Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DataIndustrial.exe

Overview

General Information

Sample name:DataIndustrial.exe
Analysis ID:1539399
MD5:152843eaad328f6a699815f061586c98
SHA1:d3e216b2edc83036e5846d15d15ecfb7f80d255b
SHA256:34c92fe58fc12ef4ddb24159e745c05e48c3f27e4953a3ba4a87651516bd7d7b
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Checks for kernel debuggers (COM1)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • DataIndustrial.exe (PID: 6864 cmdline: "C:\Users\user\Desktop\DataIndustrial.exe" MD5: 152843EAAD328F6A699815F061586C98)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.4% probability
Source: DataIndustrial.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: c:\Projects\wPC_DIC_COMBO\Release\DataIndustrial.pdb source: DataIndustrial.exe
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004513CB __EH_prolog3_GS,GetFullPathNameA,_DebugHeapAllocator,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,_DebugHeapAllocator,0_2_004513CB
Source: unknownDNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: DataIndustrial.exeString found in binary or memory: http://google.com/
Source: DataIndustrial.exeString found in binary or memory: http://google.com/(
Source: DataIndustrial.exeString found in binary or memory: http://www.badgermeter.com/Industrial.aspx
Source: DataIndustrial.exeString found in binary or memory: http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspx
Source: DataIndustrial.exeString found in binary or memory: http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspxopenManuals
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00460D51 __EH_prolog3,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageA,_memset,ScreenToClient,_memset,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,_memset,SendMessageA,GetParent,0_2_00460D51
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00444DBB GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,0_2_00444DBB
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0045D074 ScreenToClient,_memset,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,0_2_0045D074
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004467E30_2_004467E3
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0046E0BE0_2_0046E0BE
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004662960_2_00466296
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004746400_2_00474640
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004666A20_2_004666A2
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0046E9D30_2_0046E9D3
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00466AC20_2_00466AC2
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00474B840_2_00474B84
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0042AF600_2_0042AF60
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004750C80_2_004750C8
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0047595E0_2_0047595E
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004659ED0_2_004659ED
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0046FD8E0_2_0046FD8E
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00465EC20_2_00465EC2
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 00413FC0 appears 50 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 0046791C appears 51 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 0044C6AB appears 46 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 004493A1 appears 33 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 0046775A appears 150 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 0046778D appears 42 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 0042C800 appears 82 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 004041E0 appears 148 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 0044C65F appears 41 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 00403170 appears 183 times
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: String function: 004436FD appears 75 times
Source: DataIndustrial.exeBinary or memory string: OriginalFileName vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000000.1709328170.000000000047E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000000.1709328170.000000000047E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000002.2947549346.000000000081D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameD3D10Warp.dl vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe
Source: DataIndustrial.exeBinary or memory string: OriginalFileName vs DataIndustrial.exe
Source: DataIndustrial.exeBinary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe
Source: C:\Users\user\Desktop\DataIndustrial.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: DataIndustrial.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal48.evad.winEXE@1/4@1/0
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0041F780 GetLastError,_memset,FormatMessageA,_strcat,0_2_0041F780
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00414160 FindResourceA,0_2_00414160
Source: C:\Users\user\Desktop\DataIndustrial.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\128[1]Jump to behavior
Source: DataIndustrial.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\DataIndustrial.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeFile read: C:\Users\user\Desktop\DataIndustrial.exe:Zone.IdentifierJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: DataIndustrial.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: c:\Projects\wPC_DIC_COMBO\Release\DataIndustrial.pdb source: DataIndustrial.exe
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00426D00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,RegQueryValueExA,_strlen,RegCloseKey,FreeLibrary,0_2_00426D00
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00467832 push ecx; ret 0_2_00467845
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00467961 push ecx; ret 0_2_00467974
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00442063 MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect,0_2_00442063
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00426800 IsIconic,0_2_00426800
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeMemory allocated: 4580000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-55824
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004513CB __EH_prolog3_GS,GetFullPathNameA,_DebugHeapAllocator,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,_DebugHeapAllocator,0_2_004513CB
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00467C67 VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect,0_2_00467C67
Source: C:\Users\user\Desktop\DataIndustrial.exeAPI call chain: ExitProcess graph end nodegraph_0-55397

Anti Debugging

barindex
Source: C:\Users\user\Desktop\DataIndustrial.exeFile opened: COM1Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0046722D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0046722D
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00467C67 VirtualProtect ?,-00000001,00000104,?0_2_00467C67
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00426D00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,RegQueryValueExA,_strlen,RegCloseKey,FreeLibrary,0_2_00426D00
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004725D3 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004725D3
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_0046722D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0046722D
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004637E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004637E0
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00471A57 SetUnhandledExceptionFilter,0_2_00471A57
Source: C:\Users\user\Desktop\DataIndustrial.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA,0_2_0044D8B2
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: GetLocaleInfoA,0_2_004752AA
Source: C:\Users\user\Desktop\DataIndustrial.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_004723B2 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004723B2
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00470B17 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,0_2_00470B17
Source: C:\Users\user\Desktop\DataIndustrial.exeCode function: 0_2_00426AC0 GetVersionExA,QueryDosDeviceA,_strlen,SetLastError,0_2_00426AC0
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API
1
DLL Side-Loading
1
DLL Side-Loading
1
Masquerading
1
Input Capture
2
System Time Discovery
Remote Services1
Email Collection
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion
LSASS Memory11
Security Software Discovery
Remote Desktop Protocol1
Input Capture
1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Disable or Modify Tools
Security Account Manager1
Virtualization/Sandbox Evasion
SMB/Windows Admin Shares1
Archive Collected Data
1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information
NTDS1
Application Window Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information
LSA Secrets1
File and Directory Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials24
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
DataIndustrial.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
15.164.165.52.in-addr.arpa
unknown
unknownfalse
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    http://google.com/DataIndustrial.exefalse
      unknown
      http://google.com/(DataIndustrial.exefalse
        unknown
        http://www.badgermeter.com/Industrial.aspxDataIndustrial.exefalse
          unknown
          http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspxopenManualsDataIndustrial.exefalse
            unknown
            http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspxDataIndustrial.exefalse
              unknown
              No contacted IP infos
              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1539399
              Start date and time:2024-10-22 16:15:52 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 4m 37s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:6
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:DataIndustrial.exe
              Detection:MAL
              Classification:mal48.evad.winEXE@1/4@1/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 70
              • Number of non-executed functions: 233
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: DataIndustrial.exe
              TimeTypeDescription
              10:16:47API Interceptor1x Sleep call for process: DataIndustrial.exe modified
              No context
              No context
              No context
              No context
              No context
              Process:C:\Users\user\Desktop\DataIndustrial.exe
              File Type:data
              Category:dropped
              Size (bytes):49120
              Entropy (8bit):0.0017331682157558962
              Encrypted:false
              SSDEEP:3:Ztt:T
              MD5:0392ADA071EB68355BED625D8F9695F3
              SHA1:777253141235B6C6AC92E17E297A1482E82252CC
              SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
              SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
              Malicious:false
              Reputation:high, very likely benign file
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
              Process:C:\Users\user\Desktop\DataIndustrial.exe
              File Type:HTML document, ISO-8859 text, with CRLF line terminators
              Category:dropped
              Size (bytes):2697
              Entropy (8bit):5.113966054727882
              Encrypted:false
              SSDEEP:48:QPD1RRvEvyAlMK/YhVDp4lGulM8MMdERXqGRflqMod5RPopaivQk:QJ8v/MKQhV96GsM81dUXezivQk
              MD5:54935251D21C89684C27AF8791A38BFB
              SHA1:807DDB107E5D9E2B41579ECCB0BE4943E391C1C4
              SHA-256:70DA0A8591E5FAA0AFC2695092A312697A5238683BA547CC3A0ACFD116CB9633
              SHA-512:24FF6D7A4F4EFBC296F4C4A4D0D10E4C5787197A47FFFEB8657D78C20021094C1A4770AE9A4B86306AB88CED75B0FBA8FB59B54C4FFD2D04CE1321F7EBCE0A62
              Malicious:false
              Reputation:low
              Preview:<html>...<head>....<link rel="stylesheet" href="res://DataIndustrial.exe/style.css">....<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">.... <meta http-equiv="Page-Enter" content="blendTrans(Duration=0.5)" > -->...</head>...<body style="background-color: #99ccff">....<table align="center" height="5%" width="100%" ID="Table1">.....<tr>......<td align="left" width="50%">............<img src="res://DataIndustrial.exe/badger_logo.gif" style="background-color: #99ccff">...........</td>.. .. <td align="center" width="5%" id="verlbtext" style="text-align: center; color: #0078C0; font-weight: bolder; font-style: italic"><b style="color: blue;">---</b></td>...... Firmware Ver ID Must always be used for this field -->......<td align="center" width="5%" id="vertext" style="color: #0078C0;font-weight: bolder; font-style: italic">---</td>......<td align="center">.......<h2>Model: 310</h2>......</td>.....</tr>....</table>....<br><br>....<table class="data" align="cen
              Process:C:\Users\user\Desktop\DataIndustrial.exe
              File Type:GIF image data, version 89a, 108 x 109
              Category:dropped
              Size (bytes):2958
              Entropy (8bit):7.57557280099545
              Encrypted:false
              SSDEEP:48:fqEaTvNp1UdcP8jugDJ1SR7pPrqBGKFwwiYJYUEGJRTHXGzO3brRCP81q7U6Aoq6:fPaTVQdcITJ1SjxXNctD3/m81q70oq6
              MD5:30967AF721B7BD965C6D20E47C5DC820
              SHA1:431FA3B63C54BC7C96F7D82E33D8ABFE9010F64E
              SHA-256:A262CACEDFB25B52DFCE23AE9E9C0624977B8FF3934C7A99CE5BF2CCE24BFCC5
              SHA-512:DF99A50352F92533680B3F4203F30B83F6CEACC5021F5339737C62EEBC1ADB3B697C44D80C450CA18D442B52343458B251A0C0BF7807ED06D7818EA98A06C99C
              Malicious:false
              Reputation:low
              Preview:GIF89al.m...........{..s..c..{..s..s..c..c.....s....B........s..s.R.Rk..J....Rk............B..B..B.BcB.!k...........c....s..s..s.s.....B.BBB......B....s.s.B........Z..)Z:).:).)Z.)..)..{.{Z.1.1Z.{..{..1..1..Z..ZZ.....Z.Z..Z.......)Zc)..).c)...Z.ZZ....Z.Z..Z........Z:..:...Z.......Z..ZZ.....Z.Z..Z........Zc.....c...c....:......k.cB..c..BB.B....Zk:..Z):)....Z.Zk.Z).)..Z....ZkcZ..Z)cZ....ZJ:Z.:.....Z.ZJ.Z.....Z.ZJcZ..Z.cZ..J..J...{..{Z.1..1Z.{.{Z.1.1Z.{..{..1..1..{..{..1..1.)Z.).1)..).1).c).c..c..c.{..{Z.1..1Z.{..{..1..1..Z...1.....1).c).c..c..c)B.)..)..c..:....c..:.........B...Zk.Z.sZ.1Z).Z.1Z.sZ.sZ.sZJ.Z.RZ.1Z..Z.1Z.RZ.RZ.R)k.k..k......Z.Zk....k.Z..Z).....).Z.ZJ....J.Z..Z..........:.........B..........k..s...............,....l.m........H._....X.F!.....p..M.2..3j.... =........$.K.@A..0_.C.`...mB.....e.$.$P.e........e...pk..@.>.j...a.`.* ....h5....K.)..=..Q.xc>, ...<...K.%.7...lS.1L.s.K..m....b.<......p.mu.........ta..W...ph.
