A,00000000), ref: 006446D4
                                                                              • SelectObject.GDI32(0064582A,00000000), ref: 006446E7
                                                                              • SelectObject.GDI32(0064582A,?), ref: 006446F5
                                                                                • Part of subcall function 00423230: _memset.LIBCMT ref: 00423273
                                                                              • SetTextColor.GDI32(0064582A,?), ref: 0064476C
                                                                              • SelectObject.GDI32(0064582A,?), ref: 006447DD
                                                                              • SelectObject.GDI32(0064582A,?), ref: 0064481A
                                                                              • DeleteObject.GDI32(?), ref: 00644824
                                                                              • DeleteObject.GDI32(?), ref: 0064482E
                                                                              • DeleteObject.GDI32(?), ref: 00644838
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Select$Text$CreateDeleteExtentPoint32$ColorRect$ClientFillIterator_baseIterator_base::_ModeSmanip_memsetstd::_
                                                                              • String ID: *Xdv$Arial$Arial
                                                                              • API String ID: 2656707367-3638631016
                                                                              • Opcode ID: 60aeeaf6ca9be1d9b120e239150960d535a5e5572fc6618979f900e7f8db2905
                                                                              • Instruction ID: 138d1d80ed87514a189678a20f897dd282e780c5f79e3062bc7227ce6736e4b5
                                                                              • Opcode Fuzzy Hash: 60aeeaf6ca9be1d9b120e239150960d535a5e5572fc6618979f900e7f8db2905
                                                                              • Instruction Fuzzy Hash: 6BA12D75A00209EFCB04DFA4DC99FEEBBB6EF48304F148159F506AB295DB34A945CB60
                                                                              Function 0063E6B0 Relevance: 36.3, APIs: 24, Instructions: 282windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • UnregisterHotKey.USER32(?,00000538,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E6DC
                                                                              • UnregisterHotKey.USER32(?,00000539,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E6EE
                                                                              • UnregisterHotKey.USER32(?,0000053A,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E700
                                                                              • UnregisterHotKey.USER32(?,0000053B,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E712
                                                                              • UnregisterHotKey.USER32(?,0000053C,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E724
                                                                              • UnregisterHotKey.USER32(?,0000053D,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E736
                                                                              • UnregisterHotKey.USER32(?,0000053E,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E748
                                                                              • UnregisterHotKey.USER32(?,0000053F,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E75A
                                                                              • UnregisterHotKey.USER32(?,00000540,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E76C
                                                                              • UnregisterHotKey.USER32(?,00000541,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E77E
                                                                              • UnregisterHotKey.USER32(?,00000542,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E790
                                                                              • UnregisterHotKey.USER32(?,00000543,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E7A2
                                                                              • UnregisterHotKey.USER32(?,00000544,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E7B4
                                                                              • UnregisterHotKey.USER32(?,00000545,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E7C6
                                                                              • UnregisterHotKey.USER32(?,00000546,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E7D8
                                                                              • UnregisterHotKey.USER32(?,00000547,?,?,?,?,?,?,006407D1,00000001,00000000), ref: 0063E7EA
                                                                              • SendMessageW.USER32(?,0000047C,00000000,00000000), ref: 0063E800
                                                                              • SendMessageW.USER32(?,00000548,00000000,00000000), ref: 0063E816
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Unregister$MessageSend
                                                                              • String ID:
                                                                              • API String ID: 1227368476-0
                                                                              • Opcode ID: 8eede59edd249547d9c2014c69d1b5338a2f379e753ed0ee41f88f39669db1f1
                                                                              • Instruction ID: 12f0ad68d22dccca8b07ff5a4baaea6c0bae067e4982e1331d3d1f00659861d6
                                                                              • Opcode Fuzzy Hash: 8eede59edd249547d9c2014c69d1b5338a2f379e753ed0ee41f88f39669db1f1
                                                                              • Instruction Fuzzy Hash: 30C14D79600204ABDB44DF60D899FAA7B72BF48355F148158FA495F391C636EA81CFA0
                                                                              Function 00687360 Relevance: 32.0, APIs: 15, Strings: 3, Instructions: 476memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0059A780: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0059A838
                                                                                • Part of subcall function 0042AAB0: std::bad_exception::~bad_exception.LIBCMTD ref: 0042AAEC
                                                                                • Part of subcall function 0042AAB0: std::bad_exception::~bad_exception.LIBCMTD ref: 0042AAFB
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0068743E
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00687459
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00687A85
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00687AD9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$AllocatorDebugHeapstd::bad_exception::~bad_exception
                                                                              • String ID: .djvu$DjVuFile$page
                                                                              • API String ID: 1055424468-3767126151
                                                                              • Opcode ID: ffb3ef6d2973d138bce08e3d635d1b556cb5893974dddc76998083d08dcba5df
                                                                              • Instruction ID: 046399335ec35f198a4d626313a44afe040e2dfc692b1572d35126586f495210
                                                                              • Opcode Fuzzy Hash: ffb3ef6d2973d138bce08e3d635d1b556cb5893974dddc76998083d08dcba5df
                                                                              • Instruction Fuzzy Hash: 9B324670900158DBCF15EBA4CC95BEEBBB1AF59304F5480D9E00AA7292DB346F88CF95
                                                                              Function 00666B70 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 139windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateWindowExW.USER32(00000000,Static,00946830,40000000,00000000,00000000,00000000,00000000,74D28500,00000000,00400000,00000000), ref: 00666BA4
                                                                              • CreateWindowExW.USER32(00000000,Static,00946844,50000000,00000000,00000000,00000000,00000000,?,00000434,00400000,00000000), ref: 00666BE4
                                                                              • SendMessageW.USER32(?,00000030,?,00000000), ref: 00666BFC
                                                                                • Part of subcall function 00637FA0: _calloc.LIBCMT ref: 00637FB6
                                                                                • Part of subcall function 00413C20: SendMessageW.USER32(?,0000000C,00000000,?), ref: 00413C2F
                                                                              • CreateWindowExW.USER32(00000000,Static,00946864,5000010D,00000000,00000000,00000010,00000010,?,00000435,00400000,00000000), ref: 00666C4D
                                                                              • CreateWindowExW.USER32(00020000,SysTreeView32,Fav,50018A37,00000000,00000000,00000000,00000000,?,00000436,00400000,00000000), ref: 00666C8A
                                                                              • SendMessageW.USER32(?,00002005,00000001,00000000), ref: 00666CAC
                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00666CC7
                                                                              • SetWindowLongW.USER32(?,000000FC,00664E60), ref: 00666CE3
                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00666CFE
                                                                              • SetWindowLongW.USER32(?,000000FC,006669E0), ref: 00666D1A
                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00666D2F
                                                                              • SetWindowLongW.USER32(?,000000FC,0063A340), ref: 00666D45
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long$Create$MessageSend$_calloc
                                                                              • String ID: Fav$Favorites$Static$Static$Static$SysTreeView32
                                                                              • API String ID: 3128558338-1371237138
                                                                              • Opcode ID: c5577ec607d1ae190bcfd5eb5ad7f83869ab0461dfd5ffbf3c7eaa1e0cf7f02b
                                                                              • Instruction ID: 576a76bc7e03a39ef2ced74c3b76d63ae934931330d0b47468f5071d8e297397
                                                                              • Opcode Fuzzy Hash: c5577ec607d1ae190bcfd5eb5ad7f83869ab0461dfd5ffbf3c7eaa1e0cf7f02b
                                                                              • Instruction Fuzzy Hash: 8B512EB4394304BFE714DF50DC4AFB63766EB84B15F108254FA14AF2E1D6B1A940CBA4
                                                                              Function 00639540 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 139windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateWindowExW.USER32(00000000,Static,009359B8,40000000,00000000,00000000,00000000,00000000,6A04C483,00000000,00400000,00000000), ref: 00639574
                                                                              • CreateWindowExW.USER32(00000000,Static,009359CC,50000000,00000000,00000000,00000000,00000000,00000000,0000042F,00400000,00000000), ref: 006395B4
                                                                              • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 006395CC
                                                                                • Part of subcall function 00637FA0: _calloc.LIBCMT ref: 00637FB6
                                                                                • Part of subcall function 00413C20: SendMessageW.USER32(?,0000000C,00000000,?), ref: 00413C2F
                                                                              • CreateWindowExW.USER32(00000000,Static,009359EC,5000010D,00000000,00000000,00000010,00000010,?,00000430,00400000,00000000), ref: 0063961D
                                                                              • CreateWindowExW.USER32(00020000,SysTreeView32,TOC,50018A37,00000000,00000000,00000000,00000000,?,00000431,00400000,00000000), ref: 0063965A
                                                                              • SendMessageW.USER32(?,00002005,00000001,00000000), ref: 0063967C
                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00639697
                                                                              • SetWindowLongW.USER32(?,000000FC,00638A40), ref: 006396B3
                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 006396CE
                                                                              • SetWindowLongW.USER32(?,000000FC,00639400), ref: 006396EA
                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 006396FF
                                                                              • SetWindowLongW.USER32(?,000000FC,0063A340), ref: 00639715
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long$Create$MessageSend$_calloc
                                                                              • String ID: Bookmarks$Static$Static$Static$SysTreeView32$TOC
                                                                              • API String ID: 3128558338-1825823818
                                                                              • Opcode ID: b791a099a38b774a69396562a4192fdf5cb1a516f40d3bc97a523d750e9752d4
                                                                              • Instruction ID: fb0c20c9743d0ba347ce3eaa57388c74977fa0330e8f7a72e4babbf7eae4d1a4
                                                                              • Opcode Fuzzy Hash: b791a099a38b774a69396562a4192fdf5cb1a516f40d3bc97a523d750e9752d4
                                                                              • Instruction Fuzzy Hash: 01515074395304BFEB10DF50DC4AFB63766EB88B25F604254FA059F2D0C6B1A940CBA4
                                                                              Function 0063E3E0 Relevance: 28.7, APIs: 19, Instructions: 210windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 0063E416
                                                                              • IsWindowVisible.USER32(00000000), ref: 0063E41D
                                                                              • GetParent.USER32(?), ref: 0063E45A
                                                                              • IsZoomed.USER32(00000000), ref: 0063E461
                                                                              • SetTimer.USER32(?,00000003,00000BB8,00000000), ref: 0063E4B6
                                                                              • GetParent.USER32(?), ref: 0063E530
                                                                              • GetWindowLongW.USER32(00000000), ref: 0063E537
                                                                              • GetParent.USER32(?), ref: 0063E580
                                                                              • GetParent.USER32(?), ref: 0063E5B5
                                                                              • GetParent.USER32(?), ref: 0063E5D1
                                                                              • SetMenu.USER32(00000000), ref: 0063E5D8
                                                                              • ShowWindow.USER32(?,00000000), ref: 0063E5E7
                                                                              • GetParent.USER32(?), ref: 0063E5FA
                                                                              • SetWindowLongW.USER32(00000000), ref: 0063E601
                                                                              • GetParent.USER32(?), ref: 0063E622
                                                                              • SetWindowPos.USER32(00000000), ref: 0063E629
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000001,00000004), ref: 0063E646
                                                                              • GetParent.USER32(?), ref: 0063E668
                                                                              • SetFocus.USER32(00000000), ref: 0063E66F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Parent$Window$Long$FocusMenuShowTimerVisibleZoomed
                                                                              • String ID:
                                                                              • API String ID: 1683251108-0
                                                                              • Opcode ID: c1508d48aefb84556987f89a38670cadb5962425c17d94063ab38bfbf6fcc899
                                                                              • Instruction ID: ece630549c2375cf9aa4adb645bc671814cde5de3d64b4dd37dd7daa003745f8
                                                                              • Opcode Fuzzy Hash: c1508d48aefb84556987f89a38670cadb5962425c17d94063ab38bfbf6fcc899
                                                                              • Instruction Fuzzy Hash: 0F912C74604244AFDB04CF65C898FBA7BB6EF48355F18C158F9499B392C636E941CBA0
                                                                              Function 0063BB10 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 240COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCursorPos.USER32(000000FF), ref: 0063BB4A
                                                                              • ScreenToClient.USER32( +d,000000FF), ref: 0063BB5C
                                                                              • SetCursor.USER32(?,006B4815,?), ref: 0063BBA7
                                                                              • SetCursor.USER32(?,?,?,?,?,?,7F608707), ref: 0063BC19
                                                                              • SetCursor.USER32(?,?,?,?,?,?,7F608707), ref: 0063BC30
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Cursor$ClientScreen
                                                                              • String ID: +d$ +d
                                                                              • API String ID: 2747520593-2025514043
                                                                              • Opcode ID: 1f21b1afa49b812d71c08d9c936edb669757b15cb7e9dd0fd2dd97ec4f977ce4
                                                                              • Instruction ID: d2b6518b38ecb956d4a882e92d205bccb3b537cf0cb3a2fcd6a2aa503517271f
                                                                              • Opcode Fuzzy Hash: 1f21b1afa49b812d71c08d9c936edb669757b15cb7e9dd0fd2dd97ec4f977ce4
                                                                              • Instruction Fuzzy Hash: 83A12C74A14204EFCB14DFA9D894EEEB7B6EF48300F149159F6169B391DB34AD81CBA0
                                                                              Function 00601AD0 Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 387COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: 7,c$BM44$BM44$FORM:BM44$FORM:DJVU$FORM:PM44$INFO$INFO$PM44$PM44$d
                                                                              • API String ID: 2102423945-2506092995
                                                                              • Opcode ID: 25709f0e37e52deba9bb3c545d8966f6482c9c30096b89f47e2b927576dc41e0
                                                                              • Instruction ID: d8168ed2a65c71612649f90ddfab4e6c4e6fe1c43d68701167bca16ed16fae97
                                                                              • Opcode Fuzzy Hash: 25709f0e37e52deba9bb3c545d8966f6482c9c30096b89f47e2b927576dc41e0
                                                                              • Instruction Fuzzy Hash: EAF1B370D00259DBCF18EBA5D855BEEBBB1AF54304F54406EE406BB2D2EF785A08CB51
                                                                              Function 00598810 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 385COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::locale::_Locimp::_Addfac.LIBCPMTD ref: 0059898E
                                                                              • std::locale::_Locimp::_Addfac.LIBCPMTD ref: 005989BD
                                                                              • _strlen.LIBCMT ref: 00598A43
                                                                              • _strlen.LIBCMT ref: 00598A73
                                                                              • Concurrency::details::_NonReentrantPPLLock::_Acquire.LIBCMTD ref: 00598A82
                                                                              • _strlen.LIBCMT ref: 00598BB3
                                                                              • _strlen.LIBCMT ref: 00598B2C
                                                                                • Part of subcall function 00436ED0: std::locale::_Locimp::_Addfac.LIBCPMTD ref: 00436EDC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$AddfacLocimp::_std::locale::_$AcquireConcurrency::details::_Lock::_Reentrant
                                                                              • String ID: /..$/../$/./$////$file:$file:////$file://localhost/
                                                                              • API String ID: 680025503-1905803392
                                                                              • Opcode ID: 894ab4f5cb81d09cbd9b46cd52879d29b25f7d7bcbec973b7622d50b8ae9043c
                                                                              • Instruction ID: 648f87944aab1cf2b90305e72b915db9e93e8560dcfcda5f6002b4d1eeaa3b6a
                                                                              • Opcode Fuzzy Hash: 894ab4f5cb81d09cbd9b46cd52879d29b25f7d7bcbec973b7622d50b8ae9043c
                                                                              • Instruction Fuzzy Hash: B0E17EB1D042099BCF04DFA4D892AFEBFB5BF55304F18411DE505BB282DB39AA45CBA1
                                                                              Function 00620360 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 200COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Crashed thread:$Registers:$CS:EIP:%04X:%08X$DEP violation at address $DS:%04X ES:%04X FS:%04X GS:%04X$EAX:%08X EBX:%08X ECX:%08XEDX:%08X ESI:%08X EDI:%08X$Exception: %08X %s$Fault reading address $Fault writing address $Faulting IP: $Flags:%08X$SS:ESP:%04X:%08X EBP:%08X$unknown readWriteFlag: %d
                                                                              • API String ID: 0-3049342579
                                                                              • Opcode ID: 32ff7c53869c53acd9321d72b7b8cd45684dcfa8580e125c30923cdcb9bd3d60
                                                                              • Instruction ID: 9324dbaa512c8fcb99a33259c3be8ddcea901659d081b42900dd81483ad24bef
                                                                              • Opcode Fuzzy Hash: 32ff7c53869c53acd9321d72b7b8cd45684dcfa8580e125c30923cdcb9bd3d60
                                                                              • Instruction Fuzzy Hash: 6C711FB5A00108EFDB04EF98D981DEE77B5FF48314F148268F919AB352D634AE81CB95
                                                                              Function 006937E0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 188networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetOpenW.WININET(BaseHTTP,00000000,00000000,00000000,00000000), ref: 00693842
                                                                              • InternetConnectW.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0069386A
                                                                              • InternetCloseHandle.WININET(00000000), ref: 006939FD
                                                                              • InternetCloseHandle.WININET(00000000), ref: 00693A07
                                                                              • InternetCloseHandle.WININET(00000000), ref: 00693A11
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Internet$CloseHandle$ConnectOpen
                                                                              • String ID: /,k$BaseHTTP$POST
                                                                              • API String ID: 4179804448-4057070889
                                                                              • Opcode ID: f91daf00cf4f515e7722f0d269ea3b805a9c2cbcc758bcd41a375023cef322d0
                                                                              • Instruction ID: 748643ae4a5c739bd60b63cd636bb81c3772ee3a2f8d48fd1530bfd2e524c111
                                                                              • Opcode Fuzzy Hash: f91daf00cf4f515e7722f0d269ea3b805a9c2cbcc758bcd41a375023cef322d0
                                                                              • Instruction Fuzzy Hash: 68713B71E403489BEB10DFE4DC59BEEBBBAAB08704F104519E615AB2C0D7B45A44CB64
                                                                              Function 005888C0 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 319COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy$_strlen_wcscat_wcslen
                                                                              • String ID: .rar$.rar$exe$exe$rar$rar$sfx$sfx
                                                                              • API String ID: 152253507-2942956649
                                                                              • Opcode ID: c2a4e78bf4ee27a464b0bdcf1c8ec8de30dc10fe82ace7d5e858ecfbd6d93dc4
                                                                              • Instruction ID: f430092162598f8aa517c5aa5d7b50c0d2205d4f3fa05340daa39abdf0dec0c5
                                                                              • Opcode Fuzzy Hash: c2a4e78bf4ee27a464b0bdcf1c8ec8de30dc10fe82ace7d5e858ecfbd6d93dc4
                                                                              • Instruction Fuzzy Hash: F7C19DB4D04149EBCF04EBA4C4929BEBBB1FF45305F548499EC55AB342EA34EE40DB51
                                                                              Function 0063EA70 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _Smanip.LIBCPMTD ref: 0063EAAC
                                                                              • GetCursor.USER32(?,00000000,-0000028C), ref: 0063EABF
                                                                              • SetCursor.USER32(?), ref: 0063EADC
                                                                              • SetTimer.USER32(?,00000003,00000BB8,00000000), ref: 0063EB07
                                                                              • GetSystemMetrics.USER32(00000044), ref: 0063EB38
                                                                              • GetSystemMetrics.USER32(00000045), ref: 0063EB5B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CursorMetricsSystem$SmanipTimer
                                                                              • String ID: Z)d
                                                                              • API String ID: 3107522989-2431863006
                                                                              • Opcode ID: 4fe2c4995c76489b42c4b6d50b6d8d390735bef98dcc8a3a94cf29a6828f6a8a
                                                                              • Instruction ID: 729f20365ef2114ceba3ebb3696e8a4962c6be40de071734f70161b2ac6bc5a7
                                                                              • Opcode Fuzzy Hash: 4fe2c4995c76489b42c4b6d50b6d8d390735bef98dcc8a3a94cf29a6828f6a8a
                                                                              • Instruction Fuzzy Hash: 35813175600209EFCB04DF58C899EEE77B6BF48344F148169F90A9B395DB31E941CBA0
                                                                              Function 00641A50 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 310windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFocus.USER32(?), ref: 00641A71
                                                                              • SendMessageW.USER32(?,00000111,00000190,00000000), ref: 00641ADD
                                                                              • GetSystemMetrics.USER32(00000044), ref: 00641C12
                                                                              • GetSystemMetrics.USER32(00000045), ref: 00641C35
                                                                              • _Smanip.LIBCPMTD ref: 00641CB2
                                                                              • SetCursor.USER32(?,00000000), ref: 00641D5C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem$CursorFocusMessageSendSmanip
                                                                              • String ID: <File,Open>$<View,HideList>$<View,ShowList>$http:$https:$mailto:
                                                                              • API String ID: 2650576747-3521807905
                                                                              • Opcode ID: e4314e3a51782623d6399bdb5815c78368f8f2ce325383002efa4bb774f3f35a
                                                                              • Instruction ID: b31f385a298e3a1d3032e3c5c6465433f5edeaf08be6f15ce66074707d6e50cf
                                                                              • Opcode Fuzzy Hash: e4314e3a51782623d6399bdb5815c78368f8f2ce325383002efa4bb774f3f35a
                                                                              • Instruction Fuzzy Hash: E7C15EB4A00205ABDB08DF54C895FFA7BB6AF85344F14816CF9495F382DB35E982CB94
                                                                              Function 004212D0 Relevance: 21.1, APIs: 14, Instructions: 148COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0041B350: _localeconv.LIBCMT ref: 0041B357
                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00421336
                                                                                • Part of subcall function 004214B0: _strlen.LIBCMT ref: 004214BA
                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00421360
                                                                              • _Maklocstr.LIBCPMTD ref: 00421371
                                                                                • Part of subcall function 0041B740: _strlen.LIBCMT ref: 0041B751
                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0042138C
                                                                              • _Maklocstr.LIBCPMTD ref: 0042139D
                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 004213DF
                                                                              • _Maklocchr.LIBCPMTD ref: 004213F0
                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00421406
                                                                              • _Maklocchr.LIBCPMTD ref: 00421418
                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00421436
                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00421458
                                                                              • _Maklocchr.LIBCPMTD ref: 00421462
                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00421478
                                                                              • _Maklocchr.LIBCPMTD ref: 00421482
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: GetcvtLocinfo::_std::_$Maklocchr$Maklocstr_strlen$_localeconv
                                                                              • String ID:
                                                                              • API String ID: 3638708674-0
                                                                              • Opcode ID: 142c4f7e5b73be13c18c2d7579fc4e477cde2a27372d6a2286e18ac9b6aacb69
                                                                              • Instruction ID: 516e1250dd0f8628b7e933ab85afe42251a00f502e4ce301fe08a8631f9ec1d4
                                                                              • Opcode Fuzzy Hash: 142c4f7e5b73be13c18c2d7579fc4e477cde2a27372d6a2286e18ac9b6aacb69
                                                                              • Instruction Fuzzy Hash: 87514CB4A0024CAFC704DF95C851FAEBBB5EF88714F10815EE819AB391DB35AA45CB94
                                                                              Function 006205D0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 84threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 006205E3
                                                                              • OpenThread.KERNEL32(0000004A,00000000,00620825), ref: 00620619
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$CurrentOpen
                                                                              • String ID: Thread: %x$Failed to GetThreadContext()$Failed to OpenThread()$Failed to SuspendThread()$J
                                                                              • API String ID: 762743756-1987366688
                                                                              • Opcode ID: b343ecf3efc5fa328aa759d2789ddd6904526a62f90a8e20ef6b72901170e044
                                                                              • Instruction ID: 7b1f0ed1aaa7edd811eccd8773c61404a0386ff0022b585474411dd96c6b0f35
                                                                              • Opcode Fuzzy Hash: b343ecf3efc5fa328aa759d2789ddd6904526a62f90a8e20ef6b72901170e044
                                                                              • Instruction Fuzzy Hash: 7D3161B4900218EBDF04EFA0DC49EEE7775AB84324F108659F529A72D2DB789A80CF55
                                                                              Function 0059A030 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 302COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0059A344
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0059A177
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                              • std::locale::_Locimp::_Addfac.LIBCPMTD ref: 0059A1DD
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0059A4E0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$AddfacException@8Locimp::_Throw_abort_strlenstd::locale::_
                                                                              • String ID: .\ext\libdjvu\GURL.cpp$.\ext\libdjvu\GURL.cpp$.\ext\libdjvu\GURL.cpp$file$file://localhost/
                                                                              • API String ID: 1421388000-2420783998
                                                                              • Opcode ID: f4a84d0482b097496ea2b8ac177106a0e17092f4a7bffd509956d36c87ba3c68
                                                                              • Instruction ID: 264ff7c1684d1e99bce70d0de1d85df241953be4d6366e4cb7bc73f72fff6f6a
                                                                              • Opcode Fuzzy Hash: f4a84d0482b097496ea2b8ac177106a0e17092f4a7bffd509956d36c87ba3c68
                                                                              • Instruction Fuzzy Hash: 40D18D70900258DBDF14EBA4CC55BEDBB75BF94308F14809DE109B7292DB742E88CBA2
                                                                              Function 0062E150 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $.bmp$.gif$.jpg$.png$.tif$GIF87a$GIF89a$II*
                                                                              • API String ID: 0-3306191184
                                                                              • Opcode ID: 6dc3eb13527748a2239164700881f3d7ecabcdab1161bceb93f17ee1754aee08
                                                                              • Instruction ID: 9348ccce04772f24633f85be5817d5741f650bcc75094c4ed1f4730dfc715fff
                                                                              • Opcode Fuzzy Hash: 6dc3eb13527748a2239164700881f3d7ecabcdab1161bceb93f17ee1754aee08
                                                                              • Instruction Fuzzy Hash: 893139B0E002269AEB24DBA5AC01ABE7379FB15304F44453EF915E6741FA3DC70C8B61
                                                                              Function 0064F4C0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0064F4F1
                                                                              • SystemParametersInfoW.USER32(00000029,000001F8,000001F8,00000000), ref: 0064F513
                                                                              • CreateFontIndirectW.GDI32(?), ref: 0064F51D
                                                                              • GetDC.USER32(?), ref: 0064F530
                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 0064F547
                                                                              • MulDiv.KERNEL32(000000BC,00000000), ref: 0064F553
                                                                              • ReleaseDC.USER32(?,?), ref: 0064F56D
                                                                              • CreateWindowExW.USER32(00000008,SUMATRA_PDF_NOTIFICATION_WINDOW,?,40000001,00000008,00000008,00000000,00000000,?,00000000,00400000,00000000), ref: 0064F59A
                                                                              • SetWindowLongW.USER32(?,000000EB,?), ref: 0064F5BC
                                                                                • Part of subcall function 0060AB10: GetWindowLongW.USER32(?,0064F5E1), ref: 0060AB1C
                                                                                • Part of subcall function 0060AB10: SetWindowLongW.USER32(?,0064F5E1,000000EC), ref: 0060AB4F
                                                                                • Part of subcall function 0064F1E0: GetDC.USER32(?), ref: 0064F217
                                                                                • Part of subcall function 0064F1E0: SelectObject.GDI32(?,?), ref: 0064F22E
                                                                                • Part of subcall function 0064F1E0: DrawTextW.USER32(?,?,000000FF,?,00000C20), ref: 0064F24A
                                                                                • Part of subcall function 0064F1E0: SelectObject.GDI32(?,?), ref: 0064F258
                                                                                • Part of subcall function 0064F1E0: ReleaseDC.USER32(?,?), ref: 0064F26C
                                                                                • Part of subcall function 0064F1E0: SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006,00000006,00000006), ref: 0064F2F1
                                                                                • Part of subcall function 0064F1E0: GetParent.USER32(?), ref: 0064F3F0
                                                                              • ShowWindow.USER32(?,00000005,?,00000001), ref: 0064F601
                                                                              Strings
                                                                              • SUMATRA_PDF_NOTIFICATION_WINDOW, xrefs: 0064F593
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long$CreateObjectReleaseSelect$CapsDeviceDrawFontIndirectInfoParametersParentShowSystemText_memset
                                                                              • String ID: SUMATRA_PDF_NOTIFICATION_WINDOW
                                                                              • API String ID: 1603948226-3195588293
                                                                              • Opcode ID: ccd9dde3774d8e2bd0cb5421be42f01ea9f86decb06e5a316cd6795a8ac35ebe
                                                                              • Instruction ID: c10fb7b58cc1a00a2180ae8ed5dab7fbc58a975d5c83042011c58ef3926610c6
                                                                              • Opcode Fuzzy Hash: ccd9dde3774d8e2bd0cb5421be42f01ea9f86decb06e5a316cd6795a8ac35ebe
                                                                              • Instruction Fuzzy Hash: A0416575A40318AFD754DF54CC4DFAA77B5EB88700F008298F6599B2D2DB71A944CF60
                                                                              Function 004B886E Relevance: 18.1, APIs: 12, Instructions: 139COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ____lc_handle_func.LIBCMT ref: 004B88A2
                                                                              • ____lc_codepage_func.LIBCMT ref: 004B88AA
                                                                              • __GetLocaleForCP.LIBCPMT ref: 004B88D3
                                                                              • ____mb_cur_max_l_func.LIBCMT ref: 004B88E9
                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000009,?,00000002,00000000,00000000,?,?,?,?,0041B72A,?), ref: 004B8908
                                                                              • ____mb_cur_max_l_func.LIBCMT ref: 004B8916
                                                                              • ___pctype_func.LIBCMT ref: 004B893B
                                                                              • ____mb_cur_max_l_func.LIBCMT ref: 004B8961
                                                                              • ____mb_cur_max_l_func.LIBCMT ref: 004B8979
                                                                              • ____mb_cur_max_l_func.LIBCMT ref: 004B8991
                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000009,00000001,00000000,00000000,00000000,?,?,?,?,0041B72A,?), ref: 004B899E
                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000009,00000001,00000001,00000000,00000000,?,?,?,?,0041B72A,?), ref: 004B89CF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ____mb_cur_max_l_func$ByteCharMultiWide$Locale____lc_codepage_func____lc_handle_func___pctype_func
                                                                              • String ID:
                                                                              • API String ID: 3819326198-0
                                                                              • Opcode ID: 8a20cdb7afdd65dd11e48ce627b8a3090ca3de3b8834e7dfcae0bfd8c005a332
                                                                              • Instruction ID: 8a7bbe71008d005f567a966bd32bbe046638a6a42a952b4280a202f7fd687a44
                                                                              • Opcode Fuzzy Hash: 8a20cdb7afdd65dd11e48ce627b8a3090ca3de3b8834e7dfcae0bfd8c005a332
                                                                              • Instruction Fuzzy Hash: 9941E171104241AFDF206F21DC40BBA3BACAF51365F24842FF9559A2A1EF38C991DB79
                                                                              Function 00640EB0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 134timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • KillTimer.USER32(00000064,00000001), ref: 00640EF3