              Process:C:\Users\user\Desktop\DataIndustrial.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):514
              Entropy (8bit):5.043001679678584
              Encrypted:false
              SSDEEP:12:ovaXfbp3j+zc/Xmsa8Fz7ZZg1kXTpcMBSndEzF:Zlj/2shOkDjBgS5
              MD5:F480FD73D5D56EF2D600A6C8C6599C43
              SHA1:11E2ECDB1A03B14E6CEA22F1F3CB1F74598FC3E4
              SHA-256:389240DF6C6C2C07610F9EB41087738E9D1C5737663C16DFB6EB1CDD336D8415
              SHA-512:8BEF25F7A924F8423C6F220394A3F3E0244D82B883E4240E25EB8FFF62D4E059CE2A8C36EDCF144CC112469804BE7455F020C9330F5DCE977B742F3A64CD9633
              Malicious:false
              Reputation:low
              Preview:body{...margin: 0 0 0 0;...border: dotted 10px black;...background-color: Transparent;..}....table.data{.../* Remove font-size & line-height */.../* font-size: small; */.../* line-height: 15px; */...border-style: inset;...width: 90%;..}....h2{.../*Badger Blue*/...color: #0078C0;...font-size: x-large;...font-weight: bolder;...font-style: italic;...text-align: center;..}....table.tagline{.../* remove font-size */...font-size: x-small;...width: 100%;...color: Red;..}....input.button, button{...width: 100px;..}..
              File type:PE32 executable (GUI) Intel 80386, for MS Windows
              Entropy (8bit):6.080851968620249
              TrID:
              • Win32 Executable (generic) a (10002005/4) 99.96%
              • Generic Win/DOS Executable (2004/3) 0.02%
              • DOS Executable Generic (2002/1) 0.02%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:DataIndustrial.exe
              File size:824'832 bytes
              MD5:152843eaad328f6a699815f061586c98
              SHA1:d3e216b2edc83036e5846d15d15ecfb7f80d255b
              SHA256:34c92fe58fc12ef4ddb24159e745c05e48c3f27e4953a3ba4a87651516bd7d7b
              SHA512:085640598c062f28c405232265e9207b836dcfc4dd7c96f38fd101a843924652e9c577d6e46c629978881358c9e57652e104d36b1598b7425f5f6de086188d25
              SSDEEP:12288:+A/cG1R2LUTD6XU5Ua/CcdubpxERMFqBczR+NzgrieL:+ZG1R2AD6rAVubpxERM4Q8zC
              TLSH:6C054A217A81C93AD0B32471CA7E86AE51A9FD30076449C7B3C43A7F0EF55E2AD36716
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oxt.+..E+..E+..E..wE%..E..aE0..E+..E...E"a.E4..E"a.E...E5K.E(..E"a.E...E5K.E*..E"a.E*..ERich+..E................PE..L....e`K...
              Icon Hash:822629d66d5acc2d
              Entrypoint:0x467637
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:TERMINAL_SERVER_AWARE
              Time Stamp:0x4B606508 [Wed Jan 27 16:08:40 2010 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:5
              OS Version Minor:0
              File Version Major:5
              File Version Minor:0
              Subsystem Version Major:5
              Subsystem Version Minor:0
              Import Hash:0f78ae6e4671d03bf1f33dc0727299f7
              Instruction
              call 00007F7F887FFCFBh
              jmp 00007F7F887F4DFDh
              push 0000000Ch
              push 00498D88h
              call 00007F7F887F5254h
              and dword ptr [ebp-1Ch], 00000000h
              mov esi, dword ptr [ebp+08h]
              cmp esi, dword ptr [004A2D4Ch]
              jnbe 00007F7F887F4FA4h
              push 00000004h
              call 00007F7F887FD17Fh
              pop ecx
              and dword ptr [ebp-04h], 00000000h
              push esi
              call 00007F7F887FD986h
              pop ecx
              mov dword ptr [ebp-1Ch], eax
              mov dword ptr [ebp-04h], FFFFFFFEh
              call 00007F7F887F4F8Eh
              mov eax, dword ptr [ebp-1Ch]
              call 00007F7F887F5260h
              ret
              push 00000004h
              call 00007F7F887FD07Ah
              pop ecx
              ret
              mov edi, edi
              push ebp
              mov ebp, esp
              push esi
              mov esi, dword ptr [ebp+08h]
              cmp esi, FFFFFFE0h
              ja 00007F7F887F5027h
              push ebx
              push edi
              mov edi, dword ptr [0047E128h]
              cmp dword ptr [004A14F4h], 00000000h
              jne 00007F7F887F4F9Ah
              call 00007F7F887FF4DDh
              push 0000001Eh
              call 00007F7F887FF32Bh
              push 000000FFh
              call 00007F7F887F5D6Bh
              pop ecx
              pop ecx
              mov eax, dword ptr [004A2D5Ch]
              cmp eax, 01h
              jne 00007F7F887F4F90h
              test esi, esi
              je 00007F7F887F4F86h
              mov eax, esi
              jmp 00007F7F887F4F85h
              xor eax, eax
              inc eax
              push eax
              jmp 00007F7F887F4F9Eh
              cmp eax, 03h
              jne 00007F7F887F4F8Dh
              push esi
              call 00007F7F887F4ED8h
              pop ecx
              test eax, eax
              jne 00007F7F887F4F98h
              test esi, esi
              jne 00007F7F887F4F83h
              inc esi
              add esi, 0Fh
              and esi, FFFFFFF0h
              Programming Language:
              • [ C ] VS2005 build 50727
              • [IMP] VS2005 build 50727
              • [ASM] VS2008 SP1 build 30729
              • [ C ] VS2008 SP1 build 30729
              • [C++] VS2008 build 21022
              • [C++] VS2008 SP1 build 30729
              • [RES] VS2008 build 21022
              • [LNK] VS2008 SP1 build 30729
              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x993ec0x118.rdata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xa30000x2c7dc.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
              IMAGE_DIRECTORY_ENTRY_DEBUG0x7e7000x1c.rdata
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x8f0300x40.rdata
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x7e0000x650.rdata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x993640x40.rdata
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000x7c04e0x7c200646a8587c603b438fccc5ecd6f389f6dFalse0.4700127454682779data6.400708969249751IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rdata0x7e0000x1d51c0x1d600af22a3829158737bdbcd7f019004a27dFalse0.2912234042553192data5.219647143953636IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .data0x9c0000x6d840x3200a968034e43462fe599bc9b6d5f81077dFalse0.29296875data4.440810499507069IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rsrc0xa30000x2c7dc0x2c8003239b331947fa8c7072dda7528c6d154False0.15952532478932585data4.168486857178296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_CURSOR0xa45640x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
              RT_CURSOR0xa46980xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
              RT_CURSOR0xa474c0x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
              RT_CURSOR0xa48800x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
              RT_CURSOR0xa49b40x134dataEnglishUnited States0.37337662337662336
              RT_CURSOR0xa4ae80x134dataEnglishUnited States0.37662337662337664
              RT_CURSOR0xa4c1c0x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
              RT_CURSOR0xa4d500x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
              RT_CURSOR0xa4e840x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
              RT_CURSOR0xa4fb80x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
              RT_CURSOR0xa50ec0x134dataEnglishUnited States0.44155844155844154
              RT_CURSOR0xa52200x134dataEnglishUnited States0.4155844155844156
              RT_CURSOR0xa53540x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
              RT_CURSOR0xa54880x134dataEnglishUnited States0.2662337662337662
              RT_CURSOR0xa55bc0x134dataEnglishUnited States0.2824675324675325