                                                                              • KillTimer.USER32(?,00000003,?,?), ref: 00640FAE
                                                                              • SetCursor.USER32(00000000), ref: 00640FC2
                                                                              • SetTimer.USER32(?,00000004,00000064,00000000), ref: 00640FF8
                                                                              • KillTimer.USER32(?,00000005), ref: 0064104D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Timer$Kill$Cursor
                                                                              • String ID: d
                                                                              • API String ID: 3463508864-2564639436
                                                                              • Opcode ID: 473e0325af97476eb459883aa9f15bb50a48b476bc8cd29dbf0dfc203ef9d253
                                                                              • Instruction ID: 42fbecfd6324e38daf0ebadbf7fc67946958204f2b4a374cd2090680d9c54a28
                                                                              • Opcode Fuzzy Hash: 473e0325af97476eb459883aa9f15bb50a48b476bc8cd29dbf0dfc203ef9d253
                                                                              • Instruction Fuzzy Hash: 32515C74201208EFDB54DF54C889FAA7BB2BB45745F148169FA094F391CB72EA81CF90
                                                                              Function 00606050 Relevance: 16.7, APIs: 11, Instructions: 228COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __aulldiv.LIBCMT ref: 00606086
                                                                              • __aullrem.LIBCMT ref: 006060AA
                                                                              • EnterCriticalSection.KERNEL32(-0000001C,?,00000000,?,?,?,00000000,?,?), ref: 00606110
                                                                              • EnterCriticalSection.KERNEL32(-00000034), ref: 00606121
                                                                              • __aullrem.LIBCMT ref: 0060613F
                                                                              • __aullrem.LIBCMT ref: 00606197
                                                                              • __aullrem.LIBCMT ref: 006061CE
                                                                              • EnterCriticalSection.KERNEL32(-00000034,?,?,00000000), ref: 00606201
                                                                              • EnterCriticalSection.KERNEL32(-0000001C), ref: 00606212
                                                                              • EnterCriticalSection.KERNEL32(-00000034,00000000,?,00000008,00000000,?,?,?,00000000), ref: 0060622E
                                                                              • EnterCriticalSection.KERNEL32(-0000001C,?,?,?,?,?,?,00000000), ref: 006062D8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterSection$__aullrem$__aulldiv
                                                                              • String ID:
                                                                              • API String ID: 535252412-0
                                                                              • Opcode ID: 8386fc2368acc6f6b231f8bfdf8b4721437a4fd5caabac1906dc01d7646ff388
                                                                              • Instruction ID: bb4b4e8fa21afe2d05066bfc7854d217f9082cfbbcc5e0e4e2b5d3ba31042cf5
                                                                              • Opcode Fuzzy Hash: 8386fc2368acc6f6b231f8bfdf8b4721437a4fd5caabac1906dc01d7646ff388
                                                                              • Instruction Fuzzy Hash: 2591EBB4A00109AFCB18DF98D894EEFB7B6BF88314F148568F519AB345D730E951CBA4
                                                                              Function 0064F1E0 Relevance: 16.7, APIs: 11, Instructions: 222COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00415880: GetClientRect.USER32(?,?), ref: 00415899
                                                                              • GetDC.USER32(?), ref: 0064F217
                                                                              • SelectObject.GDI32(?,?), ref: 0064F22E
                                                                              • DrawTextW.USER32(?,?,000000FF,?,00000C20), ref: 0064F24A
                                                                              • SelectObject.GDI32(?,?), ref: 0064F258
                                                                              • ReleaseDC.USER32(?,?), ref: 0064F26C
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006,00000006,00000006), ref: 0064F2F1
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006,00000006,00000006), ref: 0064F3D0
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006,00000006,00000006), ref: 0064F38B
                                                                                • Part of subcall function 00413BC0: GetWindowRect.USER32(?,?), ref: 00413BD9
                                                                              • GetParent.USER32(?), ref: 0064F3F0
                                                                              • GetSystemMetrics.USER32(00000002), ref: 0064F47F
                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005), ref: 0064F4A4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ObjectRectSelect$ClientDrawMetricsParentReleaseSystemText
                                                                              • String ID:
                                                                              • API String ID: 659622181-0
                                                                              • Opcode ID: 4c3d4672683f6373ad29db294c04adf87fdbc307a4d0d42c29ee69a070a5552b
                                                                              • Instruction ID: f3baeff206cea84dd1130ba0953c04375d5757b6f16c65b8fc2909b4d72caf01
                                                                              • Opcode Fuzzy Hash: 4c3d4672683f6373ad29db294c04adf87fdbc307a4d0d42c29ee69a070a5552b
                                                                              • Instruction Fuzzy Hash: E3A1E675A102189FDB14DF98C995FEEBBB6FF88300F148199E509AB391D770A941CFA0
                                                                              Function 0069A540 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 298COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00426150: _memset.LIBCMT ref: 00426193
                                                                              • InvalidateRect.USER32(000000F6,00000000,00000000,7F608707), ref: 0069A5C3
                                                                              • _Smanip.LIBCPMTD ref: 0069A60D
                                                                              • _Smanip.LIBCPMTD ref: 0069A6A3
                                                                              Strings
                                                                              • Cannot start inverse search command. Please check the command line in the settings., xrefs: 0069A839
                                                                              • No synchronization info at this position, xrefs: 0069A760
                                                                              • Synchronization file cannot be opened, xrefs: 0069A670
                                                                              • No synchronization file found, xrefs: 0069A643
                                                                              • Cannot start inverse search command. Please check the command line in the settings., xrefs: 0069A872
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Smanip$InvalidateRect_memset
                                                                              • String ID: Cannot start inverse search command. Please check the command line in the settings.$Cannot start inverse search command. Please check the command line in the settings.$No synchronization file found$No synchronization info at this position$Synchronization file cannot be opened
                                                                              • API String ID: 2693421350-1197959977
                                                                              • Opcode ID: c2d82ecaed491dcbf824f65b3c7792681b44d9713695017b906095b1190132f4
                                                                              • Instruction ID: 01291fa5772e28202cf379be84a8cdd7ba61fde3d37bd725dc9ca9dcd7d8123b
                                                                              • Opcode Fuzzy Hash: c2d82ecaed491dcbf824f65b3c7792681b44d9713695017b906095b1190132f4
                                                                              • Instruction Fuzzy Hash: F2B1D5B5A04204AFCF04DF94DC81FEE77BAAF48304F14816DF505AB292DB74A945CBA5
                                                                              Function 005BCDD0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 273COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 005BCF7D
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                              • _memset.LIBCMT ref: 005BD0FB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset$Exception@8Throw_abort_strlen
                                                                              • String ID: &$.\ext\libdjvu\IFFByteStream.cpp$.\ext\libdjvu\IFFByteStream.cpp$.\ext\libdjvu\IFFByteStream.cpp$A$T$T
                                                                              • API String ID: 2007250771-3431506327
                                                                              • Opcode ID: a2b0f735cc79dafa556dcb4585292cd75dc90a227cdee4630467b08676053fbd
                                                                              • Instruction ID: 68820d53bd68268e4a69486b1f5bdf1a1f272cb1383e70aa74329f2d50d88cf8
                                                                              • Opcode Fuzzy Hash: a2b0f735cc79dafa556dcb4585292cd75dc90a227cdee4630467b08676053fbd
                                                                              • Instruction Fuzzy Hash: F7C15EB4E00209DFDB14DF54D885BEEBBB5BF48304F208159E915AB382D774AA45CF94
                                                                              Function 00548440 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen_wcslen$_sprintf_swprintf
                                                                              • String ID: %.*s(%d)%s$%.*s(%d)%s
                                                                              • API String ID: 2183280086-4084833288
                                                                              • Opcode ID: 4b86a7005939ba3065db113e1cac4aa1aecf0377848cdc68ddae739caa497bb0
                                                                              • Instruction ID: 0fabcd6043f0dbcdb957cf8a6c8163aebdc925263f79cab47a6d08a63ae35579
                                                                              • Opcode Fuzzy Hash: 4b86a7005939ba3065db113e1cac4aa1aecf0377848cdc68ddae739caa497bb0
                                                                              • Instruction Fuzzy Hash: 6D517A75900209ABDF64DF64C845BFE7BB4BF44308F04C5A9A8598A241EF78DAC8CF91
                                                                              Function 0045EBF0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: type_info::operator!=$_strncmp
                                                                              • String ID: 8l$8l$8l$8l$ThisPointer:$ValueNames
                                                                              • API String ID: 1550957719-1471056921
                                                                              • Opcode ID: dc9a8d46e7d53aa8413828013f32504f1c6a01817ff7b42151125433db98420b
                                                                              • Instruction ID: 71ca769f42779562b215f7fa209d9cf4a649bb16897470a392fb1259779c0e44
                                                                              • Opcode Fuzzy Hash: dc9a8d46e7d53aa8413828013f32504f1c6a01817ff7b42151125433db98420b
                                                                              • Instruction Fuzzy Hash: AE4128702443415BD7259F368851B27BBE69FA1718F08892EF8D64B383D77AE90CC366
                                                                              Function 004AE7C3 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • UnDecorator::UScore.LIBCMT ref: 004AE7CD
                                                                              • DName::DName.LIBCMT ref: 004AE7D9
                                                                                • Part of subcall function 004AC7C3: DName::doPchar.LIBCMT ref: 004AC7F0
                                                                              • DName::DName.LIBCMT ref: 004AE806
                                                                                • Part of subcall function 004AC488: DNameStatusNode::make.LIBCMT ref: 004AC4B6
                                                                              • UnDecorator::getScopedName.LIBCMT ref: 004AE814
                                                                              • DName::operator+=.LIBCMT ref: 004AE81E
                                                                              • DName::operator+=.LIBCMT ref: 004AE82D
                                                                              • DName::operator+=.LIBCMT ref: 004AE839
                                                                              • DName::operator+=.LIBCMT ref: 004AE846
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: NameName::operator+=$Name::$Decorator::Decorator::getName::doNode::makePcharScopedScoreStatus
                                                                              • String ID: void
                                                                              • API String ID: 2229739886-3531332078
                                                                              • Opcode ID: 3dce3703e95dc824a06fe4d60ab743f8c06f0a86225f3e0c37efae4fd6825be0
                                                                              • Instruction ID: fd0cc4de36c8fb4f5e136c0dabde23d048eec290062e7cf389a48af11b18cdcb
                                                                              • Opcode Fuzzy Hash: 3dce3703e95dc824a06fe4d60ab743f8c06f0a86225f3e0c37efae4fd6825be0
                                                                              • Instruction Fuzzy Hash: 52110874904209ABDB08FBA5C896EED7B749B33708F44005FF4129B2D2DB78AE41CB59
                                                                              Function 0063ED10 Relevance: 15.2, APIs: 10, Instructions: 248windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,000000F6,00000000,00642B9D), ref: 0063ED7B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: ad689d582fbef41ec1a94bcc1ea4990d2a32ed0be37fa37f2b4c13f1de23edcc
                                                                              • Instruction ID: 080fe276de5d610a088fca9a1b5ae326e06d53eaf02932b73795a5da3e551331
                                                                              • Opcode Fuzzy Hash: ad689d582fbef41ec1a94bcc1ea4990d2a32ed0be37fa37f2b4c13f1de23edcc
                                                                              • Instruction Fuzzy Hash: CEA17F74600209EFDB08CF54C895BFA77B2BF48304F148569F9499B381D735E982DBA4
                                                                              Function 0063B7B0 Relevance: 15.2, APIs: 10, Instructions: 241COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0063B7E4
                                                                              • CreatePen.GDI32(00000000,00000001,00FFFF00), ref: 0063B801
                                                                              • SelectObject.GDI32(?,?), ref: 0063B812
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CreateIterator_baseIterator_base::_ObjectSelectstd::_
                                                                              • String ID:
                                                                              • API String ID: 1122999871-0
                                                                              • Opcode ID: b827456b76d36e91ab135422d05a931278a5d09a580ded1af2664b7dd1ed6fdf
                                                                              • Instruction ID: 664babe59be9443aa943d5ce911a55e305afb01ad4ad01c598aae0cbed4f24e1
                                                                              • Opcode Fuzzy Hash: b827456b76d36e91ab135422d05a931278a5d09a580ded1af2664b7dd1ed6fdf
                                                                              • Instruction Fuzzy Hash: 84A1FB75A00208DFCB04DFA5D895FEEBBB6FF49300F149159E609AB291DB34A981CF94
                                                                              Function 0063AE70 Relevance: 15.1, APIs: 10, Instructions: 147windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateCompatibleDC.GDI32(0069A525), ref: 0063AECC
                                                                              • CreateCompatibleBitmap.GDI32(0069A525,00000000,00000233), ref: 0063AEE7
                                                                              • SelectObject.GDI32(?,?), ref: 0063AEF8
                                                                              • FillRect.USER32(?,00000000,?), ref: 0063AF4F
                                                                              • CreateSolidBrush.GDI32(?), ref: 0063AF6D
                                                                              • FillRect.USER32(?,00000000,?), ref: 0063AF8B
                                                                              • DeleteObject.GDI32(?), ref: 0063AF95
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Create$CompatibleFillObjectRect$BitmapBrushDeleteSelectSolid
                                                                              • String ID:
                                                                              • API String ID: 1676783917-0
                                                                              • Opcode ID: bd88a048e66c7aa0729c1c2038b1893fa2bbc83fac2e8e48ac0afcf8a02cde28
                                                                              • Instruction ID: 26643eb3cb06dfa5d7938f6ae4afdba33ff716ff3edeeec917909e185cd301ec
                                                                              • Opcode Fuzzy Hash: bd88a048e66c7aa0729c1c2038b1893fa2bbc83fac2e8e48ac0afcf8a02cde28
                                                                              • Instruction Fuzzy Hash: F95196B5A00109AFCB04DF98D895DEEB7B9AF8C314F14C249F91997351DA35E942CBA0
                                                                              Function 0063E230 Relevance: 15.1, APIs: 10, Instructions: 131timewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Parent$Window$CursorKillLongMenuShowTimer
                                                                              • String ID:
                                                                              • API String ID: 3274357798-0
                                                                              • Opcode ID: 683eaf5b41f80f98080e60c2d575abaa00e8b9f1bb0a8763dc33f42743791b35
                                                                              • Instruction ID: 4b5378a3a3a38677d89192bd18d5b74dba7932df5fb4378bdc17218e5f216aff
                                                                              • Opcode Fuzzy Hash: 683eaf5b41f80f98080e60c2d575abaa00e8b9f1bb0a8763dc33f42743791b35
                                                                              • Instruction Fuzzy Hash: 41513174614244AFDB04DF64C898FBA7BB6AF85315F18C19CF9494B392C636DA41CBA0
                                                                              Function 00495938 Relevance: 15.1, APIs: 10, Instructions: 95COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __calloc_crt.LIBCMT ref: 00495951
                                                                                • Part of subcall function 004A0E46: __calloc_impl.LIBCMT ref: 004A0E57
                                                                                • Part of subcall function 004A0E46: Sleep.KERNEL32(00000000,00000000,00497F10,0048FF95), ref: 004A0E6E
                                                                              • __calloc_crt.LIBCMT ref: 00495975
                                                                              • __calloc_crt.LIBCMT ref: 00495991
                                                                              • __copytlocinfo_nolock.LIBCMT ref: 004959B6
                                                                              • __setlocale_nolock.LIBCMT ref: 004959C3
                                                                              • ___removelocaleref.LIBCMT ref: 004959CF
                                                                              • ___freetlocinfo.LIBCMT ref: 004959D6
                                                                              • __setmbcp_nolock.LIBCMT ref: 004959EE
                                                                              • ___removelocaleref.LIBCMT ref: 00495A03
                                                                              • ___freetlocinfo.LIBCMT ref: 00495A0A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                              • String ID:
                                                                              • API String ID: 2969281212-0
                                                                              • Opcode ID: 25fb7fe31f471d4a68549687aa071c8ec8bb4315e3699ec25d438aae61a2d68f
                                                                              • Instruction ID: 622a45363431b0504016defb99390b4af14a7ab97bb29433ecf784c93d763ffa
                                                                              • Opcode Fuzzy Hash: 25fb7fe31f471d4a68549687aa071c8ec8bb4315e3699ec25d438aae61a2d68f
                                                                              • Instruction Fuzzy Hash: 7921EF35105A00EFEF237F26E802D1BBFE5DF82764B30483FF58566251EA2A98418B5D
                                                                              Function 006020C0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 419COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: .\ext\libdjvu\ddjvuapi.cpp$.\ext\libdjvu\ddjvuapi.cpp$.\ext\libdjvu\ddjvuapi.cpp$Illegal file number$Illegal file number$Illegal file number$P
                                                                              • API String ID: 2102423945-4225337367
                                                                              • Opcode ID: f007d78b690b1e832dfaf7afd44cd079ba6ad8268d2a608e178630cca9ee3858
                                                                              • Instruction ID: a10eaac6ae32d78975ad1039335a4f61be832f7a23025c92c0c5b540b223ab21
                                                                              • Opcode Fuzzy Hash: f007d78b690b1e832dfaf7afd44cd079ba6ad8268d2a608e178630cca9ee3858
                                                                              • Instruction Fuzzy Hash: D4028D70D00259DBCF18EFA5D855BEEBBB5AF14308F5040ADE406A7282EB785E48CF95
                                                                              Function 00644280 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0060AFC0: _memset.LIBCMT ref: 0060AFDF
                                                                                • Part of subcall function 0060AFC0: GetDeviceCaps.GDI32(?,0000005A), ref: 0060AFF6
                                                                                • Part of subcall function 0060AFC0: MulDiv.KERNEL32(?,00000000), ref: 0060B001
                                                                                • Part of subcall function 0060AFC0: CreateFontIndirectW.GDI32(00000000), ref: 0060B057
                                                                              • SelectObject.GDI32(00000076,?), ref: 006442BA
                                                                              • SelectObject.GDI32(00000076,?), ref: 006442FC
                                                                              • GetTextExtentPoint32W.GDI32(00000076,00000000,00000000,?), ref: 00644347
                                                                              • SelectObject.GDI32(00000076,?), ref: 0064438F
                                                                              • GetTextExtentPoint32W.GDI32(00000076,00937D2C,00000000,?), ref: 006443DC
                                                                              • SelectObject.GDI32(00000076,?), ref: 00644552
                                                                                • Part of subcall function 00418A90: DeleteObject.GDI32(?), ref: 00418A97
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Select$ExtentPoint32Text$CapsCreateDeleteDeviceFontIndirect_memset
                                                                              • String ID: Arial$Arial
                                                                              • API String ID: 4285428343-1763068633
                                                                              • Opcode ID: 89f05ad365480c5e3f1f7d4c735373734d580273d3ed3c206343bc1a52ada1ab
                                                                              • Instruction ID: 960fd73d1fa83592351bf2ff943efb5c23b4683356786da8f751b9e880d3f136
                                                                              • Opcode Fuzzy Hash: 89f05ad365480c5e3f1f7d4c735373734d580273d3ed3c206343bc1a52ada1ab
                                                                              • Instruction Fuzzy Hash: 69B1A4B4E00209DFCB04CFD9D985A9EBBB6FF88304F148159E819AB355DB30A946CF94
                                                                              Function 0061FA80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 151COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0061FAAA
                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,0089FF3C), ref: 0061FAED
                                                                              • _memset.LIBCMT ref: 0061FB24
                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,?,00000018), ref: 0061FC1A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentProcess_memset
                                                                              • String ID: %02X:$ %s$ %s+%d$!%s+0x%x
                                                                              • API String ID: 2861412193-2301323899
                                                                              • Opcode ID: 136fe22f02b3c2fa94cf650d87ff87b17d3427ffc1ad1a07907a74c33bc995a3
                                                                              • Instruction ID: 23b19976f74964db78a8224d6772ccd6c6ad1ac310f38fe6279206f2053fa3e5
                                                                              • Opcode Fuzzy Hash: 136fe22f02b3c2fa94cf650d87ff87b17d3427ffc1ad1a07907a74c33bc995a3
                                                                              • Instruction Fuzzy Hash: 0E5152B5A00218ABDB18DF94DC85FEF77B9BB48304F04859CF51997242DB749B84CB90
                                                                              Function 0048411B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStockObject.GDI32(00000011), ref: 00484143
                                                                              • GetStockObject.GDI32(0000000D), ref: 0048414B
                                                                              • GetObjectW.GDI32(00000000,0000005C,?), ref: 00484158
                                                                              • GetDC.USER32(00000000), ref: 00484167
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0048417B
                                                                              • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 00484187
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00484193
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Stock$CapsDeviceRelease
                                                                              • String ID: System
                                                                              • API String ID: 46613423-3470857405
                                                                              • Opcode ID: 69c7763699f6bfdc997b33a676395510c87d691d8a942d3c23462aa66b657888
                                                                              • Instruction ID: 496a469470cb615ca24d5a0800815aef9767e3a18aff15dbf1cb94ab6f9cfef6
                                                                              • Opcode Fuzzy Hash: 69c7763699f6bfdc997b33a676395510c87d691d8a942d3c23462aa66b657888
                                                                              • Instruction Fuzzy Hash: A2116D71A10319ABEB10ABA1DC4DFBF7BA9EB95745F00002AFA059B280DB749D44CB74
                                                                              Function 0061F0B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 53fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,80000080,00000000), ref: 0061F0E1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID: P[b$SUMATRAPDF_FULLDUMP$pa
                                                                              • API String ID: 823142352-3728847384
                                                                              • Opcode ID: 62b52150839f175781a42666705b57d306f6c03f5a8001172fb22237b530a8e9
                                                                              • Instruction ID: fed8511529661a5a4af005d4a2ad2554a2b922b4167616e19b943d638663bb4b
                                                                              • Opcode Fuzzy Hash: 62b52150839f175781a42666705b57d306f6c03f5a8001172fb22237b530a8e9
                                                                              • Instruction Fuzzy Hash: 5111FA70A40308FBEB209FA0DC4EFAE7BB9FB04705F204559E615A62D1CBB4A9419B64
                                                                              Function 00480E4F Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_catch.LIBCMT ref: 00480E56
                                                                              • EnterCriticalSection.KERNEL32(00000000,00000010,004810F7,?,00000000,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2,00412C18,00412C18), ref: 00480E67
                                                                              • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2,00412C18,00412C18,00000000), ref: 00480E85
                                                                              • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2), ref: 00480EB9
                                                                              • LeaveCriticalSection.KERNEL32(0040DD6C,?,?,00000000,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2), ref: 00480F25
                                                                              • _memset.LIBCMT ref: 00480F44
                                                                              • TlsSetValue.KERNEL32(?,00000000,?,00412BB2), ref: 00480F55
                                                                              • LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2,00412C18,00412C18,00000000), ref: 00480F76
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                              • String ID:
                                                                              • API String ID: 1891723912-0
                                                                              • Opcode ID: 54737b35d7a3bfa441a3b06ad15b9bc1dd2c87a62ad41bcf9d0b0f5cf1db404c
                                                                              • Instruction ID: b8f7273a48ecf1564530fdfcd275156738b80f48eec6be5efb3943297bead42d
                                                                              • Opcode Fuzzy Hash: 54737b35d7a3bfa441a3b06ad15b9bc1dd2c87a62ad41bcf9d0b0f5cf1db404c
                                                                              • Instruction Fuzzy Hash: 9B31B070410605EFCB24AF10C885CAEBBB1EF04310B10CA2FEA5697660C778AD95CF99
                                                                              Function 0067F290 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 399COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0067ED90: _DebugHeapAllocator.LIBCPMTD ref: 0067EE09
                                                                                • Part of subcall function 0067ED90: _DebugHeapAllocator.LIBCPMTD ref: 0067EE19
                                                                                • Part of subcall function 0067ED90: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0067EE3A
                                                                              • Mailbox.LIBCMTD ref: 0067F353
                                                                              • Mailbox.LIBCMTD ref: 0067F391
                                                                                • Part of subcall function 0067F290: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0067F53B
                                                                                • Part of subcall function 005AE270: _DebugHeapAllocator.LIBCPMTD ref: 005AE2C6
                                                                                • Part of subcall function 005AE270: _DebugHeapAllocator.LIBCPMTD ref: 005AE2FC
                                                                                • Part of subcall function 005BDE10: _DebugHeapAllocator.LIBCPMTD ref: 005BDE74
                                                                                • Part of subcall function 0042A4C0: std::locale::_Locimp::_Addfac.LIBCPMTD ref: 0042A4D0
                                                                              • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 0067F634
                                                                              • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 0067F717
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorDebugHeap$Concurrency::cancellation_token_source::~cancellation_token_sourceConcurrency::task_options::get_schedulerMailbox$AddfacLocimp::_std::locale::_
                                                                              • String ID: ANTz$FORM:ANNO
                                                                              • API String ID: 3772884909-1329426474
                                                                              • Opcode ID: db06d0e6f07debb19823de67407b1a598d25e632f1124a0f18002f338a14c8de
                                                                              • Instruction ID: f61cbe04a33c2ad41bd962e6e5f72ae8d6eab9d7f414d45909889a63088239f2
                                                                              • Opcode Fuzzy Hash: db06d0e6f07debb19823de67407b1a598d25e632f1124a0f18002f338a14c8de
                                                                              • Instruction Fuzzy Hash: 87F15030A002099BCF14EFA5D855BEE77B6AF54304F50816DF40AAB292DF38AE45CB95
                                                                              Function 00685370 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 327COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 0068553C
                                                                              • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 006856A6
                                                                              • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 006857DB
                                                                              Strings
                                                                              • .\ext\libdjvu\DjVuDocument.cpp, xrefs: 0068583A
                                                                              • .\ext\libdjvu\DjVuDocument.cpp, xrefs: 0068563D
                                                                              • .\ext\libdjvu\DjVuDocument.cpp, xrefs: 00685434
                                                                              • .\ext\libdjvu\DjVuDocument.cpp, xrefs: 0068574A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                              • String ID: .\ext\libdjvu\DjVuDocument.cpp$.\ext\libdjvu\DjVuDocument.cpp$.\ext\libdjvu\DjVuDocument.cpp$.\ext\libdjvu\DjVuDocument.cpp
                                                                              • API String ID: 116670465-2029909709
                                                                              • Opcode ID: 9b98a71136d9aa5c0b504a66fa0e85fee17e31d242eb356770b57b32b4774aec
                                                                              • Instruction ID: 83ed77ec2cf906c7165b8883d5ba29ccc076f5de7293736773585a2de475f998
                                                                              • Opcode Fuzzy Hash: 9b98a71136d9aa5c0b504a66fa0e85fee17e31d242eb356770b57b32b4774aec
                                                                              • Instruction Fuzzy Hash: FEE16970904218ABDF64EB68DC5ABDDBBB1BF54308F4081D9E10AA7282DB746F85CF51
                                                                              Function 00599840 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 271COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • task.LIBCPMTD ref: 00599B7A
                                                                                • Part of subcall function 0059B1A0: _strncmp.LIBCMT ref: 0059B1E2
                                                                                • Part of subcall function 00552E80: task.LIBCPMTD ref: 00552EBF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: task$_strncmp
                                                                              • String ID: %c%c%c$///$//localhost/$file:
                                                                              • API String ID: 67972630-1946236878
                                                                              • Opcode ID: 792d1061c8656f0f5a511357be1c10b5f2d8ab242bb9b3da59c48c2d184eb7dc
                                                                              • Instruction ID: 974216d7219dea3c2bbb32d155173f695eb39ca7f557c46c290cb6da2ef22695
                                                                              • Opcode Fuzzy Hash: 792d1061c8656f0f5a511357be1c10b5f2d8ab242bb9b3da59c48c2d184eb7dc
                                                                              • Instruction Fuzzy Hash: 11B16D71D04298DBDF04DBE8D995AEEBFB5BF95304F58405DE401BB282DB38AA04CB61
                                                                              Function 005AFC00 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 212memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Mailbox.LIBCMTD ref: 005AFDF7
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                              • Mailbox.LIBCMTD ref: 005AFE22
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 005AFE36
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005AFECB
                                                                              Strings
                                                                              • .\ext\libdjvu\DataPool.cpp, xrefs: 005AFC9B
                                                                              • .\ext\libdjvu\DataPool.cpp, xrefs: 005AFCF3
                                                                              • .\ext\libdjvu\DataPool.cpp, xrefs: 005AFC43
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Mailbox$AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugException@8HeapThrow_abort_strlen
                                                                              • String ID: .\ext\libdjvu\DataPool.cpp$.\ext\libdjvu\DataPool.cpp$.\ext\libdjvu\DataPool.cpp
                                                                              • API String ID: 1022519937-3492350876
                                                                              • Opcode ID: 27e52130aeda8453c498e82497192e73bee25dbb71a5bea5bcb518efa2512474
                                                                              • Instruction ID: 5c7ea1a841da191bf689ed95f253a74982c9c680b4c66ff42cd9da2232d30b7f
                                                                              • Opcode Fuzzy Hash: 27e52130aeda8453c498e82497192e73bee25dbb71a5bea5bcb518efa2512474
                                                                              • Instruction Fuzzy Hash: 2C916E70A00209DBDF18EBA4C855BAEBBB5FF44308F50416DE512AB2D3DB38A945CF94
                                                                              Function 00418860 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 0041886B
                                                                              • _malloc.LIBCMT ref: 004188DE
                                                                                • Part of subcall function 0048FE54: __FF_MSGBANNER.LIBCMT ref: 0048FE77
                                                                                • Part of subcall function 0048FE54: __NMSG_WRITE.LIBCMT ref: 0048FE7E
                                                                                • Part of subcall function 0048FE54: RtlAllocateHeap.NTDLL(00000000,00497F01,00000001,00000000,00000000,?,004A0E12,00497F10,00000001,00497F10,?,0049A842,00000018,009616B8,0000000C,0049A8D3), ref: 0048FECB
                                                                              • GetDIBits.GDI32(?,?,00000000,?,a`a,00000028,00000000), ref: 00418906
                                                                              • SetDIBits.GDI32(?,?,00000000,?,a`a,00000028,00000000), ref: 004189D2
                                                                              • ReleaseDC.USER32(00000000,?), ref: 004189EA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Bits$AllocateHeapRelease_malloc
                                                                              • String ID: ($a`a
                                                                              • API String ID: 405145578-245248207
                                                                              • Opcode ID: be1427b9c755ed5748b84fd40cebcde789fb3de1592d84219186a2f7d0b784f1
                                                                              • Instruction ID: f88a5cf1797c903db5dacef2353d1977256d3d71793acb2224dc28f589e8dc60
                                                                              • Opcode Fuzzy Hash: be1427b9c755ed5748b84fd40cebcde789fb3de1592d84219186a2f7d0b784f1
                                                                              • Instruction Fuzzy Hash: 5151E3B4D01208EFDB04CF99D994BEEBBB5FF48300F20815AE909AB390D735A941CB55
                                                                              Function 00474479 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117threadwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004743C7: GetParent.USER32(?), ref: 0047441B
                                                                                • Part of subcall function 004743C7: GetLastActivePopup.USER32(?), ref: 0047442C
                                                                                • Part of subcall function 004743C7: IsWindowEnabled.USER32(?), ref: 00474440
                                                                                • Part of subcall function 004743C7: EnableWindow.USER32(?,00000000), ref: 00474453
                                                                              • EnableWindow.USER32(?,00000001), ref: 004744C6
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 004744DA
                                                                              • GetCurrentProcessId.KERNEL32 ref: 004744E4
                                                                              • SendMessageW.USER32(?,00000376,00000000,00000000), ref: 004744FC
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00474578
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 004745BF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                              • String ID: 0
                                                                              • API String ID: 1877664794-4108050209
                                                                              • Opcode ID: 3dbce8f0a50f564db6cc2c8e003b761bc26d681f1ab4f2fb856babe40b5cd791
                                                                              • Instruction ID: 0e050a8010794ad179bfda69e9b0a3f4b8d9ba9a3e6897374b7c1dfaede19c44
                                                                              • Opcode Fuzzy Hash: 3dbce8f0a50f564db6cc2c8e003b761bc26d681f1ab4f2fb856babe40b5cd791
                                                                              • Instruction Fuzzy Hash: 3541C431A00218ABCB209F64CC89BFAB7B9EF94314F14459AF91DE7290D774DE808B64
                                                                              Function 00694710 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: %!PS-Adobe-$%!PS-Adobe-$.eps$.ps$.ps.gz$7hA
                                                                              • API String ID: 2102423945-4034317451
                                                                              • Opcode ID: d6ae6f9e7b4b7db8ce598f6ac534cde5084244c39701b166a1ca6bbeb44f74d5
                                                                              • Instruction ID: e537a8bacd2d1fd6a7500bfdfe2ca63e66278dd719091544baf6dea1c770e379
                                                                              • Opcode Fuzzy Hash: d6ae6f9e7b4b7db8ce598f6ac534cde5084244c39701b166a1ca6bbeb44f74d5
                                                                              • Instruction Fuzzy Hash: 7441E9F4D0021866DF24DB11AD41BF976796F41308F4040EDEA486B782EF78DA8B9B68
                                                                              Function 005FD480 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 106COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005FD4ED
                                                                              • Mailbox.LIBCMTD ref: 005FD52C
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005FD54B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$Mailbox
                                                                              • String ID: '.c$'.c
                                                                              • API String ID: 3796857456-3115114613
                                                                              • Opcode ID: b3774b32d404141d2a1bdb57b67d13ec1545e5c0a66c233684adf42712aae0a6
                                                                              • Instruction ID: f27e2a9273e6d4f9006d9b23d4f207d9588995050fcd7303323db1c0cabc6f16
                                                                              • Opcode Fuzzy Hash: b3774b32d404141d2a1bdb57b67d13ec1545e5c0a66c233684adf42712aae0a6
                                                                              • Instruction Fuzzy Hash: 02413471900108ABDB08EFA9D891BFEBB76FF58348F44451DF506A7282DB386944CBA5
                                                                              Function 005FD5E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 106COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005FD64D
                                                                              • Mailbox.LIBCMTD ref: 005FD68C
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005FD6AB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$Mailbox
                                                                              • String ID: '.c$'.c
                                                                              • API String ID: 3796857456-3115114613
                                                                              • Opcode ID: 390a84051b0b0d618b573b21966e08c3d5e9d307272248c8c27324270c27820c
                                                                              • Instruction ID: c8c7a0629dfe80c81af436f1b6d27b82a9dd77d4a7a952545b8a6bbd916647e4
                                                                              • Opcode Fuzzy Hash: 390a84051b0b0d618b573b21966e08c3d5e9d307272248c8c27324270c27820c
                                                                              • Instruction Fuzzy Hash: E1414471D00108ABDB08EFA9D891BEEBB75FF44348F44401DF506A7282DF385A44CBA5
                                                                              Function 0058CC30 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 55fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 0058CC5B
                                                                              • ReadFile.KERNEL32(0FFFF47D,00004E20,0058D54D,?,00000000,0058D54D), ref: 0058CC7C
                                                                              • GetLastError.KERNEL32 ref: 0058CCBA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileHandleLastRead
                                                                              • String ID: N$ N N$ N N$ N N
                                                                              • API String ID: 1699850967-354548074
                                                                              • Opcode ID: 0cbce9070139f5623e042b2e1f9f1f59afe4013b065f7cfc045e892c6e1cfb53
                                                                              • Instruction ID: baf99008f465466240b2bd7f666995f06a2d38cd77c4a95620399f0ea0319ca8
                                                                              • Opcode Fuzzy Hash: 0cbce9070139f5623e042b2e1f9f1f59afe4013b065f7cfc045e892c6e1cfb53
                                                                              • Instruction Fuzzy Hash: 6A115B71900108EBCB14EF95E5498ADBFB9BF48321F10C259EE29AB280C774DE00DF60
                                                                              Function 006364E0 Relevance: 12.1, APIs: 8, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteObject.GDI32(00000000), ref: 0063652C
                                                                              • std::bad_exception::~bad_exception.LIBCMTD ref: 0063653B
                                                                              • std::bad_exception::~bad_exception.LIBCMTD ref: 0063654D
                                                                              • std::bad_exception::~bad_exception.LIBCMTD ref: 0063655F
                                                                              • std::bad_exception::~bad_exception.LIBCMTD ref: 00636571
                                                                              • std::bad_exception::~bad_exception.LIBCMTD ref: 00636583
                                                                              • std::bad_exception::~bad_exception.LIBCMTD ref: 00636595
                                                                              • ~_Task_impl.LIBCPMT ref: 006365B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: std::bad_exception::~bad_exception$DeleteObjectTask_impl
                                                                              • String ID:
                                                                              • API String ID: 2682972350-0
                                                                              • Opcode ID: 99edc4f5ca3de220bc801ef3e7472700df093777f6344ec8b129b74af456d6be
                                                                              • Instruction ID: 884a7a84e97ff8046f84630d459919f004ead4b46a153607638120248018f765
                                                                              • Opcode Fuzzy Hash: 99edc4f5ca3de220bc801ef3e7472700df093777f6344ec8b129b74af456d6be
                                                                              • Instruction Fuzzy Hash: F4217F70A05259DBDB04EF98D854BBEB771FF41308F54466DE0216B3C2CB792904CB59
                                                                              Function 0063CE40 Relevance: 10.8, APIs: 7, Instructions: 322windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFocus.USER32 ref: 0063CF82
                                                                              • GetFocus.USER32 ref: 0063CF93
                                                                              • SetFocus.USER32(00000233), ref: 0063CFAB
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,0063D8C8,00000004), ref: 0063CFCA
                                                                              • ShowWindow.USER32(006C0DAA,00000000), ref: 0063CFDC
                                                                              • ShowWindow.USER32(?,00000000), ref: 0063CFEE
                                                                              • ShowWindow.USER32(?,00000000), ref: 0063D000
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window$FocusShow
                                                                              • String ID:
                                                                              • API String ID: 3888801190-0
                                                                              • Opcode ID: 731cd523c66755c103f203ab57123f757445bf4aef705e6412d22f7d818e0635
                                                                              • Instruction ID: 08a04af10eac435dcb825c660300ce958904475c3d03c40f5ecf6077e65e1d51
                                                                              • Opcode Fuzzy Hash: 731cd523c66755c103f203ab57123f757445bf4aef705e6412d22f7d818e0635
                                                                              • Instruction Fuzzy Hash: 7AD13CB4A002089FCB04DFA5D895AEEBBB6BF88304F14815DF9599B342D735EA41CF90
                                                                              Function 006894C0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 318COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                                • Part of subcall function 0059A780: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0059A838
                                                                              • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00689701
                                                                                • Part of subcall function 005955D0: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00595740
                                                                                • Part of subcall function 0059A680: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0059A760
                                                                              Strings
                                                                              • .\ext\libdjvu\DjVuDocument.cpp, xrefs: 006895D8
                                                                              • .\ext\libdjvu\DjVuDocument.cpp, xrefs: 00689567
                                                                              • .\ext\libdjvu\DjVuDocument.cpp, xrefs: 006898F8
                                                                              • .\ext\libdjvu\DjVuDocument.cpp, xrefs: 0068950C
                                                                              • document.djvu, xrefs: 00689630
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$ProcessorVirtual$Concurrency::Exception@8RootRoot::Throw_abort_strlen
                                                                              • String ID: .\ext\libdjvu\DjVuDocument.cpp$.\ext\libdjvu\DjVuDocument.cpp$.\ext\libdjvu\DjVuDocument.cpp$.\ext\libdjvu\DjVuDocument.cpp$document.djvu
                                                                              • API String ID: 2751235732-2982384989
                                                                              • Opcode ID: 5ff9baa06deec4d5c90230dde9d7d87b377183b6b0838d97116278299b56dc1b
                                                                              • Instruction ID: e80e269b65dc11539a6c64bc6c01fe3791c0f959a11855726dfd726d91554006
                                                                              • Opcode Fuzzy Hash: 5ff9baa06deec4d5c90230dde9d7d87b377183b6b0838d97116278299b56dc1b
                                                                              • Instruction Fuzzy Hash: DCE14B70A00259DBEB24EB54CC55FAEB7B6BF84304F0481DDE509A7282DB746E84CF66
                                                                              Function 006162B0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 268windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00616427
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 006164DD
                                                                              • StretchBlt.GDI32(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00CC0020), ref: 00616551
                                                                              • BitBlt.GDI32(00000000,00000000,?,?,?,00000000,?,?,00CC0020), ref: 00616589
                                                                              • DeleteDC.GDI32(00000000), ref: 00616593
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CompatibleCreateDeleteObjectSelectStretch
                                                                              • String ID: Lga
                                                                              • API String ID: 2040753879-2529689880
                                                                              • Opcode ID: d1b82b04e3c1936d692b002b74a71b2a315a87361ccc578bcffbd34521a955db
                                                                              • Instruction ID: 30e7d0504c446b1a5f9181da4489f32ca111e0a887b987b860e9aa1655facb4c
                                                                              • Opcode Fuzzy Hash: d1b82b04e3c1936d692b002b74a71b2a315a87361ccc578bcffbd34521a955db
                                                                              • Instruction Fuzzy Hash: 27B11975A00109EFCB04DF99D894AEEB7B6FF48304F248259F819A7395C734A991CFA4
                                                                              Function 00459C70 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 260memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00453930: _DebugHeapAllocator.LIBCPMTD ref: 00453987
                                                                                • Part of subcall function 00453930: _DebugHeapAllocator.LIBCPMTD ref: 00453A0C
                                                                                • Part of subcall function 00453930: _DebugHeapAllocator.LIBCPMTD ref: 00453A8D
                                                                                • Part of subcall function 00453930: _DebugHeapAllocator.LIBCPMTD ref: 00453B06
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00459D06
                                                                                • Part of subcall function 0046B924: _malloc.LIBCMT ref: 0046B942
                                                                                • Part of subcall function 0045EBF0: type_info::operator!=.LIBCMT ref: 0045EC6A
                                                                                • Part of subcall function 0045EBF0: _strncmp.LIBCMT ref: 0045ECCB
                                                                                • Part of subcall function 0045BDF0: _strncmp.LIBCMT ref: 0045BE34
                                                                              • __CxxThrowException@8.LIBCMT ref: 00459ED2
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00459F4D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorDebugHeap$_strncmp$Exception@8Throw_malloctype_info::operator!=
                                                                              • String ID: 8l$Curve$GroupOID
                                                                              • API String ID: 2627925994-2150057762
                                                                              • Opcode ID: e5ee7364f473ad6e01d5215bfdbdc359dc15bfa9b3eba780f09e4a7281e0349e
                                                                              • Instruction ID: 4df13e4347543497055f1b35ee9dca85f6f7141d5d38cfb35b7494298899e738
                                                                              • Opcode Fuzzy Hash: e5ee7364f473ad6e01d5215bfdbdc359dc15bfa9b3eba780f09e4a7281e0349e
                                                                              • Instruction Fuzzy Hash: FB91FC712083419BD320EF25C841FAFB7D9AFD4314F04496EF99997282EB78990CC7A6
                                                                              Function 00552E80 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 227COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: task
                                                                              • String ID: :$\
                                                                              • API String ID: 1384045349-1166558509
                                                                              • Opcode ID: 89a40d9ab45a8a141b1aeb53dc98ee8def9c2c0a47cbb8f8573b142446a28b40
                                                                              • Instruction ID: c83fe69673ed07e99601b0862fe5ab43ac99f4dc035a98dd146f3c1617223e33
                                                                              • Opcode Fuzzy Hash: 89a40d9ab45a8a141b1aeb53dc98ee8def9c2c0a47cbb8f8573b142446a28b40
                                                                              • Instruction Fuzzy Hash: 3CA13CB1E00259DFCF04DF94C8A5AEEBFB1BF45305F14811AE825AB291DB34AA45CF90
                                                                              Function 006943D0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 222synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00693C20: GetTempPathW.KERNEL32(000000F6,?), ref: 00693C3F
                                                                                • Part of subcall function 00693C20: GetTempFileNameW.KERNEL32(?,?,00000000,?), ref: 00693C6B
                                                                                • Part of subcall function 00693CE0: Concurrency::SchedulerPolicy::SchedulerPolicy.LIBCMTD ref: 00693D2D
                                                                                • Part of subcall function 00693CE0: RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00020119,?,00000000,?,?,7F608707), ref: 00693D9E
                                                                                • Part of subcall function 00693CE0: RegEnumKeyW.ADVAPI32(?,00000000,?,00000020), ref: 00693DE8
                                                                                • Part of subcall function 00693CE0: RegCloseKey.ADVAPI32(?,?,?,7F608707), ref: 00693E1C
                                                                              • WaitForSingleObject.KERNEL32(00000000,00002710,?,00000000,?,00000000,00000000,00000000,7F608707), ref: 0069451E
                                                                              • GetExitCodeProcess.KERNEL32(00000000,00000001), ref: 0069452C
                                                                              • TerminateProcess.KERNEL32(00000000,00000001,?,00000000,?,00000000,00000000,00000000,7F608707), ref: 00694538
                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,7F608707), ref: 00694542
                                                                              Strings
                                                                              • "%s" -q -dSAFER -dNOPAUSE -dBATCH -dEPSCrop -sOutputFile="%s" -sDEVICE=pdfwrite -c .setpdfwrite -f "%s", xrefs: 00694493
                                                                              • PsE, xrefs: 006943F5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CloseProcessSchedulerTemp$CodeConcurrency::EnumExitFileHandleNameObjectOpenPathPolicyPolicy::SingleTerminateWait
                                                                              • String ID: "%s" -q -dSAFER -dNOPAUSE -dBATCH -dEPSCrop -sOutputFile="%s" -sDEVICE=pdfwrite -c .setpdfwrite -f "%s"$PsE
                                                                              • API String ID: 673369863-1938544356
                                                                              • Opcode ID: 02142089f1075642ad83e4e647c327a061b79abcceaa28867d80b2117ee85b0e
                                                                              • Instruction ID: cc32ced7f72d7e9b558a2fc6e525ab0154d7c0ad8202c33362a25dede8d315c7
                                                                              • Opcode Fuzzy Hash: 02142089f1075642ad83e4e647c327a061b79abcceaa28867d80b2117ee85b0e
                                                                              • Instruction Fuzzy Hash: 77A18F70C00289DACB04EBA4E955BEEBB75AF51308F60415DE012771D2DF786F09DBA6
                                                                              Function 00549230 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy$_wcslen$Version
                                                                              • String ID:
                                                                              • API String ID: 3976970186-0
                                                                              • Opcode ID: d1baed0c715dc050ed70667936567bbc884f6cbba62cb653e568813ee26c6b8e
                                                                              • Instruction ID: d2b874568ea5003c768bfb6d39c3a0ef536cb5e6c0ef058f9d554b91e26084b2
                                                                              • Opcode Fuzzy Hash: d1baed0c715dc050ed70667936567bbc884f6cbba62cb653e568813ee26c6b8e
                                                                              • Instruction Fuzzy Hash: 1981A8B1900219ABDF28EF54CC96FEE7778BF94304F0485A9F50997181EB749A85CFA0
                                                                              Function 0055A670 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 192COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 0055A67B
                                                                                • Part of subcall function 0048FE54: __FF_MSGBANNER.LIBCMT ref: 0048FE77
                                                                                • Part of subcall function 0048FE54: __NMSG_WRITE.LIBCMT ref: 0048FE7E
                                                                                • Part of subcall function 0048FE54: RtlAllocateHeap.NTDLL(00000000,00497F01,00000001,00000000,00000000,?,004A0E12,00497F10,00000001,00497F10,?,0049A842,00000018,009616B8,0000000C,0049A8D3), ref: 0048FECB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap_malloc
                                                                              • String ID: L
                                                                              • API String ID: 501242067-2909332022
                                                                              • Opcode ID: bd0c4d18201975ee6bba1bf2f7c148b96513ba7aa342ea1f664484cae21f628a
                                                                              • Instruction ID: 4972b464b68f1e5975408546a48cffe06f858009ba765e2cfd9541fbd3129ef6
                                                                              • Opcode Fuzzy Hash: bd0c4d18201975ee6bba1bf2f7c148b96513ba7aa342ea1f664484cae21f628a
                                                                              • Instruction Fuzzy Hash: F2815DB4E04209EFDB04DF64C9A0A9DBBB2FB48301F208AAAD9155B341D775EE45DF81
                                                                              Function 006062F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 138COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 006062FE
                                                                                • Part of subcall function 0048FE54: __FF_MSGBANNER.LIBCMT ref: 0048FE77
                                                                                • Part of subcall function 0048FE54: __NMSG_WRITE.LIBCMT ref: 0048FE7E
                                                                                • Part of subcall function 0048FE54: RtlAllocateHeap.NTDLL(00000000,00497F01,00000001,00000000,00000000,?,004A0E12,00497F10,00000001,00497F10,?,0049A842,00000018,009616B8,0000000C,0049A8D3), ref: 0048FECB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap_malloc
                                                                              • String ID: PMGLPMGIarea$]i`$]i`
                                                                              • API String ID: 501242067-2178217169
                                                                              • Opcode ID: 459d0427c288a46e7fb7ae4a57eef8f282f75de8408f20814841227a82fc4c4e
                                                                              • Instruction ID: fcb122295312a399d848cbb6f1d4e66612618c59c42faaeb0536b6eef2d524bb
                                                                              • Opcode Fuzzy Hash: 459d0427c288a46e7fb7ae4a57eef8f282f75de8408f20814841227a82fc4c4e
                                                                              • Instruction Fuzzy Hash: 504165B5E00108EFDB08EFA4D881AAF77B5AF48304F10856DF5059B381E635EE55CB95
                                                                              Function 0068C110 Relevance: 10.6, APIs: 7, Instructions: 105memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Mailbox.LIBCMTD ref: 0068C16B
                                                                              • Mailbox.LIBCMTD ref: 0068C19A
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0068C1E3
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0068C1FB
                                                                              • Mailbox.LIBCMTD ref: 0068C21F
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0068C233
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0068C24B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Mailbox$AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeap
                                                                              • String ID:
                                                                              • API String ID: 911265522-0
                                                                              • Opcode ID: f45ade68470d13a23f388e8420c833c58877c2ed05318d09523d8d601a1f7361
                                                                              • Instruction ID: 7aab3586b5aaa3c0a881a2e2730b313b81e516dbe0c679084ff5c9bd06963dc4
                                                                              • Opcode Fuzzy Hash: f45ade68470d13a23f388e8420c833c58877c2ed05318d09523d8d601a1f7361
                                                                              • Instruction Fuzzy Hash: D1412171A002099BCB04EFA5D991AEEB7B6FF44354F50421DF811A72D1DB38AE04CBA5
                                                                              Function 0060B070 Relevance: 10.6, APIs: 7, Instructions: 102windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(0063708B), ref: 0060B0B6
                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0060B0E5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: BitmapCompatibleCreate
                                                                              • String ID:
                                                                              • API String ID: 1901715728-0
                                                                              • Opcode ID: f5afccd357bb6542bc7e1f2c4febbbb96d1af52e9d3954eb66a12626693e6cd7
                                                                              • Instruction ID: c29e1e9d2dffb47b4ce4d7981af330c88459a7e6e81020080214bcd41d13ba5e
                                                                              • Opcode Fuzzy Hash: f5afccd357bb6542bc7e1f2c4febbbb96d1af52e9d3954eb66a12626693e6cd7
                                                                              • Instruction Fuzzy Hash: 994196B4A0020ADFCB04CF95D499AAEF7B6FB48300F14D599E815A7395C735D952CF60
                                                                              Function 00544200 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset$codecvt
                                                                              • String ID:
                                                                              • API String ID: 1418983749-0
                                                                              • Opcode ID: ea8ad7118aec818457ce94d89fed63b210da314b288b20873c9fbcca86217872
                                                                              • Instruction ID: 119394fcb8207815562e92073d61a45dda17112169e0729ee3bfaf52daa43fdb
                                                                              • Opcode Fuzzy Hash: ea8ad7118aec818457ce94d89fed63b210da314b288b20873c9fbcca86217872
                                                                              • Instruction Fuzzy Hash: 51311DB4A00209EBEB04EB54D966FDE7BB0AB4470CF2442A8E5042B3C3C77A5F149B85
                                                                              Function 0061F4B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcessId.KERNEL32(7F608707), ref: 0061F4DB
                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0061F4E4
                                                                              • Module32FirstW.KERNEL32(000000FF,00000428), ref: 0061F50C
                                                                              • Module32NextW.KERNEL32(000000FF,00000428), ref: 0061F597
                                                                              • CloseHandle.KERNEL32(000000FF,00000008), ref: 0061F5C9
                                                                              Strings
                                                                              • Module: %08X %06X %-16s %s, xrefs: 0061F57B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Module32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
                                                                              • String ID: Module: %08X %06X %-16s %s
                                                                              • API String ID: 3675805834-188876182
                                                                              • Opcode ID: 26ed7e3108600695826f7861eb43e960f47da0cd6c536528131c65970dc47aa6
                                                                              • Instruction ID: 5b0ec7a61a1a2c6a36cf0c25f33c9db60910249e6215cbf3c315fc500eefdd22
                                                                              • Opcode Fuzzy Hash: 26ed7e3108600695826f7861eb43e960f47da0cd6c536528131c65970dc47aa6
                                                                              • Instruction Fuzzy Hash: 003165B1900118DBCB14EFA4DD45BEEB7B9EF48314F14469EE21AA3281DB385A44CFA5
                                                                              Function 00665180 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 006651AA
                                                                              • SendMessageW.USER32(?,0000113E,00000000,0000000C), ref: 006651E6
                                                                              • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00665209
                                                                              • SendMessageW.USER32(?,0000113E,00000000,00000004), ref: 0066522E
                                                                              • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00665284
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-3916222277
                                                                              • Opcode ID: 48fd7af2613a7c4d54b0fa1ce6a2914362869c1a77d48d2de9fa435e84bbc7e1
                                                                              • Instruction ID: 343ca56d6a1753db493a6ce15b5f10d725210c4595c42e1e81efea3645ad9ea2
                                                                              • Opcode Fuzzy Hash: 48fd7af2613a7c4d54b0fa1ce6a2914362869c1a77d48d2de9fa435e84bbc7e1
                                                                              • Instruction Fuzzy Hash: 4D314EB4A00308AFDB08DF94DC99FDEB7B5EB48310F108159F615AB391D670AA80CBA4
                                                                              Function 00420620 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0042064A
                                                                              • int.LIBCPMTD ref: 00420663
                                                                                • Part of subcall function 0041B3F0: std::_Lockit::_Lockit.LIBCPMT ref: 0041B406
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: LockitLockit::_std::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 3382485803-3145022300
                                                                              • Opcode ID: 06996790fd6e030c4ad85dc761cc12e0f1dce45a126ffc89329d3673827e247c
                                                                              • Instruction ID: a3d84e01b305dacb4a6092425e4bf60ecec92fef34b56e12d2519e77be1157ad
                                                                              • Opcode Fuzzy Hash: 06996790fd6e030c4ad85dc761cc12e0f1dce45a126ffc89329d3673827e247c
                                                                              • Instruction Fuzzy Hash: 51314DB0E04219DBCB14DFA5D841AEEB7B4FB48314F10862EE821A7391DB785905CBA5
                                                                              Function 00420CC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00420CEA
                                                                              • int.LIBCPMTD ref: 00420D03
                                                                                • Part of subcall function 0041B3F0: std::_Lockit::_Lockit.LIBCPMT ref: 0041B406
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: LockitLockit::_std::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 3382485803-3145022300
                                                                              • Opcode ID: 862abec20ce7693de57cfdfb7b2cb10e92b1f16b533d9f7b1a4c8064e25914c6
                                                                              • Instruction ID: a3f402fed900c89f10c2a7379c814417d9b94d0bf8574dcf4a0c6fd95b355f06
                                                                              • Opcode Fuzzy Hash: 862abec20ce7693de57cfdfb7b2cb10e92b1f16b533d9f7b1a4c8064e25914c6
                                                                              • Instruction Fuzzy Hash: 57314CB1E14219DBCB14DFA5D841BFEB7B0FB48314F10862EE421A3391DB786901CB95
                                                                              Function 00420DB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00420DDA
                                                                              • int.LIBCPMTD ref: 00420DF3
                                                                                • Part of subcall function 0041B3F0: std::_Lockit::_Lockit.LIBCPMT ref: 0041B406
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: LockitLockit::_std::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 3382485803-3145022300
                                                                              • Opcode ID: 3c713641d5dfdec93bdfeb3392b3491860e8b03cb354d8518f40aa0220279969
                                                                              • Instruction ID: 1b5fc50e52b52ebd32196fe25b53e5c2cfa1dc038dd0bc0c513d4b580df7c9e4
                                                                              • Opcode Fuzzy Hash: 3c713641d5dfdec93bdfeb3392b3491860e8b03cb354d8518f40aa0220279969
                                                                              • Instruction Fuzzy Hash: B0313C70E04219DBCB14DFA5D841AFEF7B4FB48314F10862EE821A73A1DB785941CBA5
                                                                              Function 0063F9F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateWindowExW.USER32(00000000,Spliter,009366A4,40000000,00000000,00000000,00000000,00000000,6A04C483,00000000,00400000,00000000), ref: 0063FA1D
                                                                                • Part of subcall function 00639540: CreateWindowExW.USER32(00000000,Static,009359B8,40000000,00000000,00000000,00000000,00000000,6A04C483,00000000,00400000,00000000), ref: 00639574
                                                                                • Part of subcall function 00639540: CreateWindowExW.USER32(00000000,Static,009359CC,50000000,00000000,00000000,00000000,00000000,00000000,0000042F,00400000,00000000), ref: 006395B4
                                                                                • Part of subcall function 00639540: SendMessageW.USER32(00000000,00000030,?,00000000), ref: 006395CC
                                                                                • Part of subcall function 00639540: CreateWindowExW.USER32(00000000,Static,009359EC,5000010D,00000000,00000000,00000010,00000010,?,00000430,00400000,00000000), ref: 0063961D
                                                                                • Part of subcall function 00639540: CreateWindowExW.USER32(00020000,SysTreeView32,TOC,50018A37,00000000,00000000,00000000,00000000,?,00000431,00400000,00000000), ref: 0063965A
                                                                                • Part of subcall function 00639540: SendMessageW.USER32(?,00002005,00000001,00000000), ref: 0063967C
                                                                                • Part of subcall function 00666B70: CreateWindowExW.USER32(00000000,Static,00946830,40000000,00000000,00000000,00000000,00000000,74D28500,00000000,00400000,00000000), ref: 00666BA4
                                                                                • Part of subcall function 00666B70: CreateWindowExW.USER32(00000000,Static,00946844,50000000,00000000,00000000,00000000,00000000,?,00000434,00400000,00000000), ref: 00666BE4
                                                                                • Part of subcall function 00666B70: SendMessageW.USER32(?,00000030,?,00000000), ref: 00666BFC
                                                                                • Part of subcall function 00666B70: CreateWindowExW.USER32(00000000,Static,00946864,5000010D,00000000,00000000,00000010,00000010,?,00000435,00400000,00000000), ref: 00666C4D
                                                                                • Part of subcall function 00666B70: CreateWindowExW.USER32(00020000,SysTreeView32,Fav,50018A37,00000000,00000000,00000000,00000000,?,00000436,00400000,00000000), ref: 00666C8A
                                                                                • Part of subcall function 00666B70: SendMessageW.USER32(?,00002005,00000001,00000000), ref: 00666CAC
                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?), ref: 0063FA60
                                                                              • UpdateWindow.USER32(?), ref: 0063FA70
                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?), ref: 0063FA8F
                                                                              • UpdateWindow.USER32(?), ref: 0063FA9F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Create$MessageSend$InvalidateRectUpdate
                                                                              • String ID: Spliter
                                                                              • API String ID: 4040533170-1810254894
                                                                              • Opcode ID: a8935caa9d5a109ce1a9bdf2039d81a0182148c684aab47bf083736dcb36ab23
                                                                              • Instruction ID: 751b1ad5b1850ba1a96eca23392a62dc7a58289174b2db962f04d369de14f82e
                                                                              • Opcode Fuzzy Hash: a8935caa9d5a109ce1a9bdf2039d81a0182148c684aab47bf083736dcb36ab23
                                                                              • Instruction Fuzzy Hash: 461160B4341304BFEB00DF60DC5AFA63BA6AB89755F148028FA494F381C672E941CFA4
                                                                              Function 0061ED10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcessId.KERNEL32 ref: 0061ED23
                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0061ED2C
                                                                              • Module32FirstW.KERNEL32(000000FF,00000428), ref: 0061ED53
                                                                              • CloseHandle.KERNEL32(000000FF,000000FF,00000428,00000008,00000000), ref: 0061EDAB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreateCurrentFirstHandleModule32ProcessSnapshotToolhelp32
                                                                              • String ID: libmupdf.dll
                                                                              • API String ID: 674967867-177917874
                                                                              • Opcode ID: bc1e2e4204961c518e12ad3740e92c9ba9cc31df76f9ff300072f69975afbdaa
                                                                              • Instruction ID: 24b09c780276402a6d3885f546b5de2515c00c9397b19e6f6a76603ae2f0b2eb
                                                                              • Opcode Fuzzy Hash: bc1e2e4204961c518e12ad3740e92c9ba9cc31df76f9ff300072f69975afbdaa
                                                                              • Instruction Fuzzy Hash: BC1193B0D04208EBCF14EFA4D844BEDB7B6AF44304F5445DDA50967281EB358B85DB64
                                                                              Function 004AD156 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+$ArgumentDecorator::getNameName::Typesoperator+
                                                                              • String ID: throw(
                                                                              • API String ID: 4203687869-3159766648
                                                                              • Opcode ID: 08b48704d3cd7a979d69f33c998e9f5df831f176ce5ec2645dd17187ab174b14
                                                                              • Instruction ID: a063a110dc769e560cd250007e7ce6d22f2346941a1071312b65ffe611c259de