              RT_CURSOR0xa56f00x134dataEnglishUnited States0.3246753246753247
              RT_BITMAP0xa58240x290Device independent bitmap graphic, 14 x 14 x 24, image size 616EnglishUnited States0.09908536585365854
              RT_BITMAP0xa5ab40x290Device independent bitmap graphic, 14 x 14 x 24, image size 616EnglishUnited States0.09298780487804878
              RT_BITMAP0xa5d440x290Device independent bitmap graphic, 14 x 14 x 24, image size 616EnglishUnited States0.09298780487804878
              RT_BITMAP0xa5fd40x290Device independent bitmap graphic, 14 x 14 x 24, image size 616EnglishUnited States0.09451219512195122
              RT_BITMAP0xa62640x290Device independent bitmap graphic, 14 x 14 x 24, image size 616EnglishUnited States0.09603658536585366
              RT_BITMAP0xa64f40x290Device independent bitmap graphic, 14 x 14 x 24, image size 616EnglishUnited States0.0975609756097561
              RT_BITMAP0xa67840x106d0Device independent bitmap graphic, 273 x 82 x 24, image size 67240EnglishUnited States0.07379607609988109
              RT_BITMAP0xb6e540x4e88Device independent bitmap graphic, 200 x 200 x 4, image size 20000, 16 important colorsEnglishUnited States0.052327894946279346
              RT_BITMAP0xbbcdc0x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 1152, 16 important colorsEnglishUnited States0.05015923566878981
              RT_BITMAP0xbc1c40xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
              RT_BITMAP0xbc27c0x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
              RT_ICON0xbc3c00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.3456678700361011
              RT_MENU0xbcc680x18eMatlab v4 mat-file (little endian) E, numeric, rows 5046288, columns 6881377, imaginaryEnglishUnited States0.5703517587939698
              RT_DIALOG0xbcdf80x16cdataEnglishUnited States0.5082417582417582
              RT_DIALOG0xbcf640x76dataEnglishUnited States0.7627118644067796
              RT_DIALOG0xbcfdc0x110dataEnglishUnited States0.5882352941176471
              RT_DIALOG0xbd0ec0x4e4dataEnglishUnited States0.43210862619808305
              RT_DIALOG0xbd5d00xd4dataEnglishUnited States0.6792452830188679
              RT_DIALOG0xbd6a40x948dataEnglishUnited States0.30597643097643096
              RT_DIALOG0xbdfec0x1b6dataEnglishUnited States0.5319634703196348
              RT_DIALOG0xbe1a40x9c4dataEnglishUnited States0.2564
              RT_DIALOG0xbeb680x5b6dataEnglishUnited States0.41450068399452805
              RT_DIALOG0xbf1200x8cadataEnglishUnited States0.3648888888888889
              RT_DIALOG0xbf9ec0x1d2dataEnglishUnited States0.5386266094420601
              RT_DIALOG0xbfbc00x62dataEnglishUnited States0.8163265306122449
              RT_DIALOG0xbfc240x4f8dataEnglishUnited States0.419811320754717
              RT_DIALOG0xc011c0x732dataEnglishUnited States0.3751357220412595
              RT_DIALOG0xc08500x4b0dataEnglishUnited States0.42083333333333334
              RT_DIALOG0xc0d000x2ecdataEnglishUnited States0.47459893048128343
              RT_DIALOG0xc0fec0x318dataEnglishUnited States0.3939393939393939
              RT_DIALOG0xc13040x214dataEnglishUnited States0.556390977443609
              RT_DIALOG0xc15180x46edataEnglishUnited States0.36155202821869487
              RT_DIALOG0xc19880x238dataEnglishUnited States0.5475352112676056
              RT_DIALOG0xc1bc00x600dataEnglishUnited States0.4186197916666667
              RT_DIALOG0xc21c00xbd8dataEnglishUnited States0.35686015831134565
              RT_DIALOG0xc2d980xbb4dataEnglishUnited States0.3818424566088118
              RT_DIALOG0xc394c0xbcdataEnglishUnited States0.6595744680851063
              RT_DIALOG0xc3a080xccdataEnglishUnited States0.6764705882352942
              RT_DIALOG0xc3ad40x4cdataEnglishUnited States0.8157894736842105
              RT_DIALOG0xc3b200xe90dataEnglishUnited States0.3444206008583691
              RT_DIALOG0xc49b00xe8dataEnglishUnited States0.6336206896551724
              RT_DIALOG0xc4a980x34dataEnglishUnited States0.9038461538461539
              RT_STRING0xc4acc0x52dataEnglishUnited States0.6707317073170732
              RT_STRING0xc4b200x36Matlab v4 mat-file (little endian) d, numeric, rows 0, columns 0EnglishUnited States0.6666666666666666
              RT_STRING0xc4b580x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
              RT_STRING0xc4bdc0x2adataEnglishUnited States0.5476190476190477
              RT_STRING0xc4c080x184dataEnglishUnited States0.48711340206185566
              RT_STRING0xc4d8c0x4e6dataEnglishUnited States0.37719298245614036
              RT_STRING0xc52740x264dataEnglishUnited States0.3333333333333333
              RT_STRING0xc54d80x2dadataEnglishUnited States0.3698630136986301
              RT_STRING0xc57b40x8adataEnglishUnited States0.6594202898550725
              RT_STRING0xc58400xacdataEnglishUnited States0.45348837209302323
              RT_STRING0xc58ec0xdedataEnglishUnited States0.536036036036036
              RT_STRING0xc59cc0x4a8dataEnglishUnited States0.3221476510067114
              RT_STRING0xc5e740x228dataEnglishUnited States0.4003623188405797
              RT_STRING0xc609c0x2cdataEnglishUnited States0.5227272727272727
              RT_STRING0xc60c80x42dataEnglishUnited States0.6060606060606061
              RT_GROUP_CURSOR0xc610c0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
              RT_GROUP_CURSOR0xc61300x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61440x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61580x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc616c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61940x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61a80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61bc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61d00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61e40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc61f80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc620c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc62200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_CURSOR0xc62340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
              RT_GROUP_ICON0xc62480x14dataEnglishUnited States1.15
              RT_VERSION0xc625c0x320dataEnglishUnited States0.46375
              RT_HTML0xc657c0xb8eGIF image data, version 89a, 108 x 109EnglishUnited States0.980054090601758
              RT_HTML0xc710c0x29ePC bitmap, Windows 3.x format, 14 x 14 x 24, image size 616, cbSize 670, bits offset 54EnglishUnited States0.10597014925373134
              RT_HTML0xc73ac0xb99GIF image data, version 89a, 190 x 14EnglishUnited States0.9818120579319636
              RT_HTML0xc7f480x202ASCII text, with CRLF line terminatorsEnglishUnited States0.5544747081712063
              RT_HTML0xc814c0x1bf9HTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.25401480240189916
              RT_HTML0xc9d480x40dHTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.5168756027000965
              RT_HTML0xca1580x16dHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.6136986301369863
              RT_HTML0xca2c80x1cfHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5680345572354212
              RT_HTML0xca4980xa89HTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.371523915461624
              RT_HTML0xcaf240x90fHTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.37257438551099614
              RT_HTML0xcb8340xa96HTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.34501845018450183
              RT_HTML0xcc2cc0xa8cHTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.37222222222222223
              RT_HTML0xccd580xb81HTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.32869269949066215
              RT_HTML0xcd8dc0xe11HTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.2915856706470425
              RT_HTML0xce6f00xf8eHTML document, ISO-8859 text, with CRLF line terminatorsEnglishUnited States0.31115017579105975
              RT_MANIFEST0xcf6800x15aASCII text, with CRLF line terminatorsEnglishUnited States0.5491329479768786
              DLLImport
              KERNEL32.dllGetFileAttributesA, GetFileSizeEx, GetFileTime, GetTickCount, RtlUnwind, HeapFree, ExitThread, CreateThread, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, GetStartupInfoA, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, ExitProcess, HeapSize, GetACP, IsValidCodePage, HeapCreate, VirtualFree, GetStringTypeW, GetTimeZoneInformation, LCMapStringA, LCMapStringW, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CompareStringW, SetEnvironmentVariableA, SetErrorMode, GetModuleHandleW, GetOEMCP, GetCPInfo, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalFlags, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetThreadLocale, WritePrivateProfileStringA, GetCurrentProcessId, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, InterlockedExchange, lstrcmpA, RaiseException, InterlockedDecrement, GetModuleFileNameW, LocalFree, lstrlenA, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, CompareStringA, lstrcmpW, GetModuleHandleA, ReadFile, WriteFile, SetCommTimeouts, GetCommState, BuildCommDCBA, SetCommState, PurgeComm, SetEvent, ResetEvent, WaitForSingleObject, FreeResource, GlobalAlloc, ResumeThread, GlobalLock, GlobalUnlock, MulDiv, GlobalFree, CreateEventA, FileTimeToLocalFileTime, FileTimeToSystemTime, GetUserDefaultLangID, GetModuleFileNameA, LoadLibraryA, GetProcAddress, FreeLibrary, GetDefaultCommConfigA, GetVersionExA, QueryDosDeviceA, SetLastError, CreateFileA, CloseHandle, lstrlenW, MultiByteToWideChar, GetLastError, FormatMessageA, WideCharToMultiByte, LoadResource, LockResource, SizeofResource, FindResourceA, GetStringTypeA, Sleep
              USER32.dllGetNextDlgGroupItem, MessageBeep, RegisterClipboardFormatA, PostThreadMessageA, ReleaseCapture, SetCapture, InvalidateRgn, IsRectEmpty, CopyAcceleratorTableA, UnregisterClassA, LoadCursorA, GetSysColorBrush, CharUpperA, DestroyMenu, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, SetWindowContextHelpId, MapDialogRect, GetWindowThreadProcessId, GetMessageA, TranslateMessage, GetCursorPos, ValidateRect, SetCursor, PostQuitMessage, SetRectEmpty, IsZoomed, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, IsDlgButtonChecked, SetDlgItemTextA, SetDlgItemInt, GetDlgItemTextA, GetDlgItemInt, CheckDlgButton, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, ModifyMenuA, GetMenuState, CheckMenuItem, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetWindowTextLengthA, GetWindowTextA, GetForegroundWindow, GetLastActivePopup, DispatchMessageA, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, GetKeyState, SetMenu, SetForegroundWindow, PostMessageA, GetSubMenu, GetMenuItemID, GetMenuItemCount, MessageBoxA, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, PtInRect, GetMenu, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, WindowFromPoint, GetWindowPlacement, GetWindowRect, EnableMenuItem, CharNextA, GetWindow, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, UpdateWindow, InvalidateRect, CopyRect, GetSysColor, FillRect, GetDC, ReleaseDC, SetRect, PeekMessageA, LoadIconA, IsWindowVisible, IsIconic, GetSystemMenu, SetMenuItemInfoA, GetMenuItemInfoA, AppendMenuA, DrawIcon, GetSystemMetrics, SetWindowLongA, GetCaretPos, GetClientRect, GetFocus, KillTimer, SetTimer, LoadBitmapA, SendMessageA, EnableWindow, SetFocus
              GDI32.dllExtSelectClipRgn, GetStockObject, CreateRectRgnIndirect, GetRgnBox, GetTextColor, GetMapMode, GetWindowExtEx, GetViewportExtEx, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetBkColor, CreateSolidBrush, IntersectClipRect, ExcludeClipRect, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetTextExtentPoint32A, GetTextMetricsA, CreateBitmap, SetBkColor, SetTextColor, GetClipBox, GetObjectA, CreateFontIndirectA, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, DeleteDC, DeleteObject, GetDeviceCaps
              COMDLG32.dllGetFileTitleA
              WINSPOOL.DRVEnumPortsA, DocumentPropertiesA, OpenPrinterA, ClosePrinter
              ADVAPI32.dllRegQueryInfoKeyA, RegQueryValueA, RegOpenKeyA, RegEnumKeyA, RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegFlushKey, RegQueryValueExA
              SHELL32.dllShellExecuteA
              COMCTL32.dll
              SHLWAPI.dllPathFindFileNameA, PathStripToRootA, PathIsUNCA, PathFindExtensionA
              oledlg.dll
              ole32.dllOleInitialize, CoFreeUnusedLibraries, OleUninitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, OleIsCurrentClipboard, CoTaskMemFree, CreateStreamOnHGlobal, CoInitialize, OleFlushClipboard, CoRegisterMessageFilter, CoRevokeClassObject, CoTaskMemAlloc
              OLEAUT32.dllOleCreateFontIndirect, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayDestroy, SafeArrayCreate, SafeArrayGetElemsize, SafeArrayAccessData, SafeArrayUnaccessData, LoadRegTypeLib, SysAllocString, DispCallFunc, VariantCopy, SysAllocStringByteLen, SysStringLen, VariantInit, VariantChangeType, VariantClear, OleLoadPicture, SysFreeString, SysAllocStringLen
              VERSION.dllGetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States
              TimestampSource PortDest PortSource IPDest IP
              Oct 22, 2024 16:17:18.650443077 CEST5362095162.159.36.2192.168.2.4
              Oct 22, 2024 16:17:19.270243883 CEST5177153192.168.2.41.1.1.1
              Oct 22, 2024 16:17:19.278431892 CEST53517711.1.1.1192.168.2.4
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 22, 2024 16:17:19.270243883 CEST192.168.2.41.1.1.10x6e61Standard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 22, 2024 16:17:19.278431892 CEST1.1.1.1192.168.2.40x6e61Name error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

              Click to jump to process

              Click to jump to process

              Click to dive into process behavior distribution

              Target ID:0
              Start time:10:16:47
              Start date:22/10/2024
              Path:C:\Users\user\Desktop\DataIndustrial.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\DataIndustrial.exe"
              Imagebase:0x400000
              File size:824'832 bytes
              MD5 hash:152843EAAD328F6A699815F061586C98
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Reset < >

                Execution Graph

                Execution Coverage:4.6%
                Dynamic/Decrypted Code Coverage:0%
                Signature Coverage:5.6%
                Total number of Nodes:2000
                Total number of Limit Nodes:42