                                                                              • Opcode Fuzzy Hash: 08b48704d3cd7a979d69f33c998e9f5df831f176ce5ec2645dd17187ab174b14
                                                                              • Instruction Fuzzy Hash: BA018875A04209ABDF10DFA8C842EEE37A9EB56708F444456F5059B395D674D9018788
                                                                              Function 00605650 Relevance: 9.4, APIs: 6, Instructions: 367COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 00605667
                                                                                • Part of subcall function 0048FE54: __FF_MSGBANNER.LIBCMT ref: 0048FE77
                                                                                • Part of subcall function 0048FE54: __NMSG_WRITE.LIBCMT ref: 0048FE7E
                                                                                • Part of subcall function 0048FE54: RtlAllocateHeap.NTDLL(00000000,00497F01,00000001,00000000,00000000,?,004A0E12,00497F10,00000001,00497F10,?,0049A842,00000018,009616B8,0000000C,0049A8D3), ref: 0048FECB
                                                                              • __aullrem.LIBCMT ref: 00605687
                                                                              • _malloc.LIBCMT ref: 006057AA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _malloc$AllocateHeap__aullrem
                                                                              • String ID:
                                                                              • API String ID: 4162944462-0
                                                                              • Opcode ID: 31b6934b3e667d2cc3098f9a2fd1bf9260ab518ccc2e96f2e85b664459d06cd4
                                                                              • Instruction ID: 2e4ffe5ae562cb404214bd154c23d90d2d240cabd927fc929d016b865d33628f
                                                                              • Opcode Fuzzy Hash: 31b6934b3e667d2cc3098f9a2fd1bf9260ab518ccc2e96f2e85b664459d06cd4
                                                                              • Instruction Fuzzy Hash: 01F1DDB5A00509DFCB08DF98C890EEFB7B6BF88314F148569E91A9B385D731A941CF94
                                                                              Function 00599250 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 434COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FullNamePath
                                                                              • String ID: .$.\ext\libdjvu\GURL.cpp$:
                                                                              • API String ID: 608056474-2353830643
                                                                              • Opcode ID: a013a0ff2adbcd0f14c8014ef891ffc9899bc3d82d091ced2a1ac19b3e04731d
                                                                              • Instruction ID: 4cfa3e478512ed550817728ca6df01e0b4991c7800914230578bd071ab1a2f87
                                                                              • Opcode Fuzzy Hash: a013a0ff2adbcd0f14c8014ef891ffc9899bc3d82d091ced2a1ac19b3e04731d
                                                                              • Instruction Fuzzy Hash: 4A1248709042598FCF15CF98C994BAEBBF2BF86304F28819DD459AB241DB35AE41CF61
                                                                              Function 006A8A40 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 432COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcscpy.LIBCMT ref: 006A8BB7
                                                                                • Part of subcall function 0058D1C0: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0058D261
                                                                                • Part of subcall function 0058D1C0: GetLastError.KERNEL32 ref: 0058D291
                                                                                • Part of subcall function 0058D1C0: _wcslen.LIBCMT ref: 0058D2EC
                                                                                • Part of subcall function 0058D1C0: _strlen.LIBCMT ref: 0058D326
                                                                              • _wcscpy.LIBCMT ref: 006A8C91
                                                                              • _wcscpy.LIBCMT ref: 006A8D02
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy$CreateErrorFileLast_strlen_wcslen
                                                                              • String ID: ${
                                                                              • API String ID: 2235415049-989621276
                                                                              • Opcode ID: 908600924ed96925da7d2a8260961b5d309b852b15f73fa7d8e0c3aeff8c47bb
                                                                              • Instruction ID: 575bf0e9e5f4256c5c627fd94492ff4d9860ee6a3bbc13549c840a3eb88ab9bf
                                                                              • Opcode Fuzzy Hash: 908600924ed96925da7d2a8260961b5d309b852b15f73fa7d8e0c3aeff8c47bb
                                                                              • Instruction Fuzzy Hash: BB0250B09001199FDB14EB14CC95BEDB7B6BF46304F1482E9E9099B282DB759EC5CFA0
                                                                              Function 00650840 Relevance: 9.2, APIs: 6, Instructions: 180windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _Smanip.LIBCPMTD ref: 00650884
                                                                              • CreatePopupMenu.USER32 ref: 006508D0
                                                                              • MapWindowPoints.USER32(?,00000000,00000001,00000001), ref: 00650991
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CreateMenuPointsPopupSmanipWindow
                                                                              • String ID:
                                                                              • API String ID: 690772245-0
                                                                              • Opcode ID: 535e230f40e228424e58db024099ac33c6150c740111a50f5458da593aa683cf
                                                                              • Instruction ID: b0fa89905969ed5f8c0fb6b73cbd4a33454593b7bf2d71e53190e98b4e7dcf8c
                                                                              • Opcode Fuzzy Hash: 535e230f40e228424e58db024099ac33c6150c740111a50f5458da593aa683cf
                                                                              • Instruction Fuzzy Hash: 1E713974A00209AFEB04DF94D895EEEB7B6FF88305F108159F915AB391DB35AD44CBA0
                                                                              Function 005FDA00 Relevance: 9.2, APIs: 6, Instructions: 157COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Mailbox$Concurrency::cancellation_token_source::~cancellation_token_source
                                                                              • String ID:
                                                                              • API String ID: 1031117-0
                                                                              • Opcode ID: e9c2d0f5d0df698428a0fe091cd510ca11d5cfdbd05618ef84c80f7f40ae2932
                                                                              • Instruction ID: 644c2b7aed7eb0e837590e916444e816388a769fc7f0749bd4f4c166b7b653d6
                                                                              • Opcode Fuzzy Hash: e9c2d0f5d0df698428a0fe091cd510ca11d5cfdbd05618ef84c80f7f40ae2932
                                                                              • Instruction Fuzzy Hash: FB5156719001089FCF04EF99D891AEEBBB6FF48314F54855DE4066B282DB38AE45CFA5
                                                                              Function 00527770 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: 9390c57c8df13fd7685609b4c76d4045833c03d6547bf2decfe19a79d1a101ce
                                                                              • Instruction ID: 1ecacfc44444a605ed713c7e71c49c1dcc8802a211c965cd23db876c5c79ff9b
                                                                              • Opcode Fuzzy Hash: 9390c57c8df13fd7685609b4c76d4045833c03d6547bf2decfe19a79d1a101ce
                                                                              • Instruction Fuzzy Hash: EE41DFB5A04219EBDB00EF68DC52FBE7B74AF48304F148468FA059B2C2D674AA04DBD4
                                                                              Function 00604B60 Relevance: 9.1, APIs: 6, Instructions: 91fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(-00000004), ref: 00604B9C
                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00604BE8
                                                                              • SetFilePointer.KERNEL32(?,00000000,?,00000000,?,00000000,00000000,00000001), ref: 00604C01
                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000001), ref: 00604C1E
                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000001), ref: 00604C54
                                                                              • EnterCriticalSection.KERNEL32(-00000004,?,00000000,00000000,00000001), ref: 00604C61
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: File$Pointer$CriticalEnterSection$Read
                                                                              • String ID:
                                                                              • API String ID: 3219017597-0
                                                                              • Opcode ID: 89d3ebf8f2420c8250963510ba7ed3a8ff4f7673b6f09e89b54557836c1081a6
                                                                              • Instruction ID: aa7bf7700157fc001fa5ce177689a32ff806abc089f637ec8f0afa672a23296b
                                                                              • Opcode Fuzzy Hash: 89d3ebf8f2420c8250963510ba7ed3a8ff4f7673b6f09e89b54557836c1081a6
                                                                              • Instruction Fuzzy Hash: F231DBB4900209AFEB14CF94C899BEF7BB6FF48314F108558E915AB380D775AA45CFA0
                                                                              Function 00648A10 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ~_Task_impl.LIBCPMT ref: 00648A4F
                                                                                • Part of subcall function 00479AA4: __EH_prolog3.LIBCMT ref: 00479AAB
                                                                              • ~_Task_impl.LIBCPMT ref: 00648A61
                                                                              • ~_Task_impl.LIBCPMT ref: 00648A73
                                                                              • ~_Task_impl.LIBCPMT ref: 00648A85
                                                                                • Part of subcall function 00479B4D: __EH_prolog3.LIBCMT ref: 00479B54
                                                                              • ~_Task_impl.LIBCPMT ref: 00648A97
                                                                              • ~_Task_impl.LIBCPMT ref: 00648AA9
                                                                                • Part of subcall function 00479B1C: __EH_prolog3.LIBCMT ref: 00479B23
                                                                                • Part of subcall function 006364E0: DeleteObject.GDI32(00000000), ref: 0063652C
                                                                                • Part of subcall function 006364E0: std::bad_exception::~bad_exception.LIBCMTD ref: 0063653B
                                                                                • Part of subcall function 006364E0: std::bad_exception::~bad_exception.LIBCMTD ref: 0063654D
                                                                                • Part of subcall function 006364E0: std::bad_exception::~bad_exception.LIBCMTD ref: 0063655F
                                                                                • Part of subcall function 006364E0: std::bad_exception::~bad_exception.LIBCMTD ref: 00636571
                                                                                • Part of subcall function 006364E0: std::bad_exception::~bad_exception.LIBCMTD ref: 00636583
                                                                                • Part of subcall function 006364E0: std::bad_exception::~bad_exception.LIBCMTD ref: 00636595
                                                                                • Part of subcall function 006364E0: ~_Task_impl.LIBCPMT ref: 006365B3
                                                                                • Part of subcall function 00475E74: __EH_prolog3.LIBCMT ref: 00475E7B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Task_impl$std::bad_exception::~bad_exception$H_prolog3$DeleteObject
                                                                              • String ID:
                                                                              • API String ID: 3305452645-0
                                                                              • Opcode ID: d8184811b9cfcb74cee8efcd9bf98cae447b0abf61011d4c7e3e8b316940f013
                                                                              • Instruction ID: 653e524bd1279a6a6fbec0161d45e7b31b34312e509bf23fab4caea9486fdcf2
                                                                              • Opcode Fuzzy Hash: d8184811b9cfcb74cee8efcd9bf98cae447b0abf61011d4c7e3e8b316940f013
                                                                              • Instruction Fuzzy Hash: 46314F70905189DBDF19DB98C9617BEBBB1BF41308F14849DE1622B3C3CB791A10C769
                                                                              Function 004743C7 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 004743FA
                                                                              • GetParent.USER32(?), ref: 00474408
                                                                              • GetParent.USER32(?), ref: 0047441B
                                                                              • GetLastActivePopup.USER32(?), ref: 0047442C
                                                                              • IsWindowEnabled.USER32(?), ref: 00474440
                                                                              • EnableWindow.USER32(?,00000000), ref: 00474453
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                              • String ID:
                                                                              • API String ID: 670545878-0
                                                                              • Opcode ID: d08a1d85556f009b9c643e34a1c8693b3438f22dee1cbc9b8dff886a268c7b35
                                                                              • Instruction ID: efc92e8afedb8b3a142a0f89dba9ebe8f66740e4dfa471cf591cfe56809df464
                                                                              • Opcode Fuzzy Hash: d08a1d85556f009b9c643e34a1c8693b3438f22dee1cbc9b8dff886a268c7b35
                                                                              • Instruction Fuzzy Hash: 54118F3260223197CB215B699C48FFBA698AFD5B64F15C116ED0CA7300D739CC01A2F9
                                                                              Function 004187D0 Relevance: 9.1, APIs: 6, Instructions: 52windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateCompatibleDC.GDI32(?), ref: 004187DD
                                                                              • SelectObject.GDI32(?), ref: 004187F0
                                                                              • SetStretchBltMode.GDI32(?,00000004), ref: 004187FF
                                                                              • StretchBlt.GDI32(?,?,?,00CC0020,?,?,00000000,00000000,?,?,00CC0020), ref: 00418834
                                                                              • SelectObject.GDI32(?,?), ref: 00418842
                                                                              • DeleteDC.GDI32(?), ref: 0041884C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectSelectStretch$CompatibleCreateDeleteMode
                                                                              • String ID:
                                                                              • API String ID: 2252213659-0
                                                                              • Opcode ID: f88bf58be4d1962807004b20a05ec8a943bddf88f8f49d27efa3d864877d497a
                                                                              • Instruction ID: 5358203b09f715ebbc69fe27d9479e18d8efff58626950449f50e65e2f26628f
                                                                              • Opcode Fuzzy Hash: f88bf58be4d1962807004b20a05ec8a943bddf88f8f49d27efa3d864877d497a
                                                                              • Instruction Fuzzy Hash: 34119AB9A00209FFCB04DF94D889EAEBBB9EB8C700F109149FA05D7350C631E941CBA0
                                                                              Function 0060B2F0 Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004129D0: _wcslen.LIBCMT ref: 004129D7
                                                                              • GetWindowDC.USER32(4D8D006C,?,?,?,?,006382AE,4D8D006C,0063FEA9,?,?,?,?,?,?,?,00638421), ref: 0060B309
                                                                              • SendMessageW.USER32(4D8D006C,00000031,00000000,00000000), ref: 0060B31C
                                                                              • SelectObject.GDI32(0063FEA9,006382AE), ref: 0060B32D
                                                                              • GetTextExtentPoint32W.GDI32(0063FEA9,006382AE,?,?), ref: 0060B346
                                                                              • SelectObject.GDI32(0063FEA9,4D8D006C), ref: 0060B354
                                                                              • ReleaseDC.USER32(4D8D006C,0063FEA9), ref: 0060B362
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectSelect$ExtentMessagePoint32ReleaseSendTextWindow_wcslen
                                                                              • String ID:
                                                                              • API String ID: 3979262407-0
                                                                              • Opcode ID: 9e279c440a991cf288dc5fc6abc52b72d773d67efc165e45730e1337410eea41
                                                                              • Instruction ID: 87232e5c9c540d696fbd643f73b7496590303a5860130326d9db3fb63aad24a8
                                                                              • Opcode Fuzzy Hash: 9e279c440a991cf288dc5fc6abc52b72d773d67efc165e45730e1337410eea41
                                                                              • Instruction Fuzzy Hash: 4B117CB9A00209FFCB04DFE4DD89EEEB7B9EB48700F108549BA05D7250D674AA41DBA0
                                                                              Function 0041FB60 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 269COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0041C200: std::locale::locale.LIBCPMTD ref: 0041C211
                                                                                • Part of subcall function 00420DB0: std::_Lockit::_Lockit.LIBCPMT ref: 00420DDA
                                                                                • Part of subcall function 00420DB0: int.LIBCPMTD ref: 00420DF3
                                                                                • Part of subcall function 0041B5B0: std::locale::facet::_Decref.LIBCPMTD ref: 0041B5C6
                                                                              • numpunct.LIBCPMTD ref: 0041FBC9
                                                                              • _memmove_s.LIBCMT ref: 0041FCC8
                                                                              • std::ios_base::width.LIBCPMTD ref: 0041FE3A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: DecrefLockitLockit::__memmove_snumpunctstd::_std::ios_base::widthstd::locale::facet::_std::locale::locale
                                                                              • String ID: @$A
                                                                              • API String ID: 1611560821-2737473870
                                                                              • Opcode ID: 27cb32d6959e4f24770e73402fd2ddaa37de97fe012836226ed45b64e4053ba4
                                                                              • Instruction ID: 3d9c250eabaafb162ef482d8ca43aa1eb84d176bc7bd1d4ae92cba5ebd8a3d62
                                                                              • Opcode Fuzzy Hash: 27cb32d6959e4f24770e73402fd2ddaa37de97fe012836226ed45b64e4053ba4
                                                                              • Instruction Fuzzy Hash: 73B12AB19001499FCB04DF98D990AEEBBB5BF48304F14425EE91AA7352D738AD46CF94
                                                                              Function 006803A0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 243COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0068055B
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                                • Part of subcall function 005AFEF0: _DebugHeapAllocator.LIBCPMTD ref: 005AFF64
                                                                                • Part of subcall function 005AFEF0: _DebugHeapAllocator.LIBCPMTD ref: 005AFF93
                                                                                • Part of subcall function 00597B50: task.LIBCPMTD ref: 00597B82
                                                                              Strings
                                                                              • .\ext\libdjvu\DjVuFile.cpp, xrefs: 006803EF
                                                                              • .\ext\libdjvu\DjVuFile.cpp, xrefs: 006806CF
                                                                              • .\ext\libdjvu\DjVuFile.cpp, xrefs: 006804A5
                                                                              • .\ext\libdjvu\DjVuFile.cpp, xrefs: 0068044A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorDebugHeapProcessorVirtual$Concurrency::Exception@8RootRoot::Throw_abort_strlentask
                                                                              • String ID: .\ext\libdjvu\DjVuFile.cpp$.\ext\libdjvu\DjVuFile.cpp$.\ext\libdjvu\DjVuFile.cpp$.\ext\libdjvu\DjVuFile.cpp
                                                                              • API String ID: 3130505938-1794674360
                                                                              • Opcode ID: 74583129fd1e0e721919b7e611e8c44f2892c01b4c40c37dc1ac826d1701851d
                                                                              • Instruction ID: d206bc2efbcbf4c7b54fc7673d3b6c7a0b58416c3e22213835867669c203cba5
                                                                              • Opcode Fuzzy Hash: 74583129fd1e0e721919b7e611e8c44f2892c01b4c40c37dc1ac826d1701851d
                                                                              • Instruction Fuzzy Hash: D0B14770A002589BDF54EBA4DC55B9EBBB5BF54308F1081D9E10DAB382DB746E88CF61
                                                                              Function 0069B6A0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _strlen.LIBCMT ref: 0069B6DA
                                                                                • Part of subcall function 0069AF30: _strncmp.LIBCMT ref: 0069AF47
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen_strncmp
                                                                              • String ID: CX$CX$__rar_
                                                                              • API String ID: 2202561641-2751306037
                                                                              • Opcode ID: b524cb8d521724a2f92edffc918eb0f5b7516a54240dddf847ccb56885019ecb
                                                                              • Instruction ID: 83676d329e23bfc20379935afaf273be4da0eff595767f360a3bc48c22c7bdf7
                                                                              • Opcode Fuzzy Hash: b524cb8d521724a2f92edffc918eb0f5b7516a54240dddf847ccb56885019ecb
                                                                              • Instruction Fuzzy Hash: E46118B5D00258ABCF14EEA4AD41AFE77BEAF48300F0485A9F91997601EB30D745CBE1
                                                                              Function 0067EA70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 005AE270: _DebugHeapAllocator.LIBCPMTD ref: 005AE2C6
                                                                                • Part of subcall function 005AE270: _DebugHeapAllocator.LIBCPMTD ref: 005AE2FC
                                                                                • Part of subcall function 005BDE10: _DebugHeapAllocator.LIBCPMTD ref: 005BDE74
                                                                              • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 0067EBC1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorDebugHeap$Concurrency::task_options::get_scheduler
                                                                              • String ID: BGjp$FAKE$INCL$Smmr
                                                                              • API String ID: 3547337403-3720903904
                                                                              • Opcode ID: 1b8eb801c9ebf7f94db120554638762d5523592636406a5292f4ef7f23186a26
                                                                              • Instruction ID: ce06988b439089e5338167a98477934bb5196709dac135b3f6f41f5ae7f7bd62
                                                                              • Opcode Fuzzy Hash: 1b8eb801c9ebf7f94db120554638762d5523592636406a5292f4ef7f23186a26
                                                                              • Instruction Fuzzy Hash: BB819D70E00208DBCB04EB95C956BEDBBB6FF48308F54816EE416BB281DB756D09CB61
                                                                              Function 005481C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: rtmp%d
                                                                              • API String ID: 0-3303766350
                                                                              • Opcode ID: 10a9c091ec9b441379015f0fc57109366dd10cdf272c568d182c1adb7b38d7a8
                                                                              • Instruction ID: d73d35ab01609fdbcf02ffb3fe74e14242ea432e5733165abfddc19314f4ec93
                                                                              • Opcode Fuzzy Hash: 10a9c091ec9b441379015f0fc57109366dd10cdf272c568d182c1adb7b38d7a8
                                                                              • Instruction Fuzzy Hash: B751D771D01119AADF14EBA0DC56BFE7BBDBF44708F4445A8E909A6182FF34AB44CB60
                                                                              Function 00599BB0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 164COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::bad_exception::bad_exception.LIBCMTD ref: 00599BE3
                                                                              • task.LIBCPMTD ref: 00599D96
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: std::bad_exception::bad_exceptiontask
                                                                              • String ID: file://$file://localhost/$localhost/
                                                                              • API String ID: 1438045761-2282886822
                                                                              • Opcode ID: 0fcc4b7644a6aba088989d28597d36916188878fbccc59cc7ffe2e2fcafa0d43
                                                                              • Instruction ID: d4b0a95b55c583d44c988a8156ff7266b3981f51373c30a65358200893b53bdd
                                                                              • Opcode Fuzzy Hash: 0fcc4b7644a6aba088989d28597d36916188878fbccc59cc7ffe2e2fcafa0d43
                                                                              • Instruction Fuzzy Hash: D7712C75D04248DBCF04DBA8C895BEDBBB5BF59304F64816DE415AB282DB346A08CFA1
                                                                              Function 00620D60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MonitorFromRect.USER32(00000000,?), ref: 00620DA7
                                                                              • GetMonitorInfoW.USER32(00000000), ref: 00620DAE
                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00620DC2
                                                                              • GetSystemMetrics.USER32(00000004), ref: 00620E4B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: InfoMonitorSystem$FromMetricsParametersRect
                                                                              • String ID: (
                                                                              • API String ID: 171409638-3887548279
                                                                              • Opcode ID: 556f8b007a362b1ab3ee95644f5a8bfc4cc9d9b30289876c94d554a0ed9e38b0
                                                                              • Instruction ID: 0f3dd3f43ca62b7f1a2b8415585f439a72238298f88963b718264c9951d73670
                                                                              • Opcode Fuzzy Hash: 556f8b007a362b1ab3ee95644f5a8bfc4cc9d9b30289876c94d554a0ed9e38b0
                                                                              • Instruction Fuzzy Hash: A8513C74900208EFDB04DFA9D985EDDBBB5FF48304F14C199E509AB251DB31AA82CF90
                                                                              Function 004178B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 116windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000047D,00000000,00000001), ref: 004178D5
                                                                              • SetFocus.USER32(?,00000000,00000BB8,?,00000000), ref: 00417A0C
                                                                                • Part of subcall function 00637FA0: _calloc.LIBCMT ref: 00637FB6
                                                                              Strings
                                                                              • No matches were found, xrefs: 0041792F
                                                                              • Found text at page %s, xrefs: 00417985
                                                                              • Found text at page %s (again), xrefs: 004179B0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FocusMessageSend_calloc
                                                                              • String ID: Found text at page %s$Found text at page %s (again)$No matches were found
                                                                              • API String ID: 831765770-2404485207
                                                                              • Opcode ID: 6201d761cbadf1f97ea28d8d5aa82ad48fa24edd5a31bbe2def3f40fa68af746
                                                                              • Instruction ID: 481ea201f311590427f549a0eb3b61c11d112cf533f3fc5199c84433452c9789
                                                                              • Opcode Fuzzy Hash: 6201d761cbadf1f97ea28d8d5aa82ad48fa24edd5a31bbe2def3f40fa68af746
                                                                              • Instruction Fuzzy Hash: FC418CB4A44109AFDB08EF50D891EAFB7B6BF95304F148159F8065B382DB34EE41CBA5
                                                                              Function 006798E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 006798F6
                                                                                • Part of subcall function 0048FE54: __FF_MSGBANNER.LIBCMT ref: 0048FE77
                                                                                • Part of subcall function 0048FE54: __NMSG_WRITE.LIBCMT ref: 0048FE7E
                                                                                • Part of subcall function 0048FE54: RtlAllocateHeap.NTDLL(00000000,00497F01,00000001,00000000,00000000,?,004A0E12,00497F10,00000001,00497F10,?,0049A842,00000018,009616B8,0000000C,0049A8D3), ref: 0048FECB
                                                                              • _malloc.LIBCMT ref: 0067990B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _malloc$AllocateHeap
                                                                              • String ID: 1.2.5$out of memory$out of memory
                                                                              • API String ID: 680241177-993422910
                                                                              • Opcode ID: c8d260adced40d5f5df6d09420bddff6eedf01d106f84650d9909d8e245a5394
                                                                              • Instruction ID: 2de1b0e76d00aa3a49e64d6498716edc2b709582a82f1cf68430216d2a0ce16d
                                                                              • Opcode Fuzzy Hash: c8d260adced40d5f5df6d09420bddff6eedf01d106f84650d9909d8e245a5394
                                                                              • Instruction Fuzzy Hash: 464119B4A00208EFDB04DF54C485A997BB1BB48358F208659F9598F382D731EE86CFD1
                                                                              Function 00423B50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 00423B8B
                                                                                • Part of subcall function 00493B45: __calloc_impl.LIBCMT ref: 00493B5A
                                                                              • GetDC.USER32(00000000), ref: 00423BF1
                                                                              • GetDIBits.GDI32(0062F544,?,00000000,?,0000003A,?,00000000), ref: 00423C1A
                                                                              • ReleaseDC.USER32(00000000,0062F544), ref: 00423C62
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: BitsRelease__calloc_impl_calloc
                                                                              • String ID: :
                                                                              • API String ID: 752628476-336475711
                                                                              • Opcode ID: 6ea0bf4da8ec5b68f969e0ae09d1307c99d55761d4ed9fa39af1651daa018182
                                                                              • Instruction ID: d0a87162ca9777acfc5cf049a443ae04136a8d0d4c5bf104cd55679e2b19d28a
                                                                              • Opcode Fuzzy Hash: 6ea0bf4da8ec5b68f969e0ae09d1307c99d55761d4ed9fa39af1651daa018182
                                                                              • Instruction Fuzzy Hash: 9941D4B5E00209DFDB04CF94D985BAEFBB1FF48300F14819AE915AB391D775AA41CBA4
                                                                              Function 0061F920 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • OS: Windows %s %d.%d build %d %s, xrefs: 0061FA5E
                                                                              • OS: Windows %s build %d %s, xrefs: 0061F9FC
                                                                              • OS: Windows %s SP%d build %d %s, xrefs: 0061FA2E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Version_memset
                                                                              • String ID: OS: Windows %s %d.%d build %d %s$OS: Windows %s SP%d build %d %s$OS: Windows %s build %d %s
                                                                              • API String ID: 963298953-3975248952
                                                                              • Opcode ID: 322ebb1f566e2e0cc2bdc24f21d5b73c52fe2968cc9b1e16c083c0a3ff030652
                                                                              • Instruction ID: 488eb04c9567285fa3507a4b748aed672d446ab06c782295ccf315ff90169af1
                                                                              • Opcode Fuzzy Hash: 322ebb1f566e2e0cc2bdc24f21d5b73c52fe2968cc9b1e16c083c0a3ff030652
                                                                              • Instruction Fuzzy Hash: 24411DB5D00218EBDB24EF99DC81AEEB7B5AF48300F1445A9A609A7241D7385F85CF94
                                                                              Function 0063B4B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetScrollInfo.USER32(?,00000000,0000001C), ref: 0063B500
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: InfoScroll
                                                                              • String ID: &)d$&)d
                                                                              • API String ID: 629608716-1612279354
                                                                              • Opcode ID: a4c2d9c1b7bf2941e83d41e048dd1f223d8b23359fb70ba3b1d79bda471966e1
                                                                              • Instruction ID: c8d856c89c9a84cf111b79bad2f6b7a4a77681a8daf5d1cdf8682c8824d67b5c
                                                                              • Opcode Fuzzy Hash: a4c2d9c1b7bf2941e83d41e048dd1f223d8b23359fb70ba3b1d79bda471966e1
                                                                              • Instruction Fuzzy Hash: 4C41C5B0E04209EFDB08CF95C895AAEBBB2FF48314F10915DE615AB354D734AA41CF94
                                                                              Function 006367C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 006367F8
                                                                              • SendMessageW.USER32(?,00000418,00000000,0000012C), ref: 00636868
                                                                              • SendMessageW.USER32(?,?,00000000,00000030), ref: 006368B1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$_memset
                                                                              • String ID: 0
                                                                              • API String ID: 1515505866-4108050209
                                                                              • Opcode ID: d4a351d16ce244e0fcfe773fe40928be29dbf9eff5216f3d5842ba8d253457b9
                                                                              • Instruction ID: 4be6d3ca36c2af4484625bbc1261d0d092ae73be99e7db6f822da615c07f1bbe
                                                                              • Opcode Fuzzy Hash: d4a351d16ce244e0fcfe773fe40928be29dbf9eff5216f3d5842ba8d253457b9
                                                                              • Instruction Fuzzy Hash: 88316FB4A04208AFDB08DF94D895FEDBBB5EB88304F14816DF9056B391C775A901CBA4
                                                                              Function 00443420 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00402690: _strlen.LIBCMT ref: 004026D6
                                                                              • __CxxThrowException@8.LIBCMT ref: 004434A9
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionException@8RaiseThrow_strlen
                                                                              • String ID: %-@$8l$InputBuffer$StringStore: missing InputBuffer argument
                                                                              • API String ID: 3319886796-3748514145
                                                                              • Opcode ID: a9276195395f42286c189c5157cd44f5e9ba03f1c7fe15b0ffce39880587b2cd
                                                                              • Instruction ID: 8ebc3ac83452f41993903602713b9f9416fca54f2015354ff6343f407039f3a4
                                                                              • Opcode Fuzzy Hash: a9276195395f42286c189c5157cd44f5e9ba03f1c7fe15b0ffce39880587b2cd
                                                                              • Instruction Fuzzy Hash: C721CC30148740AFC320DF25C841F9BB3E4AB88B18F008A1EF5A1573D1EB74EA08CB96
                                                                              Function 004128D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadResource.KERNEL32(00000000,&+A,&+A,?,00412B26,00000000), ref: 004128DE
                                                                              • LockResource.KERNEL32(00000000), ref: 004128F8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$LoadLock
                                                                              • String ID: &+A$&+A
                                                                              • API String ID: 1037334470-1573050752
                                                                              • Opcode ID: 3e253d1d761db425e217026119f8f005b0d3b44f7ec5360158e1f4d86ee206e4
                                                                              • Instruction ID: 225903f55ef68d92b5cb7c2815eab15bd18bfe554fe73b435afe883a0cfd6ee7
                                                                              • Opcode Fuzzy Hash: 3e253d1d761db425e217026119f8f005b0d3b44f7ec5360158e1f4d86ee206e4
                                                                              • Instruction Fuzzy Hash: 1221C6B4A10109EFCF08DFA8C6849FEB7B5FB48344F20855AE816E7200D378AB91DB54
                                                                              Function 00625250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0062525A
                                                                              • InitializeCriticalSection.KERNEL32(qUb,00000000,?,00625571,?,?,?,?,00416694), ref: 006252D3
                                                                              • InitializeCriticalSection.KERNEL32(qUb,?,00625571,?,?,?,?,00416694), ref: 006252E0
                                                                              • _memset.LIBCMT ref: 006252F1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalInitializeProcessorSectionVirtual$Concurrency::RootRoot::_memset
                                                                              • String ID: qUb
                                                                              • API String ID: 1191287565-3456266768
                                                                              • Opcode ID: e3495dccd490c7ad65d1e76b6684b5bb097fc6f1f3f456e3de5d0222568d486a
                                                                              • Instruction ID: 0b425e76db6b3d979afe4aa0fe75508fee9028ec8f3ce2fdf86ad2155de85e8d
                                                                              • Opcode Fuzzy Hash: e3495dccd490c7ad65d1e76b6684b5bb097fc6f1f3f456e3de5d0222568d486a
                                                                              • Instruction Fuzzy Hash: 041166B4A00208EBDB04DF94D695B5EBBF5EF48308F208198D8056B392C776DE05DB94
                                                                              Function 0060B680 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MonitorFromWindow.USER32(0063E5C5,00000002), ref: 0060B6BB
                                                                              • GetMonitorInfoW.USER32(00000000), ref: 0060B6C2
                                                                              • GetSystemMetrics.USER32(00000001), ref: 0060B6E3
                                                                              • GetSystemMetrics.USER32(00000000), ref: 0060B6EC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsMonitorSystem$FromInfoWindow
                                                                              • String ID: (
                                                                              • API String ID: 2023597633-3887548279
                                                                              • Opcode ID: dfb06b1dc47abde6dbd5a295137b530388261b9e1e4af7e18bc6295f279eb4d6
                                                                              • Instruction ID: 6a652449df14576e7f8aec7266f4575eccb0155bfc7f96fe0ae8cbe17809652f
                                                                              • Opcode Fuzzy Hash: dfb06b1dc47abde6dbd5a295137b530388261b9e1e4af7e18bc6295f279eb4d6
                                                                              • Instruction Fuzzy Hash: 0211C9B1E11208AFDB44DFA5D849BEE7BF9FB08301F549059E509E6280E7759A408BA4
                                                                              Function 00624DA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00624DAA
                                                                              • InitializeCriticalSection.KERNEL32(ATb), ref: 00624E19
                                                                              • InitializeCriticalSection.KERNEL32(ATb), ref: 00624E26
                                                                              • _memset.LIBCMT ref: 00624E37
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalInitializeProcessorSectionVirtual$Concurrency::RootRoot::_memset
                                                                              • String ID: ATb
                                                                              • API String ID: 1191287565-4084377281
                                                                              • Opcode ID: 4139aad5df9a06f7884a2e3caf2ed62bf2db9a9b7521461a47160d3db7195349
                                                                              • Instruction ID: 6c022d7cf7894574b7a9ffeac88e791eca422ede2885cad5366fb2cfed25ce81
                                                                              • Opcode Fuzzy Hash: 4139aad5df9a06f7884a2e3caf2ed62bf2db9a9b7521461a47160d3db7195349
                                                                              • Instruction Fuzzy Hash: 131189B4A00208EBDB04DF95D655B5EB7F5FB44308F204198D4016B391C776AE05DB94
                                                                              Function 006206F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00620733
                                                                              • GetCurrentThread.KERNEL32 ref: 0062074B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentThread
                                                                              • String ID: RtlCaptureContext$Thread: %x$kernel32.dll
                                                                              • API String ID: 2882836952-3879581964
                                                                              • Opcode ID: b23e9a8d9700b95e26ee784c3018c5420cc4fcd42190d2e83dc52c5a08111a35
                                                                              • Instruction ID: c6df1ca403c67f9b84d5d0dd8b5b57b6cb25c4f4067acc10236514451269612e
                                                                              • Opcode Fuzzy Hash: b23e9a8d9700b95e26ee784c3018c5420cc4fcd42190d2e83dc52c5a08111a35
                                                                              • Instruction Fuzzy Hash: D5018171D0025CAFDB14EFA0EC4EEED7779AB48304F1041AAF90DA6242EA345E84CF95
                                                                              Function 004B8031 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 004B8038
                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 004B8055
                                                                                • Part of subcall function 004B7FAA: std::runtime_error::runtime_error.LIBCPMTD ref: 004B7FB5
                                                                              • __CxxThrowException@8.LIBCMT ref: 004B8063
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              • std::runtime_error::runtime_error.LIBCPMTD ref: 004B8074
                                                                                • Part of subcall function 00401410: std::exception::exception.LIBCMT ref: 0040143D
                                                                              Strings
                                                                              • invalid string position, xrefs: 004B803D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: std::runtime_error::runtime_error$ExceptionException@8H_prolog3RaiseThrowstd::bad_exception::bad_exceptionstd::exception::exception
                                                                              • String ID: invalid string position
                                                                              • API String ID: 4027220959-1799206989
                                                                              • Opcode ID: fa410fbe8dda841676fb90157389ca8a29e0008442ecdeca78e193a22d08fff7
                                                                              • Instruction ID: 2d0926eee1a4612ae55509286ab46bca328e834c2b0b72ab5df3f42b98670a5d
                                                                              • Opcode Fuzzy Hash: fa410fbe8dda841676fb90157389ca8a29e0008442ecdeca78e193a22d08fff7
                                                                              • Instruction Fuzzy Hash: 2AF03072954218ABCB00EBD2CC11DDEBF68AF60768F14053BF205A7181DAB99A55C7A8
                                                                              Function 0053F7D0 Relevance: 7.9, APIs: 5, Instructions: 404COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset_strlen
                                                                              • String ID:
                                                                              • API String ID: 2279092321-0
                                                                              • Opcode ID: 20ce43f63ebeaba40f70646da2610c724722b98e1d468df26a0a5b3f7b412cc6
                                                                              • Instruction ID: 1b1e72cd031d7bd66113aa7eadff1fd4ab76f2c38ec4668d051a866e569b9e08
                                                                              • Opcode Fuzzy Hash: 20ce43f63ebeaba40f70646da2610c724722b98e1d468df26a0a5b3f7b412cc6
                                                                              • Instruction Fuzzy Hash: 4202DD71E042299BDB28DB14DCA9BE9BBB5BF90304F0481FDE5496B282D7349B84CF51
                                                                              Function 00636C70 Relevance: 7.8, APIs: 5, Instructions: 349COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00636C9B
                                                                              • Concurrency::SchedulerPolicy::SchedulerPolicy.LIBCMTD ref: 00636E31
                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00636EA5
                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00636EB3
                                                                              • _memset.LIBCMT ref: 0063701B
                                                                                • Part of subcall function 00421670: GetDC.USER32(00000233), ref: 0042167A
                                                                                • Part of subcall function 00421670: GetDeviceCaps.GDI32(?,0000005A), ref: 00421689
                                                                                • Part of subcall function 00421670: ReleaseDC.USER32(?,?), ref: 004216CC
                                                                                • Part of subcall function 0046B924: _malloc.LIBCMT ref: 0046B942
                                                                                • Part of subcall function 0060B070: GetDC.USER32(0063708B), ref: 0060B0B6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::Iterator_baseIterator_base::_ProcessorSchedulerVirtualstd::_$CapsDevicePolicyPolicy::ReleaseRootRoot::_malloc_memset
                                                                              • String ID:
                                                                              • API String ID: 1347920537-0
                                                                              • Opcode ID: 3289a54efc24033d2f8a18def0d09a67ea04f67c49c0dd3c5e20799a98bd62f8
                                                                              • Instruction ID: e552b9eaa6734839a5b643ad2a56d46c295347771337b88deb3dffd9d171f8a8
                                                                              • Opcode Fuzzy Hash: 3289a54efc24033d2f8a18def0d09a67ea04f67c49c0dd3c5e20799a98bd62f8
                                                                              • Instruction Fuzzy Hash: 3B02C974A042488FDB04DF94C4A9BDEBFB1AF49328F1851ACD5057B382C77A5885CFA5
                                                                              Function 0040C9B0 Relevance: 7.8, APIs: 5, Instructions: 262COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c5b38bb2df38f784de15743efc1d36b7ef99ee8a88534cc6cfc3d4a2a1bb6dda
                                                                              • Instruction ID: 63c6ee78de8e6a3b605b2853b917bf9ef896dc44bb740895417b575a78c6831d
                                                                              • Opcode Fuzzy Hash: c5b38bb2df38f784de15743efc1d36b7ef99ee8a88534cc6cfc3d4a2a1bb6dda
                                                                              • Instruction Fuzzy Hash: 9CB1E7B5A10219EFCB08DF98D891DAEB7B6FF88304F10866DF815A7395D734A901CB94
                                                                              Function 00636950 Relevance: 7.7, APIs: 5, Instructions: 219COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • codecvt.LIBCPMTD ref: 006369D4
                                                                              • codecvt.LIBCPMTD ref: 00636A02
                                                                              • codecvt.LIBCPMTD ref: 00636A7A
                                                                              • codecvt.LIBCPMTD ref: 00636AA8
                                                                              • codecvt.LIBCPMTD ref: 00636B08
                                                                                • Part of subcall function 0048FF1E: __lock.LIBCMT ref: 0048FF3C
                                                                                • Part of subcall function 0048FF1E: ___sbh_find_block.LIBCMT ref: 0048FF47
                                                                                • Part of subcall function 0048FF1E: ___sbh_free_block.LIBCMT ref: 0048FF56
                                                                                • Part of subcall function 0048FF1E: HeapFree.KERNEL32(00000000,00000000,00961388,0000000C,00614CB6,00000000,-00000104), ref: 0048FF86
                                                                                • Part of subcall function 0048FF1E: GetLastError.KERNEL32 ref: 0048FF97
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: codecvt$ErrorFreeHeapLast___sbh_find_block___sbh_free_block__lock
                                                                              • String ID:
                                                                              • API String ID: 2864350399-0
                                                                              • Opcode ID: 94824e41ad720acc1919dc8e552b2092f3853cbc2361db4a0b69acebffa5494d
                                                                              • Instruction ID: f332bc08f595521c16df2ee4262dfea7e0885e5518da1df614ecc50d2a9e1cf8
                                                                              • Opcode Fuzzy Hash: 94824e41ad720acc1919dc8e552b2092f3853cbc2361db4a0b69acebffa5494d
                                                                              • Instruction Fuzzy Hash: 6DB1F470E00208EFDB04DFD4C594BEDBBB1AF48308F24806EE4166B396DB796946CB95
                                                                              Function 0044F1E0 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: 7e4741b1aa4d3db36ca548a26dd9e484376d51842da89891406475b03c00fd55
                                                                              • Instruction ID: 374ebbf2f04539425047307f387419c32699ed4308c0e05c92a0d00f92edf7da
                                                                              • Opcode Fuzzy Hash: 7e4741b1aa4d3db36ca548a26dd9e484376d51842da89891406475b03c00fd55
                                                                              • Instruction Fuzzy Hash: 9661DF71B007049FD714EF1AC881B9BB7EAEBC4B00F44C82EE51ACB795DA78A905CB54
                                                                              Function 005AEAA0 Relevance: 7.7, APIs: 5, Instructions: 180memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 005AEB00
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 005AEB7B
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005AEBD2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorDebugHeap$Concurrency::cancellation_token_source::~cancellation_token_source
                                                                              • String ID:
                                                                              • API String ID: 1790055310-0
                                                                              • Opcode ID: 4105d979a86271cbe064ea1cc6dcdfb14109c30676b7acd99b8f059e688098de
                                                                              • Instruction ID: 45f6d130c4a793d618c045cb0ac201dcae79696ec929312c60c1eac2279c916c
                                                                              • Opcode Fuzzy Hash: 4105d979a86271cbe064ea1cc6dcdfb14109c30676b7acd99b8f059e688098de
                                                                              • Instruction Fuzzy Hash: E6719D71900109EFCB04DF99D996BEEBBB5BF49318F14811DF416A7282DB34AE04CBA5
                                                                              Function 0063D860 Relevance: 7.7, APIs: 5, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowLongW.USER32(00000233,000000EC), ref: 0063D877
                                                                              • GetDlgItem.USER32(?,0000042F), ref: 0063D913
                                                                              • GetDlgItem.USER32(?,00000434), ref: 0063D961
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Item$LongWindow
                                                                              • String ID:
                                                                              • API String ID: 3126566820-0
                                                                              • Opcode ID: ffaaa6106922d9d933e1d6c10f3137144e652203f139080be6ea39c48ea769b8
                                                                              • Instruction ID: d1a86ee44584e2a7b9b71ca063c7a90c3ecba254e1fa9a37186e9c125cfcc240
                                                                              • Opcode Fuzzy Hash: ffaaa6106922d9d933e1d6c10f3137144e652203f139080be6ea39c48ea769b8
                                                                              • Instruction Fuzzy Hash: 6B51E4B57082547BDB04ABA4CC65FBE7F769B85310F048298F9A55B3C3E6329640CBA4
                                                                              Function 00604830 Relevance: 7.7, APIs: 5, Instructions: 151COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(-00000034,?,?), ref: 00604850
                                                                              • _malloc.LIBCMT ref: 00604873
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterSection_malloc
                                                                              • String ID:
                                                                              • API String ID: 3534217795-0
                                                                              • Opcode ID: 66eede3be7a2fb2ca7760fdeb6b7dbb96d8d2dc69ea53c077211bf087fe08b44
                                                                              • Instruction ID: 0437bc48a8719dac897891f82a8a835c2ef7d6c408d1dde18a6eba6a86720509
                                                                              • Opcode Fuzzy Hash: 66eede3be7a2fb2ca7760fdeb6b7dbb96d8d2dc69ea53c077211bf087fe08b44
                                                                              • Instruction Fuzzy Hash: DE61EBB4A00208EFCB14DF58C494AAE77B6FF48315F1485A9E9459B385D735EE92CF80
                                                                              Function 00650F70 Relevance: 7.6, APIs: 5, Instructions: 145windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreatePopupMenu.USER32 ref: 00650FF3
                                                                                • Part of subcall function 00650450: AppendMenuW.USER32(00650BEF,00000800,00000000,00000000), ref: 006504E6
                                                                                • Part of subcall function 00650450: AppendMenuW.USER32(00650BEF,00000000,00650BEF,00000000), ref: 0065051E
                                                                                • Part of subcall function 004157A0: CheckMenuItem.USER32(?,?,?), ref: 004157B7
                                                                              • MapWindowPoints.USER32(000000F6,00000000,?,00000001), ref: 00651040
                                                                              • TrackPopupMenu.USER32(?,00000102,?,006418EB,00000000,00000233,00000000), ref: 00651062
                                                                              • codecvt.LIBCPMTD ref: 006510F6
                                                                              • DestroyMenu.USER32(?), ref: 0065112A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$AppendPopup$CheckCreateDestroyItemPointsTrackWindowcodecvt
                                                                              • String ID:
                                                                              • API String ID: 662570454-0
                                                                              • Opcode ID: ed3d50973e63918ee3274422e9bd820291f69bde11119efc012020604252453f
                                                                              • Instruction ID: 2d03b21195848c12ed6bf1181bbcc7f5d3f8d4bc9b7f0c8b5e8f33c44a318080
                                                                              • Opcode Fuzzy Hash: ed3d50973e63918ee3274422e9bd820291f69bde11119efc012020604252453f
                                                                              • Instruction Fuzzy Hash: 94518EB4E00208ABDB14DFA0C856BFEB7B2EF48305F108059FE116B381D6759A85CBA4
                                                                              Function 0058D1C0 Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0058D261
                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,?,00000000), ref: 0058D282
                                                                                • Part of subcall function 0058EA60: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000,00000000,?,0058D35C,00000000,?,01000000), ref: 0058EA84
                                                                              • GetLastError.KERNEL32 ref: 0058D291
                                                                              • _wcslen.LIBCMT ref: 0058D2EC
                                                                              • _strlen.LIBCMT ref: 0058D326
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile$ByteCharErrorLastMultiWide_strlen_wcslen
                                                                              • String ID:
                                                                              • API String ID: 3577138560-0
                                                                              • Opcode ID: d76bbe2a6bda31d40b5a90d1555b22936ba3fe29fc6479da4ad61eb0aea262b1
                                                                              • Instruction ID: aa708df9abba3d4ff6ed84a25e2aae343e6607a1af24e1d9934e2347418306dd
                                                                              • Opcode Fuzzy Hash: d76bbe2a6bda31d40b5a90d1555b22936ba3fe29fc6479da4ad61eb0aea262b1
                                                                              • Instruction Fuzzy Hash: 395170B5E00209ABDF14EF94D856BAEBFB5BF45314F14C158E905AB2C1D735DA40CBA0
                                                                              Function 005AE140 Relevance: 7.6, APIs: 5, Instructions: 93memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Mailbox.LIBCMTD ref: 005AE199
                                                                              • Mailbox.LIBCMTD ref: 005AE1B5
                                                                              • Mailbox.LIBCMTD ref: 005AE1CE
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 005AE1E2
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005AE249
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Mailbox$AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeap
                                                                              • String ID:
                                                                              • API String ID: 911265522-0
                                                                              • Opcode ID: 7e6c7b5e9f1911dadb928d48040b839692f690b6300d13ab27b66d35542103ab
                                                                              • Instruction ID: df2714cabdd17d8f8977bdf9ff6d973e629302e54530db9f9e2ef844c25b3ff7
                                                                              • Opcode Fuzzy Hash: 7e6c7b5e9f1911dadb928d48040b839692f690b6300d13ab27b66d35542103ab
                                                                              • Instruction Fuzzy Hash: 703188319001089BCB04EBA9DD52AEEB7B9EF58304F54416EF402B32D2EF385E04CBA5
                                                                              Function 00596310 Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00596358
                                                                                • Part of subcall function 00439D30: Mailbox.LIBCMTD ref: 00439D5D
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 005963BE
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005963E2
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0059640E
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00596426
                                                                                • Part of subcall function 00595D10: _DebugHeapAllocator.LIBCPMTD ref: 00595DE2
                                                                                • Part of subcall function 00595D10: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00595DF7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeap$Iterator_baseIterator_base::_Mailboxstd::_
                                                                              • String ID:
                                                                              • API String ID: 4240711152-0
                                                                              • Opcode ID: fdaa3872b95d48a09f655429efc9243043a8cb7b3dacbbd3265ecf87f0b5d917
                                                                              • Instruction ID: 8e7fb1d357dd9999e9d34fa15bf28f470bea1878b8386c664d35ac8586319b5d
                                                                              • Opcode Fuzzy Hash: fdaa3872b95d48a09f655429efc9243043a8cb7b3dacbbd3265ecf87f0b5d917
                                                                              • Instruction Fuzzy Hash: B7312D71914118ABDF08DFA9D892FEEB7B5FF48354F40811DF416A7291DB38AA04CBA4
                                                                              Function 0044C3C0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __aligned_free_memcpy_s_memset
                                                                              • String ID:
                                                                              • API String ID: 131021279-0
                                                                              • Opcode ID: afa25b31c60fb29722bbc8a347988310025f8128a798a1c2831d85ad178a799f
                                                                              • Instruction ID: 292afb3858f86bab85187fe2feb755ece37b051b5c8dbfed2eb7fbee37cd3cc5
                                                                              • Opcode Fuzzy Hash: afa25b31c60fb29722bbc8a347988310025f8128a798a1c2831d85ad178a799f
                                                                              • Instruction Fuzzy Hash: 9021CBB36061216BF640AB69BC81BAF6359DFC532CF09443BF50593212E568DD4582EB
                                                                              Function 0061E030 Relevance: 7.6, APIs: 5, Instructions: 85fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0061DDB0: WaitForSingleObject.KERNEL32(00000000,00000000), ref: 0061DDD1
                                                                              • CreateFileW.KERNEL32(?,00000001,00000007,00000000,00000003,42000000,00000000), ref: 0061E096
                                                                              • _memset.LIBCMT ref: 0061E0BB
                                                                              • _memset.LIBCMT ref: 0061E0D1
                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0061E0E1
                                                                              • ReadDirectoryChangesW.KERNEL32(?,00000233,00002000,00000000,00000010,00000000,?,00000000), ref: 0061E121
                                                                                • Part of subcall function 0061DD20: SetEvent.KERNEL32(E58BF845,?,?,00419C31), ref: 0061DD31
                                                                                • Part of subcall function 0061DD20: WaitForSingleObject.KERNEL32(8B000000,000000FF), ref: 0061DD4F
                                                                                • Part of subcall function 0061DD20: CloseHandle.KERNEL32(8B000000), ref: 0061DD5F
                                                                                • Part of subcall function 0061DD20: CloseHandle.KERNEL32(00F845C7), ref: 0061DD7C
                                                                                • Part of subcall function 0061DD20: CloseHandle.KERNEL32(00000000), ref: 0061DD95
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle$CreateEventObjectSingleWait_memset$ChangesDirectoryFileRead
                                                                              • String ID:
                                                                              • API String ID: 76358834-0
                                                                              • Opcode ID: 7ad1d11f33d188a69b062c73402d44e7133950430f8f82be96c3092485475f68
                                                                              • Instruction ID: 6b8599443c7f953a5ad0959f86a34731d7ef3b0177f082e2ad6302882bed5721
                                                                              • Opcode Fuzzy Hash: 7ad1d11f33d188a69b062c73402d44e7133950430f8f82be96c3092485475f68
                                                                              • Instruction Fuzzy Hash: 6031A5B4A40304BBEB14EB90EC56FAE7B75AF44704F144069F7056B3C2D671BA81CB98
                                                                              Function 0058DB20 Relevance: 7.6, APIs: 5, Instructions: 85COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: codecvt
                                                                              • String ID:
                                                                              • API String ID: 3662085145-0
                                                                              • Opcode ID: 531b2ba163f45e967a68a6b8fb90b63165863854b7225e64766bfd58508f7b68
                                                                              • Instruction ID: bd2b283c7f3baa35d0da0cb015ed33b818fc9bc4e7316b3b4ca3027519883106
                                                                              • Opcode Fuzzy Hash: 531b2ba163f45e967a68a6b8fb90b63165863854b7225e64766bfd58508f7b68
                                                                              • Instruction Fuzzy Hash: A4418DB4E006089FDB04DF99C8A9BEEBBF1BB48305F14816AE8157B391C7752941CFA4
                                                                              Function 0060ABB0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Line$Move
                                                                              • String ID:
                                                                              • API String ID: 3367123170-0
                                                                              • Opcode ID: 1b00d865965d5e221935d35a17fd822e7251cd9ae67ac1f037d37b5891aa61a6
                                                                              • Instruction ID: a2a6e6cfe38db4168e5b81dbb9445d49231e731c548dd37137c22a131039d853
                                                                              • Opcode Fuzzy Hash: 1b00d865965d5e221935d35a17fd822e7251cd9ae67ac1f037d37b5891aa61a6
                                                                              • Instruction Fuzzy Hash: E8211C7921010AEFCB44CF58D998DAAB7BAFB8C314B14C249FD198B355D631EA41CBA0
                                                                              Function 00639A00 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreatePen.GDI32(00000005,00000000,00000000), ref: 00639A26
                                                                              • SelectObject.GDI32(?,?), ref: 00639A37
                                                                              • SelectObject.GDI32(?,?), ref: 00639A63
                                                                              • Rectangle.GDI32(?,?,?,?,?), ref: 00639A8B
                                                                              • DeleteObject.GDI32(?), ref: 00639A95
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Select$CreateDeleteRectangle
                                                                              • String ID:
                                                                              • API String ID: 3451791924-0
                                                                              • Opcode ID: 417611774d5ccf72395bab6ddb0e027944538a4a927ad44856f9490b575943ca
                                                                              • Instruction ID: f6c511330275696032926d26edb5f863a450c00050ff52587c353d672297e780
                                                                              • Opcode Fuzzy Hash: 417611774d5ccf72395bab6ddb0e027944538a4a927ad44856f9490b575943ca
                                                                              • Instruction Fuzzy Hash: B921CE75A0420AEFCB04DF95D989DAEBBFAFB8C300F148159E91997354D730AA41CFA0
                                                                              Function 0061EDD0 Relevance: 7.5, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 2000$NT %d.%d$Server 2003$Vista
                                                                              • API String ID: 0-1835974898
                                                                              • Opcode ID: 99eb3c78fef11e9d7b7b6678135592d29d0eb137f2cd4d04ee4af6931bd63222
                                                                              • Instruction ID: 38b629793227169058951ae4bd18ec3fa78764a809389dd3a7067d823d13b8a4
                                                                              • Opcode Fuzzy Hash: 99eb3c78fef11e9d7b7b6678135592d29d0eb137f2cd4d04ee4af6931bd63222
                                                                              • Instruction Fuzzy Hash: AD113930600299EBDF349E9598085E636A7EB15329F1C883AFE15C5300C376D9D9CB92
                                                                              Function 0049D520 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 0049D52C
                                                                                • Part of subcall function 0049A071: __getptd_noexit.LIBCMT ref: 0049A074
                                                                                • Part of subcall function 0049A071: __amsg_exit.LIBCMT ref: 0049A081
                                                                              • __amsg_exit.LIBCMT ref: 0049D54C
                                                                              • __lock.LIBCMT ref: 0049D55C
                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0049D579
                                                                              • InterlockedIncrement.KERNEL32(027D2D50), ref: 0049D5A4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 4271482742-0
                                                                              • Opcode ID: dada0bab819e470f26331a3e977be5378bc27cfdb4c3ec596db9d9f251fdbae7
                                                                              • Instruction ID: 540d33c4d9fcf9ed1cf7df9e77bdfb9a441a1e54057ba0c2371018287a886859
                                                                              • Opcode Fuzzy Hash: dada0bab819e470f26331a3e977be5378bc27cfdb4c3ec596db9d9f251fdbae7
                                                                              • Instruction Fuzzy Hash: 79016131D04621ABCF15AF25940676E7BA0AB44738F46803BE81467395C73C6D42DBDA
                                                                              Function 0063E140 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CaptureCursor$Release
                                                                              • String ID:
                                                                              • API String ID: 4250036110-0
                                                                              • Opcode ID: 2261a30da25c6479ba42f338f95a8ac409e7b763e81db19ed679b08c42a0c867
                                                                              • Instruction ID: 524284fb96c4a3d82fbe8686601b6d7e881199c706d0ec00ca7a2aa2a0a8659e
                                                                              • Opcode Fuzzy Hash: 2261a30da25c6479ba42f338f95a8ac409e7b763e81db19ed679b08c42a0c867
                                                                              • Instruction Fuzzy Hash: E5012C31200108AFCB04EFA8D989DAA7B7BEF84300F148198F8098B295DB31E951CBF1
                                                                              Function 004170A0 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 004170B3
                                                                              • GetParent.USER32(00000000), ref: 004170BA
                                                                              • GetDlgItem.USER32(?,00003021), ref: 004170CC
                                                                              • SetWindowLongW.USER32(?,000000FC,00649980), ref: 004170E0
                                                                              • SetWindowLongW.USER32(?,000000EB,?), ref: 004170F3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: LongParentWindow$Item
                                                                              • String ID:
                                                                              • API String ID: 4246766449-0
                                                                              • Opcode ID: 4696704a662e3ef3ca9c3d2d02e2089ef0476af582143e3e5b2892b57d906ec2
                                                                              • Instruction ID: 1c5662ee0af379f5a55c3e28f9e9607ca88cab61028813fefcef8b43337be849
                                                                              • Opcode Fuzzy Hash: 4696704a662e3ef3ca9c3d2d02e2089ef0476af582143e3e5b2892b57d906ec2
                                                                              • Instruction Fuzzy Hash: 1EF0F479921208FBDB04DFA4EC4CDAEBB79EB48311F109659FA1297290C6759A50CB70
                                                                              Function 0041CEB0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 258COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: char_traits
                                                                              • String ID:
                                                                              • API String ID: 1158913984-3916222277
                                                                              • Opcode ID: 99f7570298ce655c7ecb4076464e9f03da24d8f7cf99cad76c575a908db6669e
                                                                              • Instruction ID: 9819586094ccd5ed4c77b7caf053abd156bbd12f7c3685144085c89ac062a9bd
                                                                              • Opcode Fuzzy Hash: 99f7570298ce655c7ecb4076464e9f03da24d8f7cf99cad76c575a908db6669e
                                                                              • Instruction Fuzzy Hash: 72A10FB5E00109DBCB04DB99C9919FEB7B6BF88304F10815AE516A7391DB386E42CB98
                                                                              Function 00461980 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 248COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00462040: __CxxThrowException@8.LIBCMT ref: 004620F2
                                                                                • Part of subcall function 004437D0: __CxxThrowException@8.LIBCMT ref: 00443885
                                                                              • __CxxThrowException@8.LIBCMT ref: 00461A68
                                                                              • _memset.LIBCMT ref: 00461B24
                                                                              Strings
                                                                              • BaseN_Decoder, xrefs: 004619C8
                                                                              • BaseN_Decoder: Log2Base must be between 1 and 7 inclusive, xrefs: 00461A3E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8Throw$_memset
                                                                              • String ID: BaseN_Decoder$BaseN_Decoder: Log2Base must be between 1 and 7 inclusive
                                                                              • API String ID: 688418471-2570249901
                                                                              • Opcode ID: b0031809ac43b8494ea2fd8b837a4ebbe5ceb7ecca8ef28a2148eee501d36a16
                                                                              • Instruction ID: a1a8939b07d2bf6f4d220682638bf75ae0b8242008f0b121526deeb4dcb300e9
                                                                              • Opcode Fuzzy Hash: b0031809ac43b8494ea2fd8b837a4ebbe5ceb7ecca8ef28a2148eee501d36a16
                                                                              • Instruction Fuzzy Hash: 3C81A375604B058FC724DF69D49092BB3E5FF88714B144A2EE48687B91EB38F809CB99
                                                                              Function 00634700 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 201COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00634728
                                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00634737
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Iterator_baseIterator_base::_std::_
                                                                              • String ID: /#STRINGS$/#WINDOWS
                                                                              • API String ID: 370429920-197354952
                                                                              • Opcode ID: 12e3f852c05fdef905195e1f23531a0e9bb461312bb449e21285e6a1c9d4ce57
                                                                              • Instruction ID: 0b12da4c9769bf96d7099bab273a58ed4d2111153a492d948016c226462c8af8
                                                                              • Opcode Fuzzy Hash: 12e3f852c05fdef905195e1f23531a0e9bb461312bb449e21285e6a1c9d4ce57
                                                                              • Instruction Fuzzy Hash: 0D816071D00248EBCB04DBE4D851BFEFB76AF95314F54819DE4156B282EB38AB44CBA4
                                                                              Function 006211D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 183windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000143,00000000,00000000), ref: 00621401
                                                                                • Part of subcall function 0060BCD0: RegOpenKeyExW.KERNEL32(00000000,00020019,00000000,00020019,00000000,80000002), ref: 0060BCF6
                                                                                • Part of subcall function 0060BCD0: RegQueryValueExW.ADVAPI32(80000002,00000000,00000000,00000000,00000000,?), ref: 0060BD17
                                                                                • Part of subcall function 0060BCD0: _calloc.LIBCMT ref: 0060BD31
                                                                                • Part of subcall function 0060BCD0: RegQueryValueExW.ADVAPI32(80000002,00000000,00000000,00000000,00000000,?), ref: 0060BD50
                                                                                • Part of subcall function 0060BCD0: RegCloseKey.ADVAPI32(80000002), ref: 0060BD71
                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0062137D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageQuerySendValue$CloseOpen_calloc
                                                                              • String ID: "%s" %s$notepad %f
                                                                              • API String ID: 1028837981-3891692191
                                                                              • Opcode ID: 85c4a3d925f2e824d8562a4ab49e5abf110c387b869737cb0c8cae65d6340c95
                                                                              • Instruction ID: 1c891703758e0d806e0e30931f8873797e34e2c4b1cb76b399dc134b845e5dff
                                                                              • Opcode Fuzzy Hash: 85c4a3d925f2e824d8562a4ab49e5abf110c387b869737cb0c8cae65d6340c95
                                                                              • Instruction Fuzzy Hash: 6A717E71D00119DBCB08DF94D846EFEB7BAFB65304F14412EE116AB682DB34AA40CFA5
                                                                              Function 0069AFD0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ?