                execution_graph 55109 44d5f5 55110 44d603 55109->55110 55113 44d530 55110->55113 55114 44d566 55113->55114 55116 44d5ed 55113->55116 55115 44d567 RegOpenKeyExA 55114->55115 55114->55116 55117 44d584 RegQueryValueExA 55114->55117 55118 44d5d6 RegCloseKey 55114->55118 55115->55114 55117->55114 55118->55114 55119 4530f6 8 API calls 55120 44d6f1 55121 44d702 55120->55121 55123 44d70e 55121->55123 55145 4494a9 55121->55145 55128 44d762 55123->55128 55130 451853 55123->55130 55126 451853 KiUserExceptionDispatcher 55127 44d742 55126->55127 55127->55128 55136 4493ba 55127->55136 55131 45185c 55130->55131 55132 4494a9 ~_Task_impl KiUserExceptionDispatcher 55131->55132 55133 451828 55131->55133 55132->55131 55134 4494a9 ~_Task_impl KiUserExceptionDispatcher 55133->55134 55135 44d73c 55133->55135 55134->55133 55135->55126 55135->55127 55137 4493e7 55136->55137 55138 449402 55137->55138 55139 4493eb 55137->55139 55153 44efc4 131 API calls 4 library calls 55138->55153 55148 44ef76 55139->55148 55141 449400 55154 4637e0 55141->55154 55144 44942a 55144->55128 55290 4652a1 55145->55290 55147 4494c4 55162 44a01a 55148->55162 55153->55141 55155 4637ea IsDebuggerPresent 55154->55155 55156 4637e8 55154->55156 55289 471a0d 55155->55289 55156->55144 55159 46a899 SetUnhandledExceptionFilter UnhandledExceptionFilter 55160 46a8be GetCurrentProcess TerminateProcess 55159->55160 55161 46a8b6 __invoke_watson 55159->55161 55160->55144 55161->55160 55189 45254f 55162->55189 55164 44a04c 55167 44ee15 55164->55167 55165 44a029 55165->55164 55200 45202b 7 API calls 3 library calls 55165->55200 55235 44ed2a 55167->55235 55172 44ee5f EnableWindow 55173 44ee68 GetWindowThreadProcessId 55172->55173 55174 44ee80 GetCurrentProcessId 55173->55174 55177 44eea6 55173->55177 55175 44ee8e SendMessageA 55174->55175 55174->55177 55176 44eea2 55175->55176 55175->55177 55176->55177 55178 44ef01 GetModuleFileNameA 55177->55178 55179 44eefc 55177->55179 55178->55179 55180 44ef1c 55178->55180 55255 4432ae 55179->55255 55180->55179 55182 44ef35 55183 44ef5d 55182->55183 55184 44ef4f EnableWindow 55182->55184 55185 44ed2a 109 API calls 55183->55185 55184->55183 55186 44ef64 55185->55186 55187 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 55186->55187 55188 44ef74 55187->55188 55188->55141 55191 45255b __EH_prolog3 55189->55191 55190 4494a9 ~_Task_impl KiUserExceptionDispatcher 55190->55191 55191->55190 55192 4525a9 55191->55192 55201 452265 TlsAlloc 55191->55201 55205 45214d EnterCriticalSection 55191->55205 55220 451fbf EnterCriticalSection 55192->55220 55197 4525bc 55227 45230c 87 API calls 5 library calls 55197->55227 55198 4525cf ~_Task_impl 55198->55165 55200->55165 55202 452296 InitializeCriticalSection 55201->55202 55203 452291 55201->55203 55202->55191 55228 449471 KiUserExceptionDispatcher __CxxThrowException@8 55203->55228 55206 452170 55205->55206 55208 45222f _memset 55206->55208 55209 4521be GlobalHandle GlobalUnlock 55206->55209 55210 4521a9 55206->55210 55207 452246 LeaveCriticalSection 55207->55191 55208->55207 55211 44963f ctype 79 API calls 55209->55211 55229 44963f 55210->55229 55213 4521dc GlobalReAlloc 55211->55213 55215 4521e8 55213->55215 55216 45220f GlobalLock 55215->55216 55217 452201 LeaveCriticalSection 55215->55217 55218 4521f3 GlobalHandle GlobalLock 55215->55218 55216->55208 55233 449471 KiUserExceptionDispatcher __CxxThrowException@8 55217->55233 55218->55217 55221 452001 LeaveCriticalSection 55220->55221 55222 451fda 55220->55222 55224 45200a 55221->55224 55222->55221 55223 451fdf TlsGetValue 55222->55223 55223->55221 55225 451feb 55223->55225 55224->55197 55224->55198 55225->55221 55226 451ff0 LeaveCriticalSection 55225->55226 55226->55224 55227->55198 55230 449654 ctype 55229->55230 55231 449661 GlobalAlloc 55230->55231 55234 402860 79 API calls _DebugHeapAllocator 55230->55234 55231->55215 55234->55231 55264 4415cd 55235->55264 55238 44ed63 55239 44ed93 GetWindowLongA 55238->55239 55240 44ed78 55238->55240 55242 44eda3 GetParent 55239->55242 55253 44ed8a 55239->55253 55278 44ed1e 103 API calls _Error_objects 55240->55278 55246 44ed86 55242->55246 55243 44edb4 GetParent 55243->55243 55244 44edbd 55243->55244 55247 44edc7 GetLastActivePopup 55244->55247 55248 44edd0 55244->55248 55245 44ed7d 55245->55246 55250 4415cd 109 API calls 55245->55250 55246->55239 55246->55253 55247->55248 55249 44edf7 55248->55249 55251 44eddb IsWindowEnabled 55248->55251 55249->55172 55249->55173 55250->55246 55251->55249 55252 44ede6 55251->55252 55252->55249 55254 44edea KiUserCallbackDispatcher 55252->55254 55253->55243 55253->55244 55254->55249 55256 4432ba __tzset_nolock 55255->55256 55257 44a01a ctype 109 API calls 55256->55257 55258 4432c8 55257->55258 55279 449765 55258->55279 55260 4432d3 55261 4432e1 MessageBoxA 55260->55261 55263 4432dd __tzset_nolock 55260->55263 55283 443310 55261->55283 55263->55182 55267 44e277 55264->55267 55270 44a04d 55267->55270 55271 44a01a ctype 109 API calls 55270->55271 55272 44a052 55271->55272 55275 449b0a 55272->55275 55276 45254f ctype 103 API calls 55275->55276 55277 4415d2 55276->55277 55277->55238 55278->55245 55280 449770 55279->55280 55282 449775 ctype 55279->55282 55281 4494a9 ~_Task_impl KiUserExceptionDispatcher 55280->55281 55281->55282 55282->55260 55284 443344 55283->55284 55285 443316 55283->55285 55284->55263 55286 443324 GetLastError 55285->55286 55287 44332e ctype 55285->55287 55286->55287 55287->55284 55288 44333d SetLastError 55287->55288 55288->55284 55289->55159 55291 4652d6 KiUserExceptionDispatcher 55290->55291 55292 4652ca 55290->55292 55291->55147 55292->55291 55293 44628c 55320 46778d 55293->55320 55295 446298 GetPropA 55296 446365 55295->55296 55297 4462c2 55295->55297 55300 444804 ctype 110 API calls 55296->55300 55298 446344 55297->55298 55299 4462c7 55297->55299 55304 444804 ctype 110 API calls 55298->55304 55301 4462cc 55299->55301 55302 44631d SetWindowLongA RemovePropA GlobalFindAtomA GlobalDeleteAtom 55299->55302 55303 44636d 55300->55303 55305 4462d7 55301->55305 55306 446383 CallWindowProcA 55301->55306 55302->55306 55307 444804 ctype 110 API calls 55303->55307 55308 44634a 55304->55308 55321 444804 55305->55321 55311 446312 ~_Task_impl 55306->55311 55310 446375 55307->55310 55345 446214 118 API calls ctype 55308->55345 55346 44619c 117 API calls 55310->55346 55313 44635c 55316 44637f 55313->55316 55316->55306 55316->55311 55320->55295 55347 444790 55321->55347 55323 444812 55355 452d8d 55323->55355 55325 44481e 55367 448645 55325->55367 55328 44350c 55422 443413 GetWindowRect 55328->55422 55330 44351c 55423 448273 55330->55423 55332 443524 CallWindowProcA 55333 444fbf 55332->55333 55334 444fd0 55333->55334 55337 445030 55333->55337 55335 448273 GetWindowLongA 55334->55335 55336 444fdb 55335->55336 55336->55337 55338 444fe2 GetWindowRect 55336->55338 55337->55311 55338->55337 55339 444ff9 55338->55339 55339->55337 55426 444fa4 GetWindow 55339->55426 55342 445015 55342->55337 55429 4441cd 55342->55429 55345->55313 55346->55316 55348 44479c __EH_prolog3 55347->55348 55349 44a04d ctype 109 API calls 55348->55349 55351 4447a1 ~_Task_impl 55349->55351 55350 4447e8 ~_Task_impl 55350->55323 55351->55350 55372 441404 55351->55372 55356 452d99 __EH_prolog3_catch 55355->55356 55366 452da2 ~_Task_impl 55356->55366 55405 45283c KiUserExceptionDispatcher ~_Task_impl 55356->55405 55358 452db5 55358->55366 55406 45283c KiUserExceptionDispatcher ~_Task_impl 55358->55406 55360 452dc2 ~_Task_impl 55360->55366 55407 45f410 55360->55407 55363 452dfc 55412 452a03 67 API calls 2 library calls 55363->55412 55366->55325 55368 444828 55367->55368 55369 448651 55367->55369 55368->55328 55369->55368 55370 448657 GetParent 55369->55370 55421 45283c KiUserExceptionDispatcher ~_Task_impl 55370->55421 55374 44140c 55372->55374 55375 44142e 55374->55375 55377 467690 55374->55377 55375->55350 55376 452d04 67 API calls 2 library calls 55375->55376 55376->55350 55378 467743 55377->55378 55387 4676a2 55377->55387 55403 472457 6 API calls __decode_pointer 55378->55403 55380 467749 55381 467b78 __mbsnbcpy_s_l 65 API calls 55380->55381 55394 46773b 55381->55394 55385 4676ff RtlAllocateHeap 55385->55387 55387->55385 55388 4676b3 55387->55388 55389 46772f 55387->55389 55392 467734 55387->55392 55387->55394 55398 467641 66 API calls 4 library calls 55387->55398 55399 472457 6 API calls __decode_pointer 55387->55399 55388->55387 55395 471c10 66 API calls 2 library calls 55388->55395 55396 471a65 66 API calls 7 library calls 55388->55396 55397 4684af GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 55388->55397 55400 467b78 55389->55400 55393 467b78 __mbsnbcpy_s_l 65 API calls 55392->55393 55393->55394 55394->55374 55395->55388 55396->55388 55398->55387 55399->55387 55404 46a323 66 API calls 5 library calls 55400->55404 55402 467b7d 55402->55392 55403->55380 55404->55402 55405->55358 55406->55360 55408 452df1 55407->55408 55409 45f41b 55407->55409 55408->55363 55411 449471 KiUserExceptionDispatcher __CxxThrowException@8 