                                                                              • API String ID: 0-1684325040
                                                                              • Opcode ID: b8ab814a512ae2210bc018a83c3134e1292534f708ea0aebe5f4761ffaf2a59c
                                                                              • Instruction ID: d7401c8c23224a56a999dec747aaef169654aff94e5ef08ca2be9b4d923177bd
                                                                              • Opcode Fuzzy Hash: b8ab814a512ae2210bc018a83c3134e1292534f708ea0aebe5f4761ffaf2a59c
                                                                              • Instruction Fuzzy Hash: 9B51BF70904119ABCF148F91E9A16FE77BBAF45701F14D05AFC659A740E338CA91EBA0
                                                                              Function 00588C90 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy
                                                                              • String ID: rar
                                                                              • API String ID: 3048848545-1792618458
                                                                              • Opcode ID: fd3f1c536aa413ece637b8ae6a741943ca8ae3ab53c6ea70c39df8e0f686b169
                                                                              • Instruction ID: 4810a21e823684e691725214c68d609ce3fb261c851efded21c4b81136cd8238
                                                                              • Opcode Fuzzy Hash: fd3f1c536aa413ece637b8ae6a741943ca8ae3ab53c6ea70c39df8e0f686b169
                                                                              • Instruction Fuzzy Hash: 7651C1B5900119ABCB18EF50CC92AFE7B75FF54300F5085A9F915AB281EF349E44CBA1
                                                                              Function 0041E7C0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 160COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: swprintf
                                                                              • String ID: $$$$l
                                                                              • API String ID: 233258989-1469801561
                                                                              • Opcode ID: a9b85625c491c1e54c7bf65cb2139b05fd2bec2af2b0fa107b82a6f103208a28
                                                                              • Instruction ID: cd43b89c9ca6c2b41783396c2bf020c1544704b23ca641f60351636eec085647
                                                                              • Opcode Fuzzy Hash: a9b85625c491c1e54c7bf65cb2139b05fd2bec2af2b0fa107b82a6f103208a28
                                                                              • Instruction Fuzzy Hash: 06616BB490060DDBDF14DF56D944BEE7BB4FF88300F0080DAE99862281CB399AA5CB59
                                                                              Function 005FFBD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 005FFCBB
                                                                              • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 005FFD0C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::task_options::get_scheduler
                                                                              • String ID: ANTa$ANTz
                                                                              • API String ID: 2117871860-70243402
                                                                              • Opcode ID: 88ef820c03091297d3ae6109946625560da08f1a11aa3e6673d14fc495e98c06
                                                                              • Instruction ID: c18eb48a26f1e2816471326b57dea3fab203f02fe11aeddd14bdcadc2fdd4ff9
                                                                              • Opcode Fuzzy Hash: 88ef820c03091297d3ae6109946625560da08f1a11aa3e6673d14fc495e98c06
                                                                              • Instruction Fuzzy Hash: 9B517D70D0020DDBCB04EBA5D855AEEBBB4BF14308F54416DF412AB2D2EF386A09DB95
                                                                              Function 0041EA00 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: swprintf
                                                                              • String ID: $$$$l
                                                                              • API String ID: 233258989-1469801561
                                                                              • Opcode ID: 15859a2536baf8da2bcf2dc322f16deee634910dfe06324e0cd50848fde29d66
                                                                              • Instruction ID: 8fe345f8919dcf1d0936b4d350f27d615ef76b925fb94bbd613d379438b4c342
                                                                              • Opcode Fuzzy Hash: 15859a2536baf8da2bcf2dc322f16deee634910dfe06324e0cd50848fde29d66
                                                                              • Instruction Fuzzy Hash: 19516E74D0421DDBDF14DF96D994BEEBBB4FF44300F00809AE95962281CB38AAA5CF59
                                                                              Function 005AD280 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Mailbox.LIBCMTD ref: 005AD332
                                                                              • Mailbox.LIBCMTD ref: 005AD36C
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005AD41B
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                              Strings
                                                                              • .\ext\libdjvu\DataPool.cpp, xrefs: 005AD2B7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Mailbox$Concurrency::cancellation_token_source::~cancellation_token_sourceException@8Throw_abort_strlen
                                                                              • String ID: .\ext\libdjvu\DataPool.cpp
                                                                              • API String ID: 246122283-651871522
                                                                              • Opcode ID: f1406289287acef29b6137c1d75b8490087ccec0250b9f7644deccbc3779ba23
                                                                              • Instruction ID: 819fb3ca19ad76b8cbb0beadbea8f2f54818dc1f4f41f4d7e0153c86504e9d29
                                                                              • Opcode Fuzzy Hash: f1406289287acef29b6137c1d75b8490087ccec0250b9f7644deccbc3779ba23
                                                                              • Instruction Fuzzy Hash: 2151E871D0020ADFCF04DF94C895AEEBBB1FF49308F10851AE5266B285D778AA45CFA4
                                                                              Function 00553310 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFullPathNameA.KERNEL32(0000002E,00000104,?,0059936C,00000105,7F608707), ref: 0055345B
                                                                                • Part of subcall function 005A0100: task.LIBCPMTD ref: 005A01AD
                                                                              • __chdir.LIBCMT ref: 0055336B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FullNamePath__chdirtask
                                                                              • String ID: .$.\ext\libdjvu\GOS.cpp
                                                                              • API String ID: 3480960552-478332086
                                                                              • Opcode ID: bff465b01d599633bd265d7dced71711c2ee5f349034225d58412337615bfd5a
                                                                              • Instruction ID: 7a94a5c6b5100da0ea5a704844c041dfe5e6ceafe8ac76ad1e07ab394dd2635b
                                                                              • Opcode Fuzzy Hash: bff465b01d599633bd265d7dced71711c2ee5f349034225d58412337615bfd5a
                                                                              • Instruction Fuzzy Hash: D4515AB1D042889BDF14DFE4D896BEEBFB4BF44304F20412EE515AB281DB746A48CB91
                                                                              Function 00605300 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 127COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LZXC$vk`$vk`
                                                                              • API String ID: 0-610516502
                                                                              • Opcode ID: 2af3851354f5bd4a38d69e587d4391663be8e9d492138b05b6856b927186c486
                                                                              • Instruction ID: e6e1fdf1347c92091ea43627a34917c27294744a008aa1416f972417fb795ec2
                                                                              • Opcode Fuzzy Hash: 2af3851354f5bd4a38d69e587d4391663be8e9d492138b05b6856b927186c486
                                                                              • Instruction Fuzzy Hash: A9412EB5650649EBCB08DF58DC81D9B33A6BF88314F148918F92A8B382E730E951CF94
                                                                              Function 00411710 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancellation_token::none.LIBCPMTD ref: 00411756
                                                                                • Part of subcall function 004919BA: type_info::_Name_base.LIBCMT ref: 004919C3
                                                                              • __CxxThrowException@8.LIBCMT ref: 00411868
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancellation_token::noneExceptionException@8Name_baseRaiseThrowtype_info::_
                                                                              • String ID: 8l$: Missing required parameter '
                                                                              • API String ID: 184721760-2688136609
                                                                              • Opcode ID: 4b853021ece5d990228ff1f00babafdc6204810cd3a70ebe856d48b0a4d027b2
                                                                              • Instruction ID: e3e3d6b95b790bafeb39d7fafa58ca9f6dc9e53f067120a40b8e0f74320d2e0b
                                                                              • Opcode Fuzzy Hash: 4b853021ece5d990228ff1f00babafdc6204810cd3a70ebe856d48b0a4d027b2
                                                                              • Instruction Fuzzy Hash: 88512771D04258DBDB14DBA5DC51FDDB7B4AB48304F1085EEE50AB7281EB346A88CF64
                                                                              Function 00614820 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00419420: EnterCriticalSection.KERNEL32(?,<_a,?,0061474A,?,?,?,00615F3C), ref: 00419435
                                                                              • GetTickCount.KERNEL32 ref: 00614891
                                                                                • Part of subcall function 00419450: LeaveCriticalSection.KERNEL32(<_a,<_a,?,00614777), ref: 0041945D
                                                                              • GetTickCount.KERNEL32 ref: 00614932
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CountCriticalSectionTick$EnterLeave
                                                                              • String ID: Nca$Nca
                                                                              • API String ID: 1992965235-2187002714
                                                                              • Opcode ID: 26e2bdbca7e43f51d5712c18318c30f5ff8ddda6d856bb5295266d4a7d3d07a6
                                                                              • Instruction ID: 73bb12d4afa387b1bd9986aea3a85c14a837f278ef0b0c79e1c916316ee04324
                                                                              • Opcode Fuzzy Hash: 26e2bdbca7e43f51d5712c18318c30f5ff8ddda6d856bb5295266d4a7d3d07a6
                                                                              • Instruction Fuzzy Hash: E6412C74A0020ADFCB09DF94C5959EEBBB2FF55304F5482A9D819AF345DB31AE81CB90
                                                                              Function 00650450 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • AppendMenuW.USER32(00650BEF,00000800,00000000,00000000), ref: 006504E6
                                                                              • AppendMenuW.USER32(00650BEF,00000000,00650BEF,00000000), ref: 0065051E
                                                                                • Part of subcall function 00637FA0: _calloc.LIBCMT ref: 00637FB6
                                                                              • AppendMenuW.USER32(00650BEF,00000000,00650BEF,?), ref: 0065054B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AppendMenu$_calloc
                                                                              • String ID: -----
                                                                              • API String ID: 260452380-4165711970
                                                                              • Opcode ID: fc63700ab9602d042da39409a48c6c8568eb48f54d881df6b01d8bd6c7cf8c9e
                                                                              • Instruction ID: 26db76c5a86f519f98f2b926ec32489d747fdd50daa218e13d0c7d3ebce76ec4
                                                                              • Opcode Fuzzy Hash: fc63700ab9602d042da39409a48c6c8568eb48f54d881df6b01d8bd6c7cf8c9e
                                                                              • Instruction Fuzzy Hash: 7D3182B5E00209EBDB04DF94D846EBEB7B7FF44301F148158EA16A7281E630EA05CFA5
                                                                              Function 005FB2D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • codecvt.LIBCPMTD ref: 005FB3F1
                                                                                • Part of subcall function 005FA110: _fprintf.LIBCMT ref: 005FA129
                                                                                • Part of subcall function 005FA110: _abort.LIBCMT ref: 005FA131
                                                                              Strings
                                                                              • .\ext\libdjvu\miniexp.cpp, xrefs: 005FB2E4
                                                                              • .\ext\libdjvu\miniexp.cpp, xrefs: 005FB396
                                                                              • .\ext\libdjvu\miniexp.cpp, xrefs: 005FB341
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _abort_fprintfcodecvt
                                                                              • String ID: .\ext\libdjvu\miniexp.cpp$.\ext\libdjvu\miniexp.cpp$.\ext\libdjvu\miniexp.cpp
                                                                              • API String ID: 2314832671-2753423717
                                                                              • Opcode ID: cfe0ff55a6dcc9d6a6323e3c195a32e00e2109a80d8cd2b9b39ab8e9edd2a864
                                                                              • Instruction ID: ad5231a97c9926f5c8d8bf7fb28ddcc613299e27b7de4f2600fbbb55c937ab6f
                                                                              • Opcode Fuzzy Hash: cfe0ff55a6dcc9d6a6323e3c195a32e00e2109a80d8cd2b9b39ab8e9edd2a864
                                                                              • Instruction Fuzzy Hash: 05319CB4D4824DDBEB04DFD4E886B7DBBB1BB44304F244459E6056B3A0E7B96E40DB82
                                                                              Function 006A3730 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • task.LIBCPMTD ref: 006A381E
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 006A3836
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                              Strings
                                                                              • .\ext\libdjvu\DjVuNavDir.cpp, xrefs: 006A37D4
                                                                              • .\ext\libdjvu\DjVuNavDir.cpp, xrefs: 006A3784
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceException@8Throw_abort_strlentask
                                                                              • String ID: .\ext\libdjvu\DjVuNavDir.cpp$.\ext\libdjvu\DjVuNavDir.cpp
                                                                              • API String ID: 4029378652-2997515223
                                                                              • Opcode ID: 91c8cd1e722dacaa75ae0ecc973141f5140348bd9c6f56e9e49a61405aca3b6a
                                                                              • Instruction ID: 6821154a83d8c8a9c0a71e5f61a4765d011f87dd8adb60228122e78bc470de10
                                                                              • Opcode Fuzzy Hash: 91c8cd1e722dacaa75ae0ecc973141f5140348bd9c6f56e9e49a61405aca3b6a
                                                                              • Instruction Fuzzy Hash: 7B316970900248EBCF10EF98D852B9EBBB4FF54308F148119F415AB391DB78AA06CB55
                                                                              Function 0041A400 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • codecvt.LIBCPMTD ref: 0041A4DE
                                                                                • Part of subcall function 00637FA0: _calloc.LIBCMT ref: 00637FB6
                                                                              • MessageBoxW.USER32(?,00000000,Haihaisoft PDF Reader Update), ref: 0041A4B6
                                                                              Strings
                                                                              • Haihaisoft PDF Reader Update, xrefs: 0041A49E
                                                                              • Can't connect to the Internet (error %#x)., xrefs: 0041A469
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Message_calloccodecvt
                                                                              • String ID: Can't connect to the Internet (error %#x).$Haihaisoft PDF Reader Update
                                                                              • API String ID: 3663632798-883611983
                                                                              • Opcode ID: 5fa02ecbbdcefb57553b0c278469c937561dfb656f19c5a8d702a5101b046a17
                                                                              • Instruction ID: 80c61090a8988cbf174374d8d9257f1b7ef450ab61991dca5e5f3dec187565e1
                                                                              • Opcode Fuzzy Hash: 5fa02ecbbdcefb57553b0c278469c937561dfb656f19c5a8d702a5101b046a17
                                                                              • Instruction Fuzzy Hash: 1D31C3B4E001199FDB08DF90D949EBFB7B2AF84304F14819DE40567382D778AE40CBA6
                                                                              Function 00638D90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000113E,00000000,0000000C), ref: 00638DC9
                                                                              • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00638E4D
                                                                              • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00638E75
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-3916222277
                                                                              • Opcode ID: 0662551a99972fb8d49438fe6d5820137a45defddd13b0f33dad5cf4d344d9fc
                                                                              • Instruction ID: d2b32e83353a6bddbd47ff5d67d262a2981f9f888da56f68de8d6e1deff176d7
                                                                              • Opcode Fuzzy Hash: 0662551a99972fb8d49438fe6d5820137a45defddd13b0f33dad5cf4d344d9fc
                                                                              • Instruction Fuzzy Hash: 19313E70A01208AFDF08CF94D955FEDB7B6EF48305F148158F9056B381DB749A80CB94
                                                                              Function 00638660 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000113E,00000000,0000000C), ref: 006386A0
                                                                              • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 006386FB
                                                                              • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00638732
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-3916222277
                                                                              • Opcode ID: 8aabff0a8f75fe8c5116bb9bdbdaed0182df20c48f87bec0e2fa61cefa5a4b0f
                                                                              • Instruction ID: 2b4443d5b3527850515aebf3313b9ea3373754b97a204b5bc0f6638e71cf4d79
                                                                              • Opcode Fuzzy Hash: 8aabff0a8f75fe8c5116bb9bdbdaed0182df20c48f87bec0e2fa61cefa5a4b0f
                                                                              • Instruction Fuzzy Hash: 8F31D875A01308EFDB48CF94D889BDEB7B6EB89310F208559F9159B380D7749A81CF94
                                                                              Function 006255F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0062561D
                                                                                • Part of subcall function 0060C410: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,0062563A,00000000,?,00000400), ref: 0060C42C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile_memset
                                                                              • String ID: %PDF$.pdf$sfA
                                                                              • API String ID: 3830271748-2037257956
                                                                              • Opcode ID: 8b26d028b3eec5e41d9d166b68807c9af37884973a2ef525d5b2fa83b61124e2
                                                                              • Instruction ID: 84ce0e0d0201667a88deaec4c2a9b5d7a7c35f16421470ba10e8b924bcd57d33
                                                                              • Opcode Fuzzy Hash: 8b26d028b3eec5e41d9d166b68807c9af37884973a2ef525d5b2fa83b61124e2
                                                                              • Instruction Fuzzy Hash: CC21F9F490062C97DF34DF11EC417F937656B04308F9085ACEB0A6B292E6749A899F5D
                                                                              Function 00620010 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • StackWalk64() couldn't get even the first stack frame info, xrefs: 006200F6
                                                                              • , xrefs: 006200B9
                                                                              • GetCallstack(): CanStackWalk() returned false, xrefs: 00620027
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: $GetCallstack(): CanStackWalk() returned false$StackWalk64() couldn't get even the first stack frame info
                                                                              • API String ID: 2102423945-84072386
                                                                              • Opcode ID: c527269b0e18296b82b49f384f2fd9a1decc914f65f662bdd472292135bbd482
                                                                              • Instruction ID: 713c77b567ae8dfddd0d60b78bd6253d1a86543378c566ce6876526e8ab03179
                                                                              • Opcode Fuzzy Hash: c527269b0e18296b82b49f384f2fd9a1decc914f65f662bdd472292135bbd482
                                                                              • Instruction Fuzzy Hash: BD2153709042189BDF18DF54E851BEDB7B5BF18314F1082AEE91DAB381D7B49A81CF85
                                                                              Function 005E37C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: 8$=wb8$=wb8
                                                                              • API String ID: 2102423945-704952777
                                                                              • Opcode ID: 33ca512d657041ae08f149005fe39a984d0d172e55e919d8a8de5f981a1770cf
                                                                              • Instruction ID: 02c0722d46c3c90a83a6b35ee30405a14b365725bf85fd24c3f8ba3edb56be50
                                                                              • Opcode Fuzzy Hash: 33ca512d657041ae08f149005fe39a984d0d172e55e919d8a8de5f981a1770cf
                                                                              • Instruction Fuzzy Hash: 431157B5D00209BBDB08EFA5D846E9E7F74FB48304F508559F9456B382EA35D744CB90
                                                                              Function 0058CA00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen_wcscpy_wcslen
                                                                              • String ID: Fo
                                                                              • API String ID: 3847904412-3723042443
                                                                              • Opcode ID: df376f382fd166afb318304c29e0fc0aecd0cdfc4441cf556233adcd3c5f7bab
                                                                              • Instruction ID: 24a927f866f56710a79de6f1b062cd680dec75243a6e1cc0f3e9b071ce012d9f
                                                                              • Opcode Fuzzy Hash: df376f382fd166afb318304c29e0fc0aecd0cdfc4441cf556233adcd3c5f7bab
                                                                              • Instruction Fuzzy Hash: 0A114DB5D00108ABCF04EF95D851A9DBB79FF48308F00C16DE80997302D635AA14CB55
                                                                              Function 00462040 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __CxxThrowException@8.LIBCMT ref: 004620F2
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionException@8RaiseThrow
                                                                              • String ID: 8l$: missing required parameter '$BaseN_Decoder
                                                                              • API String ID: 3976011213-709748889
                                                                              • Opcode ID: 20d3fa9147de5cfba433d538085625f76a25675b62c2498a54482641cc990170
                                                                              • Instruction ID: 9169b250c73f33ca1d4e60f54d0b2dc97f0d680da3e26edbc855a9ee6c0fcbef
                                                                              • Opcode Fuzzy Hash: 20d3fa9147de5cfba433d538085625f76a25675b62c2498a54482641cc990170
                                                                              • Instruction Fuzzy Hash: 5811737114C740AEE325EB55CC41F9B77E8AB99708F004E2DF19A936C1DB79A108C767
                                                                              Function 0060B380 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0060B3A7
                                                                              • CreateProcessW.KERNEL32(00000000,08000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,00000000), ref: 0060B3D2
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0060B3EE
                                                                                • Part of subcall function 0060AEC0: GetLastError.KERNEL32 ref: 0060AED1
                                                                                • Part of subcall function 0060AEC0: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,00000000,00000000,00000000), ref: 0060AEF2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreateErrorFormatHandleLastMessageProcess_memset
                                                                              • String ID: D
                                                                              • API String ID: 1319719527-2746444292
                                                                              • Opcode ID: de05b7dc766470df062ff4b02b316e8eefc43be545beb792ccdd68735c7282d9
                                                                              • Instruction ID: 96539e6a91fbdca5ab83a45c1abcfa0a461198fa18e1dd77b0e0da09bef98f3f
                                                                              • Opcode Fuzzy Hash: de05b7dc766470df062ff4b02b316e8eefc43be545beb792ccdd68735c7282d9
                                                                              • Instruction Fuzzy Hash: 8E0121B5A40348ABEB54DFE4CC46FEE7BB9AB04704F108419F619AA2C0E7B4A5048B55
                                                                              Function 0060C2E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33filetimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(n5b,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0060C308
                                                                              • GetFileTime.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0060C323
                                                                              • CloseHandle.KERNEL32(000000FF), ref: 0060C32D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: File$CloseCreateHandleTime
                                                                              • String ID: n5b
                                                                              • API String ID: 3397143404-3162897914
                                                                              • Opcode ID: c3be79d7759b6767386cf09cc4532a90fadd99f609f80ceec726986cce9e93f2
                                                                              • Instruction ID: c8bad4487f5f6340ae8d023d06cde0aea7f66b7e80c084d08237ea8b04f31240
                                                                              • Opcode Fuzzy Hash: c3be79d7759b6767386cf09cc4532a90fadd99f609f80ceec726986cce9e93f2
                                                                              • Instruction Fuzzy Hash: FDF03074A40308FBDB24DFA4DD49FADB775EB48710F108299FA14AB2C0D671AB058B94
                                                                              Function 0060B2B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCursorPos.USER32(Ic), ref: 0060B2BA
                                                                                • Part of subcall function 00413BC0: GetWindowRect.USER32(?,?), ref: 00413BD9
                                                                              • _Smanip.LIBCPMTD ref: 0060B2D7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CursorRectSmanipWindow
                                                                              • String ID: Ic$Ic
                                                                              • API String ID: 1368326375-1812672372
                                                                              • Opcode ID: c87fd7371cff4e53e688432b89fb6b1038ac76ddcdb2bb10f27358a764a3f9d5
                                                                              • Instruction ID: 876ddfa3e819764d72742e6bb2e0bbef9dfa2be873fd9a51d30d2244cc236713
                                                                              • Opcode Fuzzy Hash: c87fd7371cff4e53e688432b89fb6b1038ac76ddcdb2bb10f27358a764a3f9d5
                                                                              • Instruction Fuzzy Hash: CEE0ED76914008ABCB08EFD5D895CEFBB7DAF88300F00415AB60657191EA34AA45CBE4
                                                                              Function 00548660 Relevance: 6.3, APIs: 4, Instructions: 286COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcscpy.LIBCMT ref: 0054873F
                                                                                • Part of subcall function 00548440: _strlen.LIBCMT ref: 0054845D
                                                                                • Part of subcall function 00548440: _wcslen.LIBCMT ref: 00548476
                                                                              • OemToCharA.USER32(00000000,00000000), ref: 005488CF
                                                                              • _wcscpy.LIBCMT ref: 00548961
                                                                              • _wcscpy.LIBCMT ref: 00548976
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy$Char_strlen_wcslen
                                                                              • String ID:
                                                                              • API String ID: 245325593-0
                                                                              • Opcode ID: 03645c53e081be771cde6d588f317fe970de99e2db1d45c6ea28f15fa4483dd7
                                                                              • Instruction ID: ddc63f267630e562565cb7eb45151ea656f5a3437b0dcd04849fc763f0f8e58a
                                                                              • Opcode Fuzzy Hash: 03645c53e081be771cde6d588f317fe970de99e2db1d45c6ea28f15fa4483dd7
                                                                              • Instruction Fuzzy Hash: D6B1F570800249ABCF24DF54DC45BFE7BB4BF54308F1484A9F90597281EB799A98CBA2
                                                                              Function 005F9150 Relevance: 6.3, APIs: 4, Instructions: 256COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Char_wcsncpy
                                                                              • String ID:
                                                                              • API String ID: 874183948-0
                                                                              • Opcode ID: 8cd0c0e063ca70fd8e33f8ecb2bf5b113ba5001f7e14090b7a37849805e25ec9
                                                                              • Instruction ID: 23588ce5748bba964768f75e3693b0fa2b6f34f8b0fc574c2672c87b607b45b2
                                                                              • Opcode Fuzzy Hash: 8cd0c0e063ca70fd8e33f8ecb2bf5b113ba5001f7e14090b7a37849805e25ec9
                                                                              • Instruction Fuzzy Hash: 4EA192B0A0410A9BDB04DF99C855BBFB7B6FF85304F24452CE505BB382D739AA05CB66
                                                                              Function 00450590 Relevance: 6.3, APIs: 4, Instructions: 251COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0046A9E0: _memset.LIBCMT ref: 0046AA6E
                                                                                • Part of subcall function 0046A9E0: _memset.LIBCMT ref: 0046AA88
                                                                              • _memcpy_s.LIBCMT ref: 0045067D
                                                                              • _memcpy_s.LIBCMT ref: 004506B6
                                                                              • _memcpy_s.LIBCMT ref: 0045070F
                                                                              • _memcpy_s.LIBCMT ref: 00450753
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memcpy_s$_memset
                                                                              • String ID:
                                                                              • API String ID: 834817721-0
                                                                              • Opcode ID: b94ee1dc4a0b51e0454a37a465d50ff04aff50cb4fa52caa29a9aa9b801c7252
                                                                              • Instruction ID: 0a38b5d0c14fcaeb8f825e79ae1af3515652a007bbdd42938365ed9ae67bb83d
                                                                              • Opcode Fuzzy Hash: b94ee1dc4a0b51e0454a37a465d50ff04aff50cb4fa52caa29a9aa9b801c7252
                                                                              • Instruction Fuzzy Hash: 729171716143119FC314EF15C891A6FB7E8BF88718F44491EF58997282DB34ED08CB96
                                                                              Function 004209F0 Relevance: 6.2, APIs: 4, Instructions: 227COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: char_traits$std::ios_base::width
                                                                              • String ID:
                                                                              • API String ID: 735177774-0
                                                                              • Opcode ID: 5ab9289468a4b9295da69cfb8ede3a83f00b1031e90c59093993af64d468bdbb
                                                                              • Instruction ID: e52e9286ac8bb7e3fd8ce2fac2a381f5369b32ce21e82650f69d2c153a846f87
                                                                              • Opcode Fuzzy Hash: 5ab9289468a4b9295da69cfb8ede3a83f00b1031e90c59093993af64d468bdbb
                                                                              • Instruction Fuzzy Hash: 6D916274A00218DFCB04DF95D491AEEBBB1FF48348F50811EE9066B352DB38AE41CB99
                                                                              Function 0059EA70 Relevance: 6.2, APIs: 4, Instructions: 189memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _strncpy$AllocatorDebugHeap_memset
                                                                              • String ID:
                                                                              • API String ID: 2452650558-0
                                                                              • Opcode ID: 2ceb884c6cfdd7d949ec0213554bf04b1110fb36bdb664fa35d4e1b706388c64
                                                                              • Instruction ID: 8d982c40217228a7772d61d258b949b74e2c2e60907829102eccadb3d1aea9f8
                                                                              • Opcode Fuzzy Hash: 2ceb884c6cfdd7d949ec0213554bf04b1110fb36bdb664fa35d4e1b706388c64
                                                                              • Instruction Fuzzy Hash: 6281D171E00119DFCF04DFD8D991AEEBBB6BF88304F148559E406AB295DB74AE04CBA4
                                                                              Function 00602780 Relevance: 6.2, APIs: 4, Instructions: 181memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::bad_exception::bad_exception.LIBCMTD ref: 0060280D
                                                                              • std::bad_exception::bad_exception.LIBCMTD ref: 00602877
                                                                                • Part of subcall function 0059A780: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0059A838
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 006029E5
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00602A0D
                                                                                • Part of subcall function 0042AAB0: std::bad_exception::~bad_exception.LIBCMTD ref: 0042AAEC
                                                                                • Part of subcall function 0042AAB0: std::bad_exception::~bad_exception.LIBCMTD ref: 0042AAFB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourcestd::bad_exception::bad_exceptionstd::bad_exception::~bad_exception$AllocatorDebugHeap
                                                                              • String ID:
                                                                              • API String ID: 3750965065-0
                                                                              • Opcode ID: 271bea7f9b2de907062c0a970c533cdb0d715046d14d6d6abf428a54c23f1f3c
                                                                              • Instruction ID: 731cabe2b7ea139fc0fe308d769bfd30f031cbebfee23ee393c1ec859db79c63
                                                                              • Opcode Fuzzy Hash: 271bea7f9b2de907062c0a970c533cdb0d715046d14d6d6abf428a54c23f1f3c
                                                                              • Instruction Fuzzy Hash: 32814870D04259DFDF14DBA8C955BEEBBB1AF54304F10819DE449A7282DB742E84CFA2
                                                                              Function 00641860 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemMetrics.USER32(00000044), ref: 0064188F
                                                                              • GetSystemMetrics.USER32(00000045), ref: 006418B2
                                                                              • GetSystemMetrics.USER32(00000044), ref: 0064192B
                                                                              • GetSystemMetrics.USER32(00000045), ref: 0064194E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem
                                                                              • String ID:
                                                                              • API String ID: 4116985748-0
                                                                              • Opcode ID: 8d7d8121221dc3b851f34f54480c5e1f92448aae71994862f12e49e5fa9dd65f
                                                                              • Instruction ID: 1fbd35b9d8ac722c9902cff6a4cb4f46776b7bdc4885840524e2482655d5b87b
                                                                              • Opcode Fuzzy Hash: 8d7d8121221dc3b851f34f54480c5e1f92448aae71994862f12e49e5fa9dd65f
                                                                              • Instruction Fuzzy Hash: 2D51A071600248ABDB00DF64C895AFA3BB7AF46344F088169FD495F382DB35DD86CB95