55408->55411 55413 45d789 55409->55413 55412->55366 55414 45d795 55413->55414 55415 45d7b6 55413->55415 55414->55415 55416 45d79b 55414->55416 55417 4494a9 ~_Task_impl KiUserExceptionDispatcher 55415->55417 55418 441404 _Allocate 66 API calls 55416->55418 55419 45d7bb 55417->55419 55420 45d7a8 55418->55420 55420->55408 55421->55368 55422->55330 55424 448285 55423->55424 55425 448279 GetWindowLongA 55423->55425 55425->55332 55427 444804 ctype 110 API calls 55426->55427 55428 444fbb 55427->55428 55428->55342 55459 4483c8 IsWindowEnabled 55428->55459 55430 448273 GetWindowLongA 55429->55430 55431 4441e1 55430->55431 55432 4441eb 55431->55432 55434 444204 GetWindow 55431->55434 55435 4441f9 GetParent 55431->55435 55433 44422b GetWindowRect 55432->55433 55437 4442d3 GetParent GetClientRect GetClientRect MapWindowPoints 55433->55437 55438 444248 55433->55438 55436 44420f 55434->55436 55435->55436 55436->55433 55439 444215 SendMessageA 55436->55439 55448 444300 55437->55448 55440 44425c 55438->55440 55441 44424c GetWindowLongA 55438->55441 55439->55433 55444 444229 55439->55444 55442 444270 55440->55442 55443 4442aa GetWindowRect 55440->55443 55441->55440 55445 4415cd 109 API calls 55442->55445 55466 442063 21 API calls 55443->55466 55444->55433 55447 444275 55445->55447 55464 442063 21 API calls 55447->55464 55460 448607 55448->55460 55449 4442bd 55467 4420d0 79 API calls __mbsnbcpy_s_l 55449->55467 55452 4442c3 CopyRect 55452->55448 55455 444288 55465 4420d0 79 API calls __mbsnbcpy_s_l 55455->55465 55456 444387 55456->55337 55458 44428e CopyRect CopyRect 55458->55448 55459->55342 55461 448612 SetWindowPos 55460->55461 55462 448639 55460->55462 55461->55456 55464->55455 55465->55458 55466->55449 55467->55452 55468 445128 55469 44513b 55468->55469 55474 445136 55468->55474 55476 444830 55469->55476 55472 445160 DefWindowProcA 55472->55474 55473 44514e 55479 445035 55473->55479 55477 444790 ~_Task_impl 109 API calls 55476->55477 55478 44483c 55477->55478 55478->55472 55478->55473 55480 445041 __EH_prolog3_catch 55479->55480 55481 45254f ctype 103 API calls 55480->55481 55482 445050 55481->55482 55483 445067 55482->55483 55484 4494a9 ~_Task_impl KiUserExceptionDispatcher 55482->55484 55485 4450be 55483->55485 55486 44350c 2 API calls 55483->55486 55484->55483 55492 45d276 55485->55492 55506 4429fe 55485->55506 55486->55485 55487 4450cf 55488 4450e7 ~_Task_impl 55487->55488 55489 444fbf 148 API calls 55487->55489 55488->55474 55489->55488 55493 45d350 55492->55493 55496 45d28e 55492->55496 55494 4429fe 157 API calls 55493->55494 55495 45d2c5 55494->55495 55495->55487 55496->55493 55496->55495 55497 45d2d7 55496->55497 55498 45d2e9 55496->55498 55497->55498 55499 45d2db 55497->55499 55513 445b16 111 API calls ctype 55498->55513 55512 4267a0 SendMessageA 55499->55512 55502 45d2f3 55514 4267a0 SendMessageA 55502->55514 55503 45d2e7 55503->55495 55505 45d2fa 55505->55493 55505->55495 55515 4467e3 55506->55515 55589 44475e 55506->55589 55507 442a22 55508 442a39 55507->55508 55596 4428a6 55507->55596 55508->55487 55512->55503 55513->55502 55514->55505 55516 4467ef __EH_prolog3 55515->55516 55518 44680b 55516->55518 55519 446874 55516->55519 55520 446864 55516->55520 55517 446857 55649 443492 LeaveCriticalSection KiUserExceptionDispatcher ctype 55517->55649 55518->55517 55538 446821 55518->55538 55523 446879 55519->55523 55530 44688d 55519->55530 55521 444804 ctype 110 API calls 55520->55521 55524 44686a 55521->55524 55645 446214 118 API calls ctype 55523->55645 55644 44619c 117 API calls 55524->55644 55525 4469ff ~_Task_impl 55525->55507 55528 446889 55528->55530 55528->55538 55530->55538 55601 44345e 55530->55601 55531 446d9d 55531->55507 55534 44692b 55534->55517 55535 4469e4 55534->55535 55534->55538 55540 446a45 55534->55540 55541 446bc1 55534->55541 55542 446c03 55534->55542 55543 446b55 55534->55543 55544 446b91 55534->55544 55545 446c11 55534->55545 55546 446b13 55534->55546 55547 446a19 55534->55547 55548 446a61 55534->55548 55549 446bac 55534->55549 55550 446bb7 55534->55550 55551 446a39 55534->55551 55552 446b3a 55534->55552 55553 446b49 55534->55553 55562 446bd6 55534->55562 55563 446a6f 55534->55563 55564 446be3 55534->55564 55567 446c25 55534->55567 55568 446d69 55534->55568 55580 446adc 55534->55580 55647 443492 LeaveCriticalSection KiUserExceptionDispatcher ctype 55534->55647 55648 443492 LeaveCriticalSection KiUserExceptionDispatcher ctype 55535->55648 55666 443492 LeaveCriticalSection KiUserExceptionDispatcher ctype 55538->55666 55558 444804 ctype 110 API calls 55540->55558 55560 450d2a 109 API calls 55541->55560 55565 444804 ctype 110 API calls 55542->55565 55610 44c87c 55543->55610 55624 41f3f0 55543->55624 55555 444804 ctype 110 API calls 55544->55555 55566 444804 ctype 110 API calls 55545->55566 55569 444804 ctype 110 API calls 55546->55569 55650 450815 109 API calls ctype 55547->55650 55561 444804 ctype 110 API calls 55548->55561 55664 450815 109 API calls ctype 55549->55664 55559 450d2a 109 API calls 55550->55559 55556 444804 ctype 110 API calls 55551->55556 55661 450d2a 55552->55661 55607 44c8a4 55553->55607 55572 446b99 55555->55572 55556->55538 55558->55538 55559->55553 55560->55538 55561->55538 55573 444804 ctype 110 API calls 55562->55573 55651 4434c7 55563->55651 55574 444804 ctype 110 API calls 55564->55574 55565->55538 55566->55538 55567->55538 55575 444804 ctype 110 API calls 55567->55575 55665 443492 LeaveCriticalSection KiUserExceptionDispatcher ctype 55568->55665 55569->55538 55576 444804 ctype 110 API calls 55572->55576 55573->55553 55574->55538 55575->55538 55576->55538 55579 444830 109 API calls 55581 446a9b 55579->55581 55656 450892 55580->55656 55583 446ab1 55581->55583 55654 45283c KiUserExceptionDispatcher ~_Task_impl 55581->55654 55655 445175 110 API calls 3 library calls 55583->55655 55590 45254f ctype 103 API calls 55589->55590 55591 444772 55590->55591 55592 44477b 55591->55592 55593 4494a9 ~_Task_impl KiUserExceptionDispatcher 55591->55593 55595 4428a6 2 API calls 55592->55595 55593->55592 55594 44478e 55594->55507 55595->55594 55597 4428b5 55596->55597 55598 4428d7 CallWindowProcA 55596->55598 55597->55598 55600 4428c3 DefWindowProcA 55597->55600 55599 4428ea 55598->55599 55599->55508 55600->55599 55602 443470 55601->55602 55603 443488 55602->55603 55605 4494a9 ~_Task_impl KiUserExceptionDispatcher 55602->55605 55667 45271f 55603->55667 55605->55602 55606 44348e 55606->55534 55646 443492 LeaveCriticalSection KiUserExceptionDispatcher ctype 55606->55646 55678 45c68f DefWindowProcA 55607->55678 55611 45c85d __EH_prolog3 55610->55611 55685 45093a 55611->55685 55613 45c874 GetClientRect GetWindowRect 55692 4505c9 ScreenToClient ScreenToClient 55613->55692 55618 45c8e5 55700 4501d0 55618->55700 55621 45c913 55705 45098e 111 API calls 3 library calls 55621->55705 55623 45c91f ~_Task_impl 55623->55538 55718 426800 IsIconic 55624->55718 55626 41f42c 55627 41f501 55626->55627 55628 41f434 55626->55628 55719 4414be 55627->55719 55729 4509c9 110 API calls 2 library calls 55628->55729 55631 41f446 55730 4267a0 SendMessageA 55631->55730 55633 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 55634 41f521 55633->55634 55634->55538 55636 41f468 GetSystemMetrics GetSystemMetrics 55637 41f48c std::_String_base::_Xlen 55636->55637 55731 408d10 GetClientRect 55637->55731 55639 41f49b 55732 4266e0 DrawIcon 55639->55732 55641 41f4ed 55733 450a1d 111 API calls 3 library calls 55641->55733 55643 41f4ff 55643->55633 55644->55519 55645->55528 55646->55534 55647->55534 55648->55517 55649->55525 55737 447d57 55651->55737 55654->55583 55655->55580 55657 45089e 55656->55657 55658 4508aa 55656->55658 55740 45085f 55657->55740 55658->55538 55660 4508a3 DeleteDC 55660->55658 55745 450cb6 109 API calls 4 library calls 55661->55745 55663 450d36 55665->55538 55666->55531 55668 452734 55667->55668 55669 45272f 55667->55669 55671 452742 55668->55671 55677 4526b6 InitializeCriticalSection 55668->55677 55670 4494a9 ~_Task_impl KiUserExceptionDispatcher 55669->55670 55670->55668 55673 452754 EnterCriticalSection 55671->55673 55674 45277e EnterCriticalSection 55671->55674 55675 452760 InitializeCriticalSection 55673->55675 55676 452773 LeaveCriticalSection 55673->55676 55674->55606 55675->55676 55676->55674 55677->55671 55679 45c6b6 GetWindowRect 55678->55679 55680 44c8c4 55678->55680 55681 45c6e3 55679->55681 55682 45c73f 55679->55682 55680->55538 55681->55682 55683 45c6ef SetRect InvalidateRect SetRect InvalidateRect 55681->55683 55682->55680 55684 45c74f SetRect InvalidateRect SetRect InvalidateRect 55682->55684 55683->55682 55684->55680 55686 450946 __EH_prolog3 55685->55686 55687 450969 GetWindowDC 55686->55687 55706 450829 55687->55706 55690 450984 ~_Task_impl 55690->55613 55715 44828d 55692->55715 55694 4505f4 OffsetRect 55695 450189 55694->55695 55696 4501b4 55695->55696 55697 4501a6 ExcludeClipRect 55695->55697 55698 4501c9 OffsetRect 55696->55698 55699 4501bb ExcludeClipRect 55696->55699 55697->55696 55698->55618 55699->55698 55701 4501ed IntersectClipRect 55700->55701 55702 4501fb 55700->55702 55701->55702 55703 450210 SendMessageA 55702->55703 55704 450202 IntersectClipRect 55702->55704 55703->55621 55704->55703 55705->55623 55707 450838 55706->55707 55708 45084d 55706->55708 55713 4507a1 109 API calls 4 library calls 55707->55713 55708->55690 55712 450253 KiUserExceptionDispatcher __CxxThrowException@8 55708->55712 55710 450842 55714 4434ae 67 API calls ctype 55710->55714 55713->55710 55714->55708 55716 448293 GetWindowLongA 55715->55716 55717 44829f 55715->55717 55716->55694 55718->55626 55720 4414ca __EH_prolog3_GS 55719->55720 55734 4509c9 110 API calls 2 library calls 55720->55734 55722 4414ef 55735 450a1d 111 API calls 3 library calls 55722->55735 55723 4414d5 55723->55722 55724 44475e 105 API calls 55723->55724 55724->55722 55726 4414fb 55736 467846 5 API calls __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 55726->55736 55729->55631 55730->55636 55731->55639 55732->55641 55733->55643 55734->55723 55735->55726 55738 44a01a ctype 109 API calls 55737->55738 55739 4434d1 55738->55739 55739->55579 55741 450873 ctype 55740->55741 55742 45086c 55740->55742 55741->55660 55744 4507a1 109 API calls 4 library calls 55742->55744 55744->55741 55745->55663 55746 4450e9 55749 44e2b3 55746->55749 55750 44a04d ctype 109 API calls 55749->55750 55751 44e2bd 55750->55751 55752 47cf6a 55757 477d43 55752->55757 55758 44a01a ctype 109 API calls 55757->55758 55759 477d4d 55758->55759 55760 477d5e 55759->55760 55765 46da82 110 API calls 10 library calls 55759->55765 55762 464cc8 55760->55762 55766 464c8c 55762->55766 55764 464cd5 55765->55760 55767 464c98 __tzset_nolock 55766->55767 55774 4684c7 55767->55774 55773 464cb9 __tzset_nolock 55773->55764 55800 46f85d 55774->55800 55776 464c9d 55777 464ba1 55776->55777 55809 46a113 TlsGetValue 55777->55809 55780 46a113 __decode_pointer 6 API calls 55781 464bc5 55780->55781 55793 464c48 55781->55793 55819 468a63 67 API calls 5 library calls 55781->55819 55783 464c2f 55785 46a098 __encode_pointer 6 API calls 55783->55785 55784 464be3 55784->55783 55787 464bfe 55784->55787 55788 464c0d 55784->55788 55786 464c3d 55785->55786 55790 46a098 __encode_pointer 6 API calls 55786->55790 55820 46f611 73 API calls _realloc 55787->55820 55789 464c07 55788->55789 55788->55793 55789->55788 55795 464c23 55789->55795 55821 46f611 73 API calls _realloc 55789->55821 55790->55793 55797 464cc2 55793->55797 55794 464c1d 55794->55793 55794->55795 55822 46a098 TlsGetValue 55795->55822 55834 4684d0 55797->55834 55801 46f885 EnterCriticalSection 55800->55801 55802 46f872 55800->55802 55801->55776 55807 46f79a 66 API calls 8 library calls 55802->55807 55804 46f878 55804->55801 55808 46845b 66 API calls 3 library calls 55804->55808 55806 46f884 55806->55801 55807->55804 55808->55806 55810 46a14c GetModuleHandleW 55809->55810 55811 46a12b 55809->55811 55813 46a167 GetProcAddress 55810->55813 55814 46a15c 55810->55814 55811->55810 55812 46a135 TlsGetValue 55811->55812 55817 46a140 55812->55817 55816 464bb5 55813->55816 55832 46842b Sleep GetModuleHandleW 55814->55832 55816->55780 55817->55810 55817->55816 55818 46a162 55818->55813 55818->55816 55819->55784 55820->55789 55821->55794 55823 46a0b0 55822->55823 55824 46a0d1 GetModuleHandleW 55822->55824 55823->55824 55825 46a0ba TlsGetValue 55823->55825 55826 46a0e1 55824->55826 55827 46a0ec GetProcAddress 55824->55827 55830 46a0c5 55825->55830 55833 46842b Sleep GetModuleHandleW 55826->55833 55829 46a0c9 55827->55829 55829->55783 55830->55824 55830->55829 55831 46a0e7 55831->55827 55831->55829 55832->55818 55833->55831 55837 46f783 LeaveCriticalSection 55834->55837 55836 464cc7 55836->55773 55837->55836 55838 4463d9 55839 4463e8 __EH_prolog3_GS 55838->55839 55840 45254f ctype 103 API calls 55839->55840 55841 446403 55840->55841 55842 446419 55841->55842 55843 4494a9 ~_Task_impl KiUserExceptionDispatcher 55841->55843 55844 446432 55842->55844 55845 44641f CallNextHookEx 55842->55845 55843->55842 55847 44a01a ctype 109 API calls 55844->55847 55846 446622 55845->55846 55883 467846 5 API calls __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 55846->55883 55849 44643c 55847->55849 55851 4465f2 CallNextHookEx 55849->55851 55852 4464a9 55849->55852 55853 446468 GetClassLongA 55849->55853 55851->55846 55855 446615 UnhookWindowsHookEx 55851->55855 55852->55851 55856 4464b7 55852->55856 55865 44651d _memset 55852->55865 55853->55851 55854 44647c 55853->55854 55857 446486 GlobalGetAtomNameA 55854->55857 55858 44649e 55854->55858 55855->55846 55879 44a066 109 API calls ctype 55856->55879 55857->55858 55878 44343e CompareStringA 55858->55878 55859 446561 GetClassLongA 55863 4465a6 GetWindowLongA 55859->55863 55876 4464f4 ctype 55859->55876 55862 4464c2 55880 444851 110 API calls 2 library calls 55862->55880 55863->55851 55864 4465b6 GetPropA 55863->55864 55864->55851 55867 4465c9 SetPropA GetPropA 55864->55867 55865->55859 55881 44316b 112 API calls 2 library calls 55865->55881 55867->55851 55870 4465dd GlobalAddAtomA SetWindowLongA 55867->55870 55869 4464ce SetWindowLongA 55869->55876 55870->55851 55871 446553 55871->55859 55872 446578 GetClassNameA 55871->55872 55872->55863 55873 44658f 55872->55873 55882 4643f4 76 API calls __mbscmp_l 55873->55882 55876->55851 55877 4465a0 55877->55851 55877->55863 55878->55852 55879->55862 55880->55869 55881->55871 55882->55877 55884 44efa9 55885 44ee15 124 API calls 55884->55885 55886 44efbd 55885->55886 55887 463248 55888 463257 55887->55888 55889 463268 55887->55889 55893 441449 55888->55893 55891 463266 55889->55891 55892 463279 SendMessageA 55889->55892 55892->55891 55894 441457 55893->55894 55899 44147a 55893->55899 55895 444830 109 API calls 55894->55895 55896 44145f 55895->55896 55901 451871 55896->55901 55899->55891 55902 44146a 55901->55902 55903 45187c 55901->55903 55902->55899 55905 41ef90 55902->55905 55904 451853 KiUserExceptionDispatcher 55903->55904 55904->55902 55960 44bed2 55905->55960 55911 402990 SafeRWList 79 API calls 55913 41efea 55911->55913 55912 41f065 55987 426840 SendMessageA 55912->55987 56161 414090 116 API calls 55913->56161 55916 41f07f 55988 4271a0 55916->55988 55918 41effe 55921 41f039 codecvt 55918->55921 56162 426710 AppendMenuA 55918->56162 55986 426840 SendMessageA 55921->55986 55924 41f021 _DebugHeapAllocator 56163 426710 AppendMenuA 55924->56163 55926 41f0aa 55933 41f157 std::_String_base::_Xlen _DebugHeapAllocator 55926->55933 56028 428070 55926->56028 56043 44c909 55933->56043 55936 41f1e7 56071 408d10 GetClientRect 55936->56071 55937 41f122 codecvt _DebugHeapAllocator 56037 4482ff 55937->56037 55940 41f1f6 56072 44d03f 55940->56072 55943 44d03f 82 API calls 55944 41f23d 55943->55944 