                                                                              Function 0058D680 Relevance: 6.1, APIs: 4, Instructions: 149fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WriteFile.KERNEL32(00000000,00000000,00004000,00000000,00000000,?,?,00000000), ref: 0058D750
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite
                                                                              • String ID:
                                                                              • API String ID: 3934441357-0
                                                                              • Opcode ID: e69c1225434814722f730cba664efb645c741f0c04332f746f0770fca18cc7cc
                                                                              • Instruction ID: 0cea7b6d96af6edb25bd66649af747e1e055dbdb56d74ea4911184bdc3a02d6f
                                                                              • Opcode Fuzzy Hash: e69c1225434814722f730cba664efb645c741f0c04332f746f0770fca18cc7cc
                                                                              • Instruction Fuzzy Hash: D6513870A0011AAFDB04EF98D954BBEBBF6BB84304F248559E905BB2C1C7759E41CBB1
                                                                              Function 0063C3B0 Relevance: 6.1, APIs: 4, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 511b01459904d5169c719835536bc5fc59d18b0d74fc589b7bd31facfea083a8
                                                                              • Instruction ID: da32ac860a2d4f00321944308e24b742c18a4b096dadccc80a3c5c2f07894afb
                                                                              • Opcode Fuzzy Hash: 511b01459904d5169c719835536bc5fc59d18b0d74fc589b7bd31facfea083a8
                                                                              • Instruction Fuzzy Hash: F2512B75600205AFCB04DF58D895EAA77B6BF88324F148169F9199F392DB30ED41CBD0
                                                                              Function 0059FC50 Relevance: 6.1, APIs: 4, Instructions: 108memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 0059FD7E
                                                                                • Part of subcall function 0059FA30: _setlocale.LIBCMT ref: 0059FA7A
                                                                                • Part of subcall function 0059FA30: _setlocale.LIBCMT ref: 0059FAB5
                                                                              • _vswprintf_s.LIBCMT ref: 0059FCF9
                                                                                • Part of subcall function 0049E6F0: __vsnprintf_l.LIBCMT ref: 0049E703
                                                                              • Concurrency::details::_NonReentrantPPLLock::_Acquire.LIBCMTD ref: 0059FD0A
                                                                              • Concurrency::details::_NonReentrantPPLLock::_Acquire.LIBCMTD ref: 0059FD1C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AcquireConcurrency::details::_Lock::_Reentrant_setlocale$AllocatorDebugHeap__vsnprintf_l_vswprintf_s
                                                                              • String ID:
                                                                              • API String ID: 837339208-0
                                                                              • Opcode ID: 1ce91f962055b213cea3844a64f2ca64784ffd2b2185b0352e05b16d23966122
                                                                              • Instruction ID: 935a0131e62cfd675fa4595372b32fef35cd73f8f91b795622b4e1bcae14cc69
                                                                              • Opcode Fuzzy Hash: 1ce91f962055b213cea3844a64f2ca64784ffd2b2185b0352e05b16d23966122
                                                                              • Instruction Fuzzy Hash: 09414A71910148EBCB08EF99D991BEEBBB4FF58304F208159F411A72A1DB746E08CBA1
                                                                              Function 00699230 Relevance: 6.1, APIs: 4, Instructions: 106timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 006990D0: codecvt.LIBCPMTD ref: 006990F3
                                                                              • _Smanip.LIBCPMTD ref: 006992AD
                                                                              • _Smanip.LIBCPMTD ref: 006992EC
                                                                              • SetCapture.USER32(?,006429BE,?,?,?,00000000), ref: 0069933F
                                                                              • SetTimer.USER32(?,00000002,00000014,00000000), ref: 00699352
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Smanip$CaptureTimercodecvt
                                                                              • String ID:
                                                                              • API String ID: 1114434697-0
                                                                              • Opcode ID: 0798e7f86c68bc7cf5897b18b5c52c239f41b0c8a1273f3afdd42f840e128f82
                                                                              • Instruction ID: 41328e2a093d191513b112fc734b79decf246455dda1bc0c5ccf47ae52090879
                                                                              • Opcode Fuzzy Hash: 0798e7f86c68bc7cf5897b18b5c52c239f41b0c8a1273f3afdd42f840e128f82
                                                                              • Instruction Fuzzy Hash: F3411B75600209AFCB04DF58D895EAABBB6BF88304F14815CF9498F3A1CB31ED51CB90
                                                                              Function 004B0D86 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004B0DBA
                                                                              • __isleadbyte_l.LIBCMT ref: 004B0DEE
                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,?,00000000,00000000,?,?,?,?,00000002,00000000), ref: 004B0E1F
                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,?,?,?,00000002,00000000), ref: 004B0E8D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                              • String ID:
                                                                              • API String ID: 3058430110-0
                                                                              • Opcode ID: 805b025d0c7db3c315076d6f530ed548587af7911887b7ffeff2498246d68583
                                                                              • Instruction ID: 6f883fc22eab32f52ac280f9a6c7b53aba1bd96666d0770e6a7795beb7c7be99
                                                                              • Opcode Fuzzy Hash: 805b025d0c7db3c315076d6f530ed548587af7911887b7ffeff2498246d68583
                                                                              • Instruction Fuzzy Hash: D931A031A00245EFDF20DFA4C884AFF7BA9AF01312F14896AE4619B2D1D734ED41DB65
                                                                              Function 00546BE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: 13f7244f2bf2a627b22da168077cabb738afd12a0eef2b504f6b3183f5192ed7
                                                                              • Instruction ID: 595fc08cf3d7387b48e922dabe8f55a6e40d66bde3c324c87815a9e98c5c9670
                                                                              • Opcode Fuzzy Hash: 13f7244f2bf2a627b22da168077cabb738afd12a0eef2b504f6b3183f5192ed7
                                                                              • Instruction Fuzzy Hash: 35414DB4D04249EBDB00DF94C995BFEBBB1BF41308F2480A8D4853B382D6766E00DB66
                                                                              Function 00604A30 Relevance: 6.1, APIs: 4, Instructions: 85COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNEL32(?,00000000), ref: 00604A4C
                                                                              • DeleteCriticalSection.KERNEL32(-00000004,00000000), ref: 00604A62
                                                                              • DeleteCriticalSection.KERNEL32(-0000001C), ref: 00604A6F
                                                                              • DeleteCriticalSection.KERNEL32(-00000034), ref: 00604A7C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalDeleteSection$CloseHandle
                                                                              • String ID:
                                                                              • API String ID: 2895339012-0
                                                                              • Opcode ID: 9c52e8f3b83f1e103f4d3c00404e13cc16282fed5eb33b5546b29df8671c9180
                                                                              • Instruction ID: e8da24dbb4882203063350adb0d30384011b3111eb544fc1434b4aacb130fcfe
                                                                              • Opcode Fuzzy Hash: 9c52e8f3b83f1e103f4d3c00404e13cc16282fed5eb33b5546b29df8671c9180
                                                                              • Instruction Fuzzy Hash: 5E312FB4600204EFCB18DF54C888BAE3772BF44359F1481A8EA594F385DB35EA82CF90
                                                                              Function 005AE340 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 005AE39B
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 005AE3E7
                                                                                • Part of subcall function 005AE140: Mailbox.LIBCMTD ref: 005AE199
                                                                                • Part of subcall function 005AE140: Mailbox.LIBCMTD ref: 005AE1B5
                                                                                • Part of subcall function 005AE140: Mailbox.LIBCMTD ref: 005AE1CE
                                                                                • Part of subcall function 005AE140: _DebugHeapAllocator.LIBCPMTD ref: 005AE1E2
                                                                                • Part of subcall function 005AE140: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005AE249
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005AE41C
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 005AE437
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeapMailbox
                                                                              • String ID:
                                                                              • API String ID: 83584444-0
                                                                              • Opcode ID: af5816cf82fbdc763bea3c19263b6a849bf05b6f6ee6f84bf2934cbb6280df58
                                                                              • Instruction ID: d8d51b6c88ed0fd83bf346bca8dfe076ca971ddc5b44d20d99fc3887e1c0be75
                                                                              • Opcode Fuzzy Hash: af5816cf82fbdc763bea3c19263b6a849bf05b6f6ee6f84bf2934cbb6280df58
                                                                              • Instruction Fuzzy Hash: FF3164709042599BCF04EBA5CD56BEEBBB4BF18304F04416EE012B72C2DF385A04DBA9
                                                                              Function 005F6140 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldiv
                                                                              • String ID:
                                                                              • API String ID: 3732870572-0
                                                                              • Opcode ID: 026c641e02a02625fa4f4fa1af9f4adc0fec83d57c2feb6c07b8b77b32771154
                                                                              • Instruction ID: 07b90f7e35da3b341bbc22ca0d53e34199e9e5f19493c66100d293281c42aa3b
                                                                              • Opcode Fuzzy Hash: 026c641e02a02625fa4f4fa1af9f4adc0fec83d57c2feb6c07b8b77b32771154
                                                                              • Instruction Fuzzy Hash: 84217AB1A10309AFEB14DF14CC97F9E7BA5FB44700F248568F914AF285D678FA508B98
                                                                              Function 00412280 Relevance: 6.1, APIs: 4, Instructions: 71memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,00000000,00000000,00000000,00000000), ref: 004122C2
                                                                              • SysAllocStringLen.OLEAUT32(00000000,000000FF), ref: 004122E6
                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,00000000,000000FF,00000000,?), ref: 0041230B
                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00412320
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiStringWide$AllocFree
                                                                              • String ID:
                                                                              • API String ID: 447844807-0
                                                                              • Opcode ID: 9d55241f5cf34d210d5273e9f0e3329d94a724e580e4616e6189113f1a45f272
                                                                              • Instruction ID: 366b3b24f40b239c2c98f02864540b6858881d0c41e4d8128b90036c9cf7fc29
                                                                              • Opcode Fuzzy Hash: 9d55241f5cf34d210d5273e9f0e3329d94a724e580e4616e6189113f1a45f272
                                                                              • Instruction Fuzzy Hash: 6121E875D00218AFCF04DFE4C959BEEB7B5BB48314F00815AE925A7290D7786981CFA4
                                                                              Function 0063ADA0 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FocusSmanip
                                                                              • String ID:
                                                                              • API String ID: 3877227429-0
                                                                              • Opcode ID: 0dcb183589ae49b76765bf54d8af0d00a3aab3b9170c3a320e4e17237e866155
                                                                              • Instruction ID: eb25685c54e843f49a7e70d237a2cca22c0fa72bb2a17b688615d73ff9bfa2a8
                                                                              • Opcode Fuzzy Hash: 0dcb183589ae49b76765bf54d8af0d00a3aab3b9170c3a320e4e17237e866155
                                                                              • Instruction Fuzzy Hash: AE21F878600209AFC704DF54C888EEA77A6BF48304F14C5A9F9494F362DB31E942DBD1
                                                                              Function 006387C0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,0000000B,00000000,00000000), ref: 006387E9
                                                                              • SendMessageW.USER32(00000000,00001101,00000000,FFFF0000), ref: 00638805
                                                                              • SendMessageW.USER32(00000000,0000000B,00000001,00000000), ref: 0063881B
                                                                              • RedrawWindow.USER32(00000000,00000000,00000000,00000485,?,00640193,00000003,?,?,?,?,00000001), ref: 00638834
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$RedrawWindow
                                                                              • String ID:
                                                                              • API String ID: 648961319-0
                                                                              • Opcode ID: 5a2b390740174104a75b364e7f170064238571666ee341f2b983f56c8a576945
                                                                              • Instruction ID: 251bc51421cff78baab22dc87dd00d42aa1cd222df3d6b834c816431e4c6127e
                                                                              • Opcode Fuzzy Hash: 5a2b390740174104a75b364e7f170064238571666ee341f2b983f56c8a576945
                                                                              • Instruction Fuzzy Hash: 3221E774741304BFEB04CF54C899FE97BB2AB49704F2481A8FA495F391CA75AA81CF94
                                                                              Function 0046B9FB Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 0046BA02
                                                                                • Part of subcall function 0046B924: _malloc.LIBCMT ref: 0046B942
                                                                              • __CxxThrowException@8.LIBCMT ref: 0046BA38
                                                                              • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 0046BA62
                                                                              • LocalFree.KERNEL32(8007000E,8007000E), ref: 0046BA8A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc
                                                                              • String ID:
                                                                              • API String ID: 1776251131-0
                                                                              • Opcode ID: bbe9cdb37e670f42f783f83d0e15fc419078cf2919c5737599bf3a5fba6ddc7e
                                                                              • Instruction ID: 3ef05eb06aff7b61ad96a1b7f18c8375c65ca2154f57b9dc7b8f650761cecc80
                                                                              • Opcode Fuzzy Hash: bbe9cdb37e670f42f783f83d0e15fc419078cf2919c5737599bf3a5fba6ddc7e
                                                                              • Instruction Fuzzy Hash: 191106B0614209AFDF04DFA4CC05EBE3BB5EF44314F24852AF518CA290E7318A90CB95
                                                                              Function 00422D80 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __floor_pentium4.LIBCMT ref: 00422D9F
                                                                              • __floor_pentium4.LIBCMT ref: 00422DC4
                                                                                • Part of subcall function 00495D90: ___libm_error_support.LIBCMT ref: 00495E45
                                                                              • __floor_pentium4.LIBCMT ref: 00422DE4
                                                                              • __floor_pentium4.LIBCMT ref: 00422E03
                                                                                • Part of subcall function 00494530: ___libm_error_support.LIBCMT ref: 004945E5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __floor_pentium4$___libm_error_support
                                                                              • String ID:
                                                                              • API String ID: 190838090-0
                                                                              • Opcode ID: 1a8a807e1418ea47494d42e5feb7058985a6c0687ce17412ee7488d06d97d053
                                                                              • Instruction ID: 304bc38014c264cdf50dcb474cb46e182a6e872b36d6299a68e8ae1625eee581
                                                                              • Opcode Fuzzy Hash: 1a8a807e1418ea47494d42e5feb7058985a6c0687ce17412ee7488d06d97d053
                                                                              • Instruction Fuzzy Hash: EF117371804508D7CB00FFADF94A85DBB74EF99305F6041ADE4889620AEE315E38D3AA
                                                                              Function 0060AFC0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0060AFDF
                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 0060AFF6
                                                                              • MulDiv.KERNEL32(?,00000000), ref: 0060B001
                                                                              • CreateFontIndirectW.GDI32(00000000), ref: 0060B057
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CapsCreateDeviceFontIndirect_memset
                                                                              • String ID:
                                                                              • API String ID: 3484123262-0
                                                                              • Opcode ID: c8efa356de21781f5cd3cf2f90df455d9a7ad85ab083c4910e24b645f2fec454
                                                                              • Instruction ID: 929fd787109f7dd8b865d58e49401600b6e6de432c9ac1f185fd248c9f84e1be
                                                                              • Opcode Fuzzy Hash: c8efa356de21781f5cd3cf2f90df455d9a7ad85ab083c4910e24b645f2fec454
                                                                              • Instruction Fuzzy Hash: 8E1128B0904388DAEB10DFE4CC5ABDEBFB4AB15308F544158E509AF2C6D7BA5508CBA5
                                                                              Function 00696CC0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceW.KERNEL32(00000000,00697396,00000005,?,?,?,00697396,00698270,00698270,00000000,00000000,1.5.3.0), ref: 00696CCF
                                                                              • LoadResource.KERNEL32(00000000,00698270,?,?,?,00697396,00698270,00698270,00000000,00000000,1.5.3.0), ref: 00696CDE
                                                                              • LockResource.KERNEL32(00697396,?,?,?,00697396,00698270,00698270,00000000,00000000,1.5.3.0), ref: 00696CEB
                                                                              • SizeofResource.KERNEL32(00000000,00698270,?,?,?,00697396,00698270,00698270,00000000,00000000,1.5.3.0), ref: 00696CFA
                                                                                • Part of subcall function 00417F40: _malloc.LIBCMT ref: 00417F48
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindLoadLockSizeof_malloc
                                                                              • String ID:
                                                                              • API String ID: 2531839315-0
                                                                              • Opcode ID: 14bcb49209c979a71fd0a63a2b3e471785c7dd7459f240c4b9a0208d148d2930
                                                                              • Instruction ID: d22aa7e1f9f71b46b30ec950652dc98fc33e482296f36e88e90bd5fdb18fc056
                                                                              • Opcode Fuzzy Hash: 14bcb49209c979a71fd0a63a2b3e471785c7dd7459f240c4b9a0208d148d2930
                                                                              • Instruction Fuzzy Hash: 36111C74E00208EFDB04DF94D845FAEB7B5FB48305F10C199E919A7384D7319A42CB60
                                                                              Function 0046BBE0 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __CxxThrowException@8.LIBCMT ref: 0046BC12
                                                                              • __CxxThrowException@8.LIBCMT ref: 0046BBF6
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              • __CxxThrowException@8.LIBCMT ref: 0046BC2E
                                                                              • __EH_prolog3.LIBCMT ref: 0046BC3B
                                                                                • Part of subcall function 00480ACF: LocalAlloc.KERNEL32(00000040,8007000E,?,0046BC4A,00000164,00000004,00000050,0095E8A8,?,?,00412A26,?,?,0046B9DE,00000000,8007000E), ref: 00480AD9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8Throw$AllocExceptionH_prolog3LocalRaise
                                                                              • String ID:
                                                                              • API String ID: 793778368-0
                                                                              • Opcode ID: 30f5b004d74b1517c6861a85e140f5315e9f1cdfa4e1cadffab54524928f5402
                                                                              • Instruction ID: 51544f7ab99f347dcd5dc4d5819f3046abbf4c2efd87efe524d7bce1f286432c
                                                                              • Opcode Fuzzy Hash: 30f5b004d74b1517c6861a85e140f5315e9f1cdfa4e1cadffab54524928f5402
                                                                              • Instruction Fuzzy Hash: 10F0F9B151430CBB8F18FBD7880AD9E7AECDB84708F6044BAB218D3201EAB55F048366
                                                                              Function 00494D0C Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 00494D18
                                                                                • Part of subcall function 0049A071: __getptd_noexit.LIBCMT ref: 0049A074
                                                                                • Part of subcall function 0049A071: __amsg_exit.LIBCMT ref: 0049A081
                                                                              • __getptd.LIBCMT ref: 00494D2F
                                                                              • __amsg_exit.LIBCMT ref: 00494D3D
                                                                              • __lock.LIBCMT ref: 00494D4D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 3521780317-0
                                                                              • Opcode ID: 924ac86f30708106ea686c443b09e590300ca9ff6e58922638536f25be71a8e9
                                                                              • Instruction ID: 79b7d13183e1e80d4b33ae31ce9022672ae14b1188b75e54a5488aa5c25491b7
                                                                              • Opcode Fuzzy Hash: 924ac86f30708106ea686c443b09e590300ca9ff6e58922638536f25be71a8e9
                                                                              • Instruction Fuzzy Hash: 4AF090369447008EDF20FB75C402B597AA0AF80729F01463FE410AB3E2CB3C99439B9E
                                                                              Function 00638100 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetClassLongW.USER32(FFDDABCF,000000F4,?), ref: 00638122
                                                                              • HideCaret.USER32(00000000), ref: 0063812A
                                                                              • SetClassLongW.USER32(FFDDABCF,000000F4,?), ref: 00638142
                                                                              • ShowCaret.USER32(00000000), ref: 0063814A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CaretClassLong$HideShow
                                                                              • String ID:
                                                                              • API String ID: 2873878638-0
                                                                              • Opcode ID: f634d216772672ea4e55b6cc7cab1fb566ccb2284aa6380849635cbcbaff211c
                                                                              • Instruction ID: 7fe82d70ba38739cfe407303d0014940e15b885451f1b80d91990b8622d72c12
                                                                              • Opcode Fuzzy Hash: f634d216772672ea4e55b6cc7cab1fb566ccb2284aa6380849635cbcbaff211c
                                                                              • Instruction Fuzzy Hash: 80F01275104245AFEF04EF95DC8DE66776AAB44355F104244F5158B2E0CB74EC41CBA1
                                                                              Function 0058B900 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 418COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CMT$t
                                                                              • API String ID: 0-2100987787
                                                                              • Opcode ID: b9919c1b5a3509fadf9edb68102a6fc6d5849006e4ffc1f162f2ae9ed2326013
                                                                              • Instruction ID: 3aa3ab6638c1992d0d5eb9779a4b9f0d197d0072525139bc9adf4eb92a66ff15
                                                                              • Opcode Fuzzy Hash: b9919c1b5a3509fadf9edb68102a6fc6d5849006e4ffc1f162f2ae9ed2326013
                                                                              • Instruction Fuzzy Hash: BE027030E0435D8BDB09DF94C899AFEBBB6BF45305F184269E849AF286D735AC41CB50
                                                                              Function 0058C120 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 398COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CMT
                                                                              • API String ID: 0-2756464174
                                                                              • Opcode ID: 71cc1e34861b103707968116dbd4697aa289c772d8f4183fdfed436c24fcd65a
                                                                              • Instruction ID: c14e92806f6859ab35ee63f7802ceb54ace7633e6e493caf4306fbf0482b9995
                                                                              • Opcode Fuzzy Hash: 71cc1e34861b103707968116dbd4697aa289c772d8f4183fdfed436c24fcd65a
                                                                              • Instruction Fuzzy Hash: 4002A3B09041299ACB14EB55CC55EFEBBB1FF41304F1442EDE44A6B282DF365A81DF64
                                                                              Function 006372A0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 223COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Smanip
                                                                              • String ID: Izc$Izc
                                                                              • API String ID: 2140389272-1772413782
                                                                              • Opcode ID: dd6f1da93665fd85a06f273d797e0166471e9553565f6ccea17c9cf596a0673f
                                                                              • Instruction ID: a316e452ca2597758e6a70ba77adae971a79a03e59fac9a0d28ec7ff80b965f9
                                                                              • Opcode Fuzzy Hash: dd6f1da93665fd85a06f273d797e0166471e9553565f6ccea17c9cf596a0673f
                                                                              • Instruction Fuzzy Hash: 05913B75A10208DFCB08DF94D995EDDBBB2FF88300F108299E5496B3A1DB30A985CF94
                                                                              Function 006135F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 214COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __floor_pentium4
                                                                              • String ID: a<a
                                                                              • API String ID: 4168288129-4279390260
                                                                              • Opcode ID: b185baf1cf854faaa374cf9e3236cfa910edf58d4f5a16a0378c47b9ecb4e196
                                                                              • Instruction ID: 1905b634f39f6533308c2401ed8394fbebecd4da053ad5931eabadebebd69802
                                                                              • Opcode Fuzzy Hash: b185baf1cf854faaa374cf9e3236cfa910edf58d4f5a16a0378c47b9ecb4e196
                                                                              • Instruction Fuzzy Hash: 3BA17774E00119DFCB14CF58C591AAEBBB2FF88304F248599D91AAB355DB31AD82CF94
                                                                              Function 0069B430 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: __rar_
                                                                              • API String ID: 176396367-2561138058
                                                                              • Opcode ID: f153f099a24f77f9dc24fe16b897cb8f9baff6340db007d1b9d965802e3a61a8
                                                                              • Instruction ID: 03f5c1e7f35d0a6d35adb2bb8c569ce078614abe856e61bd3cb5bc6ed744e8b9
                                                                              • Opcode Fuzzy Hash: f153f099a24f77f9dc24fe16b897cb8f9baff6340db007d1b9d965802e3a61a8
                                                                              • Instruction Fuzzy Hash: 6161F7B6900219A7CF24DFA4ED41AFE73BEAF45300F0441A9F90996241E734EB45DBA1
                                                                              Function 00615C70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00419420: EnterCriticalSection.KERNEL32(?,<_a,?,0061474A,?,?,?,00615F3C), ref: 00419435
                                                                              • codecvt.LIBCPMTD ref: 00615E78
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterSectioncodecvt
                                                                              • String ID: q`a$q`a
                                                                              • API String ID: 1456154486-1593726241
                                                                              • Opcode ID: 724a6d9c26fc46c7fdef7241da2b4c6349f83101d15a1f903596637b3ff854b6
                                                                              • Instruction ID: f9d291987c4c618f0bc0feb15c7c60358f60556a8d121d962b0fdc158a6b9bfd
                                                                              • Opcode Fuzzy Hash: 724a6d9c26fc46c7fdef7241da2b4c6349f83101d15a1f903596637b3ff854b6
                                                                              • Instruction Fuzzy Hash: 9B91AA74A01618DFCB04DF98D894AEEB7B2FF88314F148169E80A9B355D771AD82CB84
                                                                              Function 0069B1E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CharUpper
                                                                              • String ID: ?$CX
                                                                              • API String ID: 9403516-887918092
                                                                              • Opcode ID: d41cb08f8bdc4fa566f86221d8750b0dda77f0c39b36fa85c2efbc7b097f4904
                                                                              • Instruction ID: cc937f57096892b9f21bea5673640f5e352031fc35e8c6ac2e0b79f6574378e5
                                                                              • Opcode Fuzzy Hash: d41cb08f8bdc4fa566f86221d8750b0dda77f0c39b36fa85c2efbc7b097f4904
                                                                              • Instruction Fuzzy Hash: 6E5107709082996BCF15CF61E5A16FE7FBB9F42305F18908AE8558A742D339CB41CB91
                                                                              Function 0062F790 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadImageW.USER32(00000000,00000000,00000000,00000000,00000000,00000010), ref: 0062F7DB
                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0062F7FB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ImageLoadObject
                                                                              • String ID: .bmp
                                                                              • API String ID: 2222342736-2863430793
                                                                              • Opcode ID: 7afd982300141d8f1c196caa3eda6749f62373af1cdbe413a2468c5e02706fbe
                                                                              • Instruction ID: 0c3559e3ffb729d91ecc0deb8a1adf90f70a8be75256ccbd1b356c7894c77917
                                                                              • Opcode Fuzzy Hash: 7afd982300141d8f1c196caa3eda6749f62373af1cdbe413a2468c5e02706fbe
                                                                              • Instruction Fuzzy Hash: 875125B0E00219ABDB14DFA4E885BEEB7B5BF48304F104129E526AB291DB786945CF54
                                                                              Function 004632F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 005160E1: std::_Lockit::_Lockit.LIBCPMT ref: 005160ED
                                                                              • std::exception::exception.LIBCMT ref: 0046331F
                                                                              • __CxxThrowException@8.LIBCMT ref: 00463336
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8LockitLockit::_Throwstd::_std::exception::exception
                                                                              • String ID: l"m
                                                                              • API String ID: 1717224554-708685971
                                                                              • Opcode ID: 82613dd2cce1ab0bd5463681f59d5dc160e7ff0ccc27d693145b0cf1f2a1b1c6
                                                                              • Instruction ID: b9dc90b44f6dadabc0160ae4687f553381dbcf0daf46408fd39f0f12024332c8
                                                                              • Opcode Fuzzy Hash: 82613dd2cce1ab0bd5463681f59d5dc160e7ff0ccc27d693145b0cf1f2a1b1c6
                                                                              • Instruction Fuzzy Hash: 77412773E082A01BD300EB29C845B6FBBA5AFC1305F45456FFC4657281EA39DD0887A6
                                                                              Function 0060B710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MonitorFromRect.USER32(00000000,?), ref: 0060B754
                                                                              • GetMonitorInfoW.USER32(00000000), ref: 0060B75B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Monitor$FromInfoRect
                                                                              • String ID: (
                                                                              • API String ID: 3340334735-3887548279
                                                                              • Opcode ID: 3bdd33ce9d039c71d5e6fd1b0004668ca83a07bf2b8ce1a4479d3345dc9b1f6e
                                                                              • Instruction ID: b224f095ae87cb0f63dabf7a4f815dc4bc0673de58297f2f68a9671f22530e5c
                                                                              • Opcode Fuzzy Hash: 3bdd33ce9d039c71d5e6fd1b0004668ca83a07bf2b8ce1a4479d3345dc9b1f6e
                                                                              • Instruction Fuzzy Hash: FA510970A0010AEFCF08DFA9D991AEEBBB6FF44304F14C559E815A7281D730AA55CB94
                                                                              Function 00552900 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DNameNode::DNameNode.LIBCMTD ref: 0055290C
                                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00552924
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Name$AllocatorDebugHeapNodeNode::
                                                                              • String ID: +U
                                                                              • API String ID: 1420745422-2860369888
                                                                              • Opcode ID: 0f4a1a9f2fa10c51628b0ee4c738dc5b6329a9bea042b8b4e4e54408404bd0f3
                                                                              • Instruction ID: bbd509b2630069be348b54e9446c89f1b437f7d3368ec7501a86bc2cde7b0668
                                                                              • Opcode Fuzzy Hash: 0f4a1a9f2fa10c51628b0ee4c738dc5b6329a9bea042b8b4e4e54408404bd0f3
                                                                              • Instruction Fuzzy Hash: F7515B74D0424ADBCB04CF98C4A1BBEBFB1FF59305F14819AD9416B386C7349A89DB94
                                                                              Function 00679A30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __locking.LIBCMT ref: 00679AAE
                                                                              • _strerror.LIBCMT ref: 00679ACF
                                                                                • Part of subcall function 006798E0: _malloc.LIBCMT ref: 006798F6
                                                                                • Part of subcall function 006798E0: _malloc.LIBCMT ref: 0067990B
                                                                              Strings
                                                                              • internal error: deflate stream corrupt, xrefs: 00679B3D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _malloc$__locking_strerror
                                                                              • String ID: internal error: deflate stream corrupt
                                                                              • API String ID: 501765333-3609297558
                                                                              • Opcode ID: c493df454daab04fefd94e18d99373594ca5e10c861cd857acd742b674df6dd8
                                                                              • Instruction ID: 5847a021a6072f229a7a4ac57fdb55cb08c4218598628db5057cc0cca9e1bccf
                                                                              • Opcode Fuzzy Hash: c493df454daab04fefd94e18d99373594ca5e10c861cd857acd742b674df6dd8
                                                                              • Instruction Fuzzy Hash: 27411375A00208EFCB14DFA8D48599D7BB6BF44324F20C799E8299B385D735EA81CF91
                                                                              Function 006236A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowExW.USER32(00000000,00000000,SUMATRA_PDF_FRAME,00000000), ref: 00623769
                                                                              • PostMessageW.USER32(00000000,00000401,00000000,00000000), ref: 00623785
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: FindMessagePostWindow
                                                                              • String ID: SUMATRA_PDF_FRAME
                                                                              • API String ID: 2578315405-1334026442
                                                                              • Opcode ID: 63b2578d3f171da9f608f09509f06e12efededb2d597855d672bece3dcd1e12e
                                                                              • Instruction ID: 6b97809bcebfb464f0941e5034b5fb3ea98f2decdd3d944eb8dbd6b4000d23c5
                                                                              • Opcode Fuzzy Hash: 63b2578d3f171da9f608f09509f06e12efededb2d597855d672bece3dcd1e12e
                                                                              • Instruction Fuzzy Hash: 1431BFB0E08669ABDB14DFA4E806BBEBB79EF41304F10415DE512673C1DB795600CFA9
                                                                              Function 00597040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DNameNode::DNameNode.LIBCMTD ref: 0059706B
                                                                              • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 0059711B
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                              Strings
                                                                              • .\ext\libdjvu\DjVuPort.cpp, xrefs: 005970C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Name$Concurrency::cancellation_token_source::~cancellation_token_sourceException@8NodeNode::Throw_abort_strlen
                                                                              • String ID: .\ext\libdjvu\DjVuPort.cpp
                                                                              • API String ID: 3817357507-1353142256
                                                                              • Opcode ID: 0c69bcb325be362af8415d1a22d0865e7a31cb3d6b0831c619e2ca58463557d1
                                                                              • Instruction ID: 7a88b75bf4153e181a7aa887120d7116d482c4965865ec9df5500567c7a43581
                                                                              • Opcode Fuzzy Hash: 0c69bcb325be362af8415d1a22d0865e7a31cb3d6b0831c619e2ca58463557d1
                                                                              • Instruction Fuzzy Hash: DE311870D04209EBCF08DB95D956BEEBBB4FF48308F10415AF426B7291DB786A05CB65
                                                                              Function 004604A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00460523
                                                                              • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0046053F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Mutex_baseMutex_base::~_std::_
                                                                              • String ID: 0
                                                                              • API String ID: 3966282785-4108050209
                                                                              • Opcode ID: 1ba6004acdf8aaa37f3eeffc71859f76cdd2cddfdb31c5569a09e984aa1facc4
                                                                              • Instruction ID: 5cd1ab2eadb242a0805addf25d4289c6ff19ff48867e9057b1d1f66c22fe533e
                                                                              • Opcode Fuzzy Hash: 1ba6004acdf8aaa37f3eeffc71859f76cdd2cddfdb31c5569a09e984aa1facc4
                                                                              • Instruction Fuzzy Hash: CF2181722083409FC714EF25C855A5FB7E9AFC9718F40092FF55697292DB38E8088B96
                                                                              Function 00611BC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • Authorization: Basic %s, xrefs: 00611C5B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _sprintf_strlen
                                                                              • String ID: Authorization: Basic %s
                                                                              • API String ID: 3493289842-2852888657
                                                                              • Opcode ID: 0836a399cf0cd818874d16826d3b99ddaf5d866cd9631ef881fa21d4af912b9c
                                                                              • Instruction ID: 4524fca14f267365897690e9ca092788eb7d4a858dfc6915bd3b3bc875ec073a
                                                                              • Opcode Fuzzy Hash: 0836a399cf0cd818874d16826d3b99ddaf5d866cd9631ef881fa21d4af912b9c
                                                                              • Instruction Fuzzy Hash: CE21A4B5D051189BCF28EFA1DC41AEE7779EB48304F0840FEA50D96245F638AB88CF95
                                                                              Function 0069F760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __close__open
                                                                              • String ID: {Ii
                                                                              • API String ID: 3618140344-2989519635
                                                                              • Opcode ID: d0c6fbf9d144316832fba11cf6079d6629f8df2fee54ae098808788b74fec2de
                                                                              • Instruction ID: acf7675cbc0c3738e7a6848ff59ef0a567e54c926e6622750c7b4d2b0e6b3817
                                                                              • Opcode Fuzzy Hash: d0c6fbf9d144316832fba11cf6079d6629f8df2fee54ae098808788b74fec2de
                                                                              • Instruction Fuzzy Hash: 6921A5B6E00209ABDF00DFE0DC42BAE77B5AB04709F108539F904DB281E67ADB0487A1
                                                                              Function 0040B9B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _strncmp.LIBCMT ref: 0040BA0B
                                                                                • Part of subcall function 004919BA: type_info::_Name_base.LIBCMT ref: 004919C3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Name_base_strncmptype_info::_
                                                                              • String ID: 8l$ThisObject:
                                                                              • API String ID: 1177159373-206651582
                                                                              • Opcode ID: ba77274e8b81adbd4f626eff258c73123bdd388f66fdd10d904b75f5aba6ca04
                                                                              • Instruction ID: 83a4cc793ab28a75c94425c7ecb830db775b6b80c515d9bf0814031172fe6511
                                                                              • Opcode Fuzzy Hash: ba77274e8b81adbd4f626eff258c73123bdd388f66fdd10d904b75f5aba6ca04
                                                                              • Instruction Fuzzy Hash: 9B219974740204EBCB08EBA5C951E6FB7F5AF84708B1481ADF905AB382DB34EE00D798
                                                                              Function 005C0BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00497F0B: __getptd_noexit.LIBCMT ref: 00497F0B
                                                                              • _strerror.LIBCMT ref: 005C0C2B
                                                                                • Part of subcall function 0050F017: __getptd_noexit.LIBCMT ref: 0050F01E
                                                                                • Part of subcall function 00594130: _strlen.LIBCMT ref: 0059417B
                                                                                • Part of subcall function 00594280: _abort.LIBCMT ref: 0059428F
                                                                                • Part of subcall function 00594280: __CxxThrowException@8.LIBCMT ref: 005942A9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __getptd_noexit$Exception@8Throw_abort_strerror_strlen
                                                                              • String ID: .\ext\libdjvu\ByteStream.cpp$xxY
                                                                              • API String ID: 466789114-3751081619
                                                                              • Opcode ID: 7750999529a90283d4d9af9cf4d241a738db7bbf7fc9ec01e238903a3553bf57
                                                                              • Instruction ID: 1f74cdbf18f4e1618c7c0b10964de9863411d5b7bcb74bbdf11b2f23cbda3bec
                                                                              • Opcode Fuzzy Hash: 7750999529a90283d4d9af9cf4d241a738db7bbf7fc9ec01e238903a3553bf57
                                                                              • Instruction Fuzzy Hash: 43118EB1D44249ABCB14DF98EC46FAEBB74FB48710F104629F411A73C1E7356A04CB54
                                                                              Function 004437D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __CxxThrowException@8.LIBCMT ref: 00443885
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionException@8RaiseThrow
                                                                              • String ID: 8l$: missing required parameter '
                                                                              • API String ID: 3976011213-2525369857
                                                                              • Opcode ID: af14c1bc3ab70f067aefee9872ef722a08a439821c48f2e85181aaf346770bc2
                                                                              • Instruction ID: c4e4d1746ccdd71b2e4d8543816d1fd55975cb94c52f112913fae3a17819476c
                                                                              • Opcode Fuzzy Hash: af14c1bc3ab70f067aefee9872ef722a08a439821c48f2e85181aaf346770bc2
                                                                              • Instruction Fuzzy Hash: 7511467114C740AEE325DB55CC51F9B77E8AB95718F004D1DF19953281DB78A1048767
                                                                              Function 0044C040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 005160E1: std::_Lockit::_Lockit.LIBCPMT ref: 005160ED
                                                                              • std::exception::exception.LIBCMT ref: 0044C098
                                                                              • __CxxThrowException@8.LIBCMT ref: 0044C0AF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8LockitLockit::_Throwstd::_std::exception::exception
                                                                              • String ID: l"m
                                                                              • API String ID: 1717224554-708685971
                                                                              • Opcode ID: 4f8f96724b4c16b9bae6f47ab6e65eb882fd48f1f7d1dd150ca565ad994db0e3
                                                                              • Instruction ID: 7c5612d341e852cbab52abadc718caaca7916d5e48e727e0c654c81a21a453f1
                                                                              • Opcode Fuzzy Hash: 4f8f96724b4c16b9bae6f47ab6e65eb882fd48f1f7d1dd150ca565ad994db0e3
                                                                              • Instruction Fuzzy Hash: 8CF07DB2E0530122FA20B7656C47BEF29445BC0B14F08043AFD09902C1FB9AD68C81EB
                                                                              Function 00553270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00497F0B: __getptd_noexit.LIBCMT ref: 00497F0B
                                                                              • _strerror.LIBCMT ref: 005532B3
                                                                                • Part of subcall function 0050F017: __getptd_noexit.LIBCMT ref: 0050F01E
                                                                              • task.LIBCPMTD ref: 005532E2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __getptd_noexit$_strerrortask
                                                                              • String ID: %s (errno = %d)
                                                                              • API String ID: 513564718-1638112621
                                                                              • Opcode ID: 21177934293569e979ba44425ba9991b77e46e22ac940b0d8aca8fbc882b4ab5
                                                                              • Instruction ID: 6e887139864a4fca544dd632c22f44d3290dd5e88d31bce0cafddaf2c2b4c192
                                                                              • Opcode Fuzzy Hash: 21177934293569e979ba44425ba9991b77e46e22ac940b0d8aca8fbc882b4ab5
                                                                              • Instruction Fuzzy Hash: 47117CB1D041099BDB04EFA4D846BEEBBB8FF84304F004569F51597381EB38AA05CB91
                                                                              Function 00402080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::bad_exception::bad_exception.LIBCMTD ref: 004020DF
                                                                              • __CxxThrowException@8.LIBCMT ref: 004020ED
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              Strings
                                                                              • CryptoMaterial: this object contains invalid values, xrefs: 004020C4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exception
                                                                              • String ID: CryptoMaterial: this object contains invalid values
                                                                              • API String ID: 1843230569-887990677
                                                                              • Opcode ID: 63f8958e44e644c8102ce6f1ccd166000d97be1560c25c0f5c043290ca9b1264
                                                                              • Instruction ID: e739f2f24257bd8856c75d742cbacf4f35d01103b19a93e888c3efac5193631a
                                                                              • Opcode Fuzzy Hash: 63f8958e44e644c8102ce6f1ccd166000d97be1560c25c0f5c043290ca9b1264
                                                                              • Instruction Fuzzy Hash: 04116571904208ABCB04DFD5DD81F9EB7B4FB48714F508269F515AB3D4DB38A908CB54
                                                                              Function 00694AD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0046B924: _malloc.LIBCMT ref: 0046B942
                                                                              • _AnonymousOriginator.LIBCPMTD ref: 00694AEC
                                                                                • Part of subcall function 00426250: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0042625A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ProcessorVirtual$AnonymousConcurrency::OriginatorRootRoot::_malloc
                                                                              • String ID: PhA$PhA
                                                                              • API String ID: 1146170399-3500035191
                                                                              • Opcode ID: 9ec82117971eb480dc06e6215958e3cd8667b1ab29a8110b0e91dcd47a5ab90b
                                                                              • Instruction ID: 20acdb0262676be12b0ccaa29b82c2e7b5c1a06199ea3a94b9f719545c326508
                                                                              • Opcode Fuzzy Hash: 9ec82117971eb480dc06e6215958e3cd8667b1ab29a8110b0e91dcd47a5ab90b
                                                                              • Instruction Fuzzy Hash: 1811FAB4E00219EFCF04DF95C485BAEBBB5AB48344F104199D515A7345DB749A41DF90
                                                                              Function 00609260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 00609270
                                                                                • Part of subcall function 00493B45: __calloc_impl.LIBCMT ref: 00493B5A
                                                                              • _sprintf.LIBCMT ref: 006092BB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: __calloc_impl_calloc_sprintf
                                                                              • String ID: %02x
                                                                              • API String ID: 3989247716-560843007
                                                                              • Opcode ID: 63c1aeae0503989ba7fdc88a5fb964c0a4a60e2526ec0ef65073b7f94134152d
                                                                              • Instruction ID: e49d094eae7fa4f72e2e335b103ce50a957c32950f88b8d7da7b7406039aa6f7
                                                                              • Opcode Fuzzy Hash: 63c1aeae0503989ba7fdc88a5fb964c0a4a60e2526ec0ef65073b7f94134152d
                                                                              • Instruction Fuzzy Hash: 9B112D70A1410CFFCF08DF94C490E9EBBB6EF44308F108499E9059B386D675AB55DB90
                                                                              Function 00406640 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __CxxThrowException@8.LIBCMT ref: 004066AC
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              Strings
                                                                              • OutputStringPointer, xrefs: 0040666F
                                                                              • StringSink: OutputStringPointer not specified, xrefs: 00406683
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionException@8RaiseThrow
                                                                              • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                                                              • API String ID: 3976011213-1331214609
                                                                              • Opcode ID: a1cfdfeda56d3f86d93d1488d0ce918c0dc2b5c1900b26f2f85945bef42c00f3
                                                                              • Instruction ID: 16a7fb460bce60013935d9d3a889a85463fd09ce14e0b754eac9b4989f9776ae
                                                                              • Opcode Fuzzy Hash: a1cfdfeda56d3f86d93d1488d0ce918c0dc2b5c1900b26f2f85945bef42c00f3
                                                                              • Instruction Fuzzy Hash: AF015E71904208ABCB04EF95D852FAEB778EB44714F50463EF412AB7C1EB396A08CB58
                                                                              Function 00638430 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(?,00000005,?,?), ref: 0063845E
                                                                              • ShowWindow.USER32(0064285A,00000005), ref: 0063846D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ShowWindow
                                                                              • String ID: Find:
                                                                              • API String ID: 1268545403-3530257222
                                                                              • Opcode ID: a9906da085764ea81caa6cbcad1f717db624f01e66ffaabe8c1455630a3fd84a
                                                                              • Instruction ID: 20ae9bbf79210d65bf3f9b63515082328ec20184b4bc5461ed195429a91a9d6c
                                                                              • Opcode Fuzzy Hash: a9906da085764ea81caa6cbcad1f717db624f01e66ffaabe8c1455630a3fd84a
                                                                              • Instruction Fuzzy Hash: DDF044B6A04308BBDB04DFA4EC45D9F37AAAB48345F004558F9098B342EA31EA418BD5
                                                                              Function 00406770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • type_info::operator==.LIBCMT ref: 0040678A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: type_info::operator==
                                                                              • String ID: 8l$8l
                                                                              • API String ID: 1676485859-4058121792
                                                                              • Opcode ID: 3536d8ced3b3cf1e0bd23663d9e3d594cb3b9166ddd975749118aa9716bd9a63
                                                                              • Instruction ID: 8d4903a4839b4bca100dc214814ee55365cd992af78082d51cb220d223e80fdb
                                                                              • Opcode Fuzzy Hash: 3536d8ced3b3cf1e0bd23663d9e3d594cb3b9166ddd975749118aa9716bd9a63
                                                                              • Instruction Fuzzy Hash: 85F04471654208B7DB08EF95EC51E7B77BDAB84348B04812EF9069B3D1D934DE10D758
                                                                              Function 00408660 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • type_info::operator==.LIBCMT ref: 0040867A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: type_info::operator==
                                                                              • String ID: 8l$8l
                                                                              • API String ID: 1676485859-4058121792
                                                                              • Opcode ID: 74e7cfa2b097344035584ed998078f989dcd9f4787fc094e4d1a3a716a4621cf
                                                                              • Instruction ID: e0acd193e3cf014d930c7625cd5344e84fdca3bb43a7b65cc63e04ba910e049e
                                                                              • Opcode Fuzzy Hash: 74e7cfa2b097344035584ed998078f989dcd9f4787fc094e4d1a3a716a4621cf
                                                                              • Instruction Fuzzy Hash: BBF022B1600209ABCB04EF95DC0597B77B8AB84308B04C16EF9459B382DA35DE10CB68
                                                                              Function 004086D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • type_info::operator==.LIBCMT ref: 004086EA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: type_info::operator==
                                                                              • String ID: 8l$8l
                                                                              • API String ID: 1676485859-4058121792
                                                                              • Opcode ID: f66fef344ead4ceee707f72fd2ed05d9c4275eb604c15a6e6f6a8bbd8fb0d6fa
                                                                              • Instruction ID: 548e5fa220d77e72bff7aa351ff482fbfdea7be84edcd2635c89475210fdca3b
                                                                              • Opcode Fuzzy Hash: f66fef344ead4ceee707f72fd2ed05d9c4275eb604c15a6e6f6a8bbd8fb0d6fa
                                                                              • Instruction Fuzzy Hash: 99F04FB5600209ABDB08DF99DC41D7A77B9AB88344B14C26EF9049B381EA35DD10DBA8
                                                                              Function 00605520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: _memcmp
                                                                              • String ID: PMGIarea$Z`
                                                                              • API String ID: 2931989736-60663598
                                                                              • Opcode ID: 9bb15572385f9707f8e44c4596cedc25ac26dd356b0ec92f475940249de37092
                                                                              • Instruction ID: 273e889f1cd8db6183527517f1e5188e3c02597d158f08b570ac4b19517af550
                                                                              • Opcode Fuzzy Hash: 9bb15572385f9707f8e44c4596cedc25ac26dd356b0ec92f475940249de37092
                                                                              • Instruction Fuzzy Hash: DAF036B1650209BBDF19DE58EC41EAB339AAF48754F048918FB1ACB281D631E950CB68
                                                                              Function 0055ABA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 0055ABAE
                                                                                • Part of subcall function 0048FE54: __FF_MSGBANNER.LIBCMT ref: 0048FE77
                                                                                • Part of subcall function 0048FE54: __NMSG_WRITE.LIBCMT ref: 0048FE7E
                                                                                • Part of subcall function 0048FE54: RtlAllocateHeap.NTDLL(00000000,00497F01,00000001,00000000,00000000,?,004A0E12,00497F10,00000001,00497F10,?,0049A842,00000018,009616B8,0000000C,0049A8D3), ref: 0048FECB
                                                                              • _sprintf.LIBCMT ref: 0055ABD0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap_malloc_sprintf
                                                                              • String ID: <fd:%d>
                                                                              • API String ID: 1106113145-558891604
                                                                              • Opcode ID: 408b806a03cab956c81338a995ab4c71044ccf103be300819e57281b51da2c7d
                                                                              • Instruction ID: 957b1e121ca075a8e0c11d6ab99ee50b5aa229fcd9c8f0d617c2a1a218b5e937
                                                                              • Opcode Fuzzy Hash: 408b806a03cab956c81338a995ab4c71044ccf103be300819e57281b51da2c7d
                                                                              • Instruction Fuzzy Hash: 65F0C2B5D00208BBCF10EFA8D856D9D7B78AB48310F14877AFD0957240E231EB9887D2
                                                                              Function 004100B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • type_info::operator!=.LIBCMT ref: 004100F5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: type_info::operator!=
                                                                              • String ID: 8l$8l
                                                                              • API String ID: 2241493438-4058121792
                                                                              • Opcode ID: 21e07cfce3e89d2ff0578df4c7a65daa5ca09eb9e2d3258a40572a08c3c75a1b
                                                                              • Instruction ID: 0fbf10e1a54ca9280df85cc8aebeb0a207e1485fd68d0625b50b7da7be3a409c
                                                                              • Opcode Fuzzy Hash: 21e07cfce3e89d2ff0578df4c7a65daa5ca09eb9e2d3258a40572a08c3c75a1b
                                                                              • Instruction Fuzzy Hash: B2011274604118EBCB04DF45D440A9EBBF5AF88344F24C19AF8499B341CA75EE81DB55
                                                                              Function 006990D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: codecvt
                                                                              • String ID: |A$|A
                                                                              • API String ID: 3662085145-3008848628
                                                                              • Opcode ID: 0de07bcbf6c5188742053b04b3cf34b7736a4882f9c421811fca7880e0d166ec
                                                                              • Instruction ID: 35d6f370c1cea9b908fc8eb169f28197a9af2ab87c89617b23a26e5e4b7336d5
                                                                              • Opcode Fuzzy Hash: 0de07bcbf6c5188742053b04b3cf34b7736a4882f9c421811fca7880e0d166ec
                                                                              • Instruction Fuzzy Hash: 9C014B74A04209ABCB04DF55C498BEE7BB6BF84318F1481ACE8491F391CB369E81CF90
                                                                              Function 006656D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 0066572D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: $s_f
                                                                              • API String ID: 3850602802-3891704719
                                                                              • Opcode ID: 5e559715775fee45d839028bebc08a20bed56d9ebaaf0491316a589aace6881e
                                                                              • Instruction ID: aba086b8d09fe30f5ac4266caab4f9bafbbd5446e4cc80b668358d5547eab77d
                                                                              • Opcode Fuzzy Hash: 5e559715775fee45d839028bebc08a20bed56d9ebaaf0491316a589aace6881e
                                                                              • Instruction Fuzzy Hash: 8601FBB5D00208ABCB14EF94D886AEEBBB5FF44304F10415AF81667381DB756A15CF95
                                                                              Function 00636710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 00636738
                                                                              • SendMessageW.USER32(?,00000433,00000000,00000030), ref: 00636765
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend_memset
                                                                              • String ID: 0
                                                                              • API String ID: 1827994538-4108050209
                                                                              • Opcode ID: 02dad46a8d29b97274f2cf28fb893463a00880f779f384af9d9d8a468b93e32e
                                                                              • Instruction ID: a96a79a5b5578d1bc5a985778e830b4ed713331673f9ba3a454548cac2576352
                                                                              • Opcode Fuzzy Hash: 02dad46a8d29b97274f2cf28fb893463a00880f779f384af9d9d8a468b93e32e
                                                                              • Instruction Fuzzy Hash: 04F0AFB4A06308ABDB04DF90E899FFDBBB6AB44304F5441ADF9002B381D7719900CB94
                                                                              Function 0040CD60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::bad_exception::bad_exception.LIBCMTD ref: 0040CDA0
                                                                                • Part of subcall function 00401390: std::runtime_error::runtime_error.LIBCPMTD ref: 0040139E
                                                                              • __CxxThrowException@8.LIBCMT ref: 0040CDAE
                                                                                • Part of subcall function 00497E3E: RaiseException.KERNEL32(8007000E,0095E770,8007000E,?,8007000E,0095E770,00000004,004136BC,8007000E), ref: 00497E80
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
                                                                              • String ID: vector<T> too long
                                                                              • API String ID: 212174158-3788999226
                                                                              • Opcode ID: bedbf04b35c2220df69cc8173b38f01c60e5b5d21dea9de3a243916068601425
                                                                              • Instruction ID: f9b61ef1eab752c1e973d419e5595d9a0c02d2bdc82cc8ecc5f35443f18a9195
                                                                              • Opcode Fuzzy Hash: bedbf04b35c2220df69cc8173b38f01c60e5b5d21dea9de3a243916068601425
                                                                              • Instruction Fuzzy Hash: 98F0AF71814208ABCB04DF90CD42FAEB778FB04B14F10026EB812676C0DB796A04CB54
                                                                              Function 0060AC60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExecuteShell_memset
                                                                              • String ID: <
                                                                              • API String ID: 2124839036-4251816714
                                                                              • Opcode ID: b1c92a7569267fbb55e6a6c47ec99084d7ccb3c6f2e88ee7802e4f79366cec5b
                                                                              • Instruction ID: ddc4abcc89d13f5d8108d58ce6b2dbdb65228db2b5ecde1cc0f70ff158c99717
                                                                              • Opcode Fuzzy Hash: b1c92a7569267fbb55e6a6c47ec99084d7ccb3c6f2e88ee7802e4f79366cec5b
                                                                              • Instruction Fuzzy Hash: B4F049B4D4030CABDF08DF94E895BEDBBB8AB08314F00811AFD156A380D7785504CF95
                                                                              Function 004B6EB5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDriveTypeA.KERNEL32(00000105,?,004B6F05,00000105,?,00000007,00000007,?,004B704A,00000000,7F608707,006BA9ED,00961D08,0000000C,00553444,?), ref: 004B6EDB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: DriveType
                                                                              • String ID: :$\
                                                                              • API String ID: 338552980-1166558509
                                                                              • Opcode ID: f1891db37bb80f9442275a122f25858d655f3f015a89c5d0db44aeec4c313814
                                                                              • Instruction ID: 220ac9f4bb2dd6dc9958b5446f296dd10340ef5b98e7d1ad68491bfa057b6327
                                                                              • Opcode Fuzzy Hash: f1891db37bb80f9442275a122f25858d655f3f015a89c5d0db44aeec4c313814
                                                                              • Instruction Fuzzy Hash: 31E048352082C89DEF51CA79D444BDB3FCC9B51799F04C056F84CCE241D679D6468375
                                                                              Function 005FA110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _fprintf.LIBCMT ref: 005FA129
                                                                              • _abort.LIBCMT ref: 005FA131
                                                                                • Part of subcall function 00493699: __NMSG_WRITE.LIBCMT ref: 004936BA
                                                                                • Part of subcall function 00493699: _raise.LIBCMT ref: 004936CB
                                                                                • Part of subcall function 00493699: _memset.LIBCMT ref: 00493763
                                                                                • Part of subcall function 00493699: SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00493795
                                                                                • Part of subcall function 00493699: UnhandledExceptionFilter.KERNEL32(0061FBFD), ref: 004937A2
                                                                              Strings
                                                                              • Assertion failed: %s:%d, xrefs: 005FA11B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$_abort_fprintf_memset_raise
                                                                              • String ID: Assertion failed: %s:%d
                                                                              • API String ID: 1580787292-3945668520
                                                                              • Opcode ID: a1b2b170b0a6978a55c102a0fe7889748dcb67c7cac507c0d2f97f257224b8c0
                                                                              • Instruction ID: 1744c122db4c973088e85baa03d6e4a7d0e556945d03520830ed38ea359dde13
                                                                              • Opcode Fuzzy Hash: a1b2b170b0a6978a55c102a0fe7889748dcb67c7cac507c0d2f97f257224b8c0
                                                                              • Instruction Fuzzy Hash: BBC012E7A103093BAF00FBD9EC67D6D378DAA84658B044419B51D8A342E969F910427A
                                                                              Function 0048262E Relevance: 5.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(009E4A48,?,?,?,?,00480B89,00000010,00000008,0047370E,004736B1,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2), ref: 00482668
                                                                              • InitializeCriticalSection.KERNEL32(-005D1CFE,?,?,?,?,00480B89,00000010,00000008,0047370E,004736B1,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2), ref: 0048267A
                                                                              • LeaveCriticalSection.KERNEL32(009E4A48,?,?,?,?,00480B89,00000010,00000008,0047370E,004736B1,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2), ref: 00482687
                                                                              • EnterCriticalSection.KERNEL32(-005D1CFE,?,?,?,?,00480B89,00000010,00000008,0047370E,004736B1,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2), ref: 00482697
                                                                                • Part of subcall function 0046BC18: __CxxThrowException@8.LIBCMT ref: 0046BC2E
                                                                                • Part of subcall function 0046BC18: __EH_prolog3.LIBCMT ref: 0046BC3B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Enter$Exception@8H_prolog3InitializeLeaveThrow
                                                                              • String ID:
                                                                              • API String ID: 2895727460-0
                                                                              • Opcode ID: f268b8665f0d6c41e88913228780729ad4362df9cfae03edc3bf15bf3e6d8ab4
                                                                              • Instruction ID: 3df3b9b230afd7852e470de768aee89a1a132e601e8da7b45462095b3b1e8457
                                                                              • Opcode Fuzzy Hash: f268b8665f0d6c41e88913228780729ad4362df9cfae03edc3bf15bf3e6d8ab4
                                                                              • Instruction Fuzzy Hash: DEF0C8325002459FDB102B55ED49E1D769AEBE1325F12543BE04057111EB749D829BF9
                                                                              Function 00480B02 Relevance: 5.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(009E488C,?,?,?,?,004810DE,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2,00412C18), ref: 00480B10
                                                                              • TlsGetValue.KERNEL32(009E4870,?,?,?,?,004810DE,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2,00412C18), ref: 00480B24
                                                                              • LeaveCriticalSection.KERNEL32(009E488C,?,?,?,?,004810DE,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2,00412C18), ref: 00480B3A
                                                                              • LeaveCriticalSection.KERNEL32(009E488C,?,?,?,?,004810DE,?,00000004,004736EF,0046BC34,004746E8,0040DD6C,00412BB2,?,00412BB2,00412C18), ref: 00480B45
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3029491346.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3029479670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3029989732.000000000097F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030003075.0000000000982000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030063603.00000000009DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030075133.00000000009E0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030086165.00000000009F6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3030110545.00000000009FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$EnterValue
                                                                              • String ID:
                                                                              • API String ID: 3969253408-0
                                                                              • Opcode ID: db84e0948824d396f4bcafad5485e70d987ee25d3e98915588bcd684b963d6c1
                                                                              • Instruction ID: 623c55043d4a614ab317fee5c386d879cfda8c8428da503d27d3d6f711cc9256
                                                                              • Opcode Fuzzy Hash: db84e0948824d396f4bcafad5485e70d987ee25d3e98915588bcd684b963d6c1
                                                                              • Instruction Fuzzy Hash: 13F054772106049FC7209F99DC48C6BB7EAEA843793159866E50993211D734F915CBB4