56078 444bc9 55944->56078 55948 41f279 55949 44cd90 80 API calls 55948->55949 55950 41f293 55949->55950 56108 4483a1 55950->56108 55952 41f2a6 56111 4482a7 55952->56111 55956 41f30b 56117 41f580 55956->56117 55958 41f319 codecvt 55958->55899 56164 44fb3a 55960->56164 55964 44beef GetClientRect 55965 44bf01 55964->55965 55966 44bf0e 55964->55966 55967 4482ff 3 API calls 55965->55967 56190 448140 55966->56190 55967->55966 55969 44bfb5 56200 44bdba 55969->56200 55970 44bfbf 55974 44bfd3 55970->55974 55975 44bfc9 55970->55975 55972 44bf17 55982 44bf4b 55972->55982 56213 444851 110 API calls 2 library calls 55972->56213 55977 41efc9 55974->55977 56215 44af01 55974->56215 56214 44bd24 162 API calls 5 library calls 55975->56214 55976 44bf7f 55976->55969 55976->55970 55976->55977 55983 4267d0 GetSystemMenu 55977->55983 55979 44bfd1 55979->55977 55982->55976 56195 45badb 55982->56195 55984 450d2a 109 API calls 55983->55984 55985 41efd6 55984->55985 55985->55911 55985->55921 55986->55912 55987->55916 55989 402990 SafeRWList 79 API calls 55988->55989 55990 4271da 55989->55990 55991 402990 SafeRWList 79 API calls 55990->55991 55992 4271ec 55991->55992 55993 402990 SafeRWList 79 API calls 55992->55993 55994 4271fb 55993->55994 55995 402990 SafeRWList 79 API calls 55994->55995 55996 42720a 55995->55996 55997 402990 SafeRWList 79 API calls 55996->55997 55998 427219 55997->55998 55999 402990 SafeRWList 79 API calls 55998->55999 56000 427228 55999->56000 56001 402990 SafeRWList 79 API calls 56000->56001 56002 427237 56001->56002 56003 402990 SafeRWList 79 API calls 56002->56003 56004 427246 56003->56004 56005 402990 SafeRWList 79 API calls 56004->56005 56006 427255 56005->56006 56007 402990 SafeRWList 79 API calls 56006->56007 56008 427264 56007->56008 56009 402990 SafeRWList 79 API calls 56008->56009 56010 427273 56009->56010 56011 402990 SafeRWList 79 API calls 56010->56011 56012 427282 56011->56012 56405 4282f0 56012->56405 56015 402990 56016 40299c SafeRWList 56015->56016 56440 402a50 56016->56440 56018 4029a5 56019 427400 56018->56019 56020 402990 SafeRWList 79 API calls 56019->56020 56021 427430 56020->56021 56445 402a10 56021->56445 56025 42745e _DebugHeapAllocator 56452 4274a0 56025->56452 56027 42746f codecvt 56027->55926 56617 4029b0 56028->56617 56031 428170 56032 4029b0 _DebugHeapAllocator 80 API calls 56031->56032 56033 41f0f5 56032->56033 56034 403170 56033->56034 56624 4031a0 56034->56624 56038 448310 IsWindow 56037->56038 56039 44830b 56037->56039 56038->56039 56040 448322 SetWindowTextA 56038->56040 56039->56040 56041 4494a9 ~_Task_impl KiUserExceptionDispatcher 56039->56041 56040->55933 56041->56038 56044 448273 GetWindowLongA 56043->56044 56045 44c938 56044->56045 56677 447624 56045->56677 56050 44d15b 56051 44d167 __EH_prolog3 56050->56051 56792 44ccd6 56051->56792 56054 44d230 56802 44ce85 82 API calls 3 library calls 56054->56802 56055 44d190 SendMessageA 56057 4508ab 110 API calls 56055->56057 56056 44d23b ~_Task_impl 56056->55936 56059 44d1a8 56057->56059 56069 44d1bb 56059->56069 56798 44c8ed SelectObject 56059->56798 56061 44d20c 56062 44d221 56061->56062 56801 44c8ed SelectObject 56061->56801 56064 4508ff ctype 111 API calls 56062->56064 56067 44d22d 56064->56067 56065 44d246 GetSystemMetrics 56065->56069 56067->56054 56069->56061 56069->56065 56070 44cd90 80 API calls 56069->56070 56799 414090 116 API calls 56069->56799 56800 44cc5a GetTextExtentPoint32A 56069->56800 56070->56069 56071->55940 56073 44d06f 56072->56073 56074 44d066 56072->56074 56076 41f21e 56073->56076 56827 44ce85 82 API calls 3 library calls 56073->56827 56074->56073 56075 44cd90 80 API calls 56074->56075 56075->56073 56076->55943 56079 444bf7 GetClientRect 56078->56079 56080 444bee 56078->56080 56079->56080 56081 444c14 BeginDeferWindowPos 56080->56081 56082 444c21 56080->56082 56083 444c25 GetTopWindow 56081->56083 56082->56083 56092 444c41 56083->56092 56084 444c32 GetDlgCtrlID 56088 444830 109 API calls 56084->56088 56085 444c79 56086 444c7f 56085->56086 56087 444ca9 56085->56087 56089 444c84 CopyRect 56086->56089 56090 41f25f 56086->56090 56091 444d00 56087->56091 56095 444804 ctype 110 API calls 56087->56095 56088->56092 56089->56090 56099 44cd90 56090->56099 56091->56090 56093 444d05 KiUserCallbackDispatcher 56091->56093 56092->56084 56092->56085 56094 444c6a GetWindow 56092->56094 56096 444c59 SendMessageA 56092->56096 56093->56090 56094->56092 56097 444cbb 56095->56097 56096->56094 56097->56091 56828 442aa5 7 API calls 56097->56828 56101 44cd9c __EH_prolog3_catch 56099->56101 56100 44cdb3 56102 44cdee 56100->56102 56103 44cdda 56100->56103 56107 44cde2 ~_Task_impl 56100->56107 56101->56100 56829 404100 79 API calls _DebugHeapAllocator 56101->56829 56106 402c00 _DebugHeapAllocator 79 API calls 56102->56106 56830 4029f0 80 API calls _DebugHeapAllocator 56103->56830 56106->56107 56107->55948 56109 4483bc 56108->56109 56110 4483ac ShowWindow 56108->56110 56110->55952 56112 4482c7 56111->56112 56113 4482b2 56111->56113 56831 442836 56113->56831 56116 426820 IsWindowVisible 56116->55956 56838 4266c0 CreateSolidBrush 56117->56838 56120 4266c0 110 API calls 56121 41f5ce 56120->56121 56841 402910 56121->56841 56123 44ef76 124 API calls 56124 41f60d 56123->56124 56844 43e9c0 56124->56844 56126 41f633 56127 413fc0 116 API calls 56126->56127 56128 41f660 56127->56128 56847 43f0a0 56128->56847 56130 41f66b 56131 413fc0 116 API calls 56130->56131 56132 41f67b 56131->56132 56867 43f250 56132->56867 56134 41f686 56135 41f6ac 56134->56135 56136 413fc0 116 API calls 56134->56136 56137 41f6d4 56135->56137 56139 41f710 56135->56139 56140 41f6f2 56135->56140 56141 41f706 56135->56141 56142 41f6e8 56135->56142 56143 41f71a 56135->56143 56144 41f6fc 56135->56144 56145 41f6de 56135->56145 56138 41f6a1 56136->56138 56873 421290 56137->56873 56882 43f750 RegOpenKeyExA RegQueryValueExA RegCloseKey codecvt _DebugHeapAllocator 56138->56882 56888 4210b0 205 API calls 56139->56888 56885 4211a0 205 API calls 56140->56885 56887 421100 205 API calls 56141->56887 56884 4211f0 205 API calls 56142->56884 56889 421060 205 API calls 56143->56889 56886 421150 205 API calls 56144->56886 56883 421240 205 API calls 56145->56883 56153 41f6dc 56890 4057b0 SetTimer 56153->56890 56157 41f736 56891 43ea00 79 API calls codecvt 56157->56891 56159 41f74c 56159->55958 56161->55918 56162->55924 56163->55921 56165 44fb47 56164->56165 56166 44fb61 56164->56166 56229 45202b 7 API calls 3 library calls 56165->56229 56168 44a01a ctype 109 API calls 56166->56168 56170 44bee7 56168->56170 56169 44fb56 56169->56166 56171 4494a9 ~_Task_impl KiUserExceptionDispatcher 56169->56171 56172 4418dc 56170->56172 56171->56166 56173 4418f0 56172->56173 56174 4418e8 56172->56174 56231 44793b 211 API calls ctype 56173->56231 56230 4474b5 207 API calls ctype 56174->56230 56177 4418ee 56178 4418fe 56177->56178 56233 444142 103 API calls 3 library calls 56177->56233 56232 441554 EndDialog 56178->56232 56181 441905 56181->55964 56182 441910 56182->56178 56183 441916 56182->56183 56184 448140 111 API calls 56183->56184 56185 441920 56184->56185 56186 44193a 56185->56186 56234 441884 109 API calls ctype 56185->56234 56186->55964 56188 44192b 56189 4483a1 ShowWindow 56188->56189 56189->56186 56191 448161 56190->56191 56192 44814b GetDlgItem 56190->56192 56193 444804 ctype 110 API calls 56192->56193 56194 44815d 56193->56194 56194->55972 56235 450c69 CopyRect 56195->56235 56197 45baf1 56236 45b3ce 56197->56236 56201 44bdc6 __EH_prolog3 56200->56201 56202 44a01a ctype 109 API calls 56201->56202 56203 44bdce 56202->56203 56204 402990 SafeRWList 79 API calls 56203->56204 56205 44bdd9 56204->56205 56206 441404 _Allocate 66 API calls 56205->56206 56207 44bdf0 GetModuleFileNameA 56206->56207 56208 44be01 56207->56208 56212 44be28 ctype ~_Task_impl 56207->56212 56209 403170 104 API calls 56208->56209 56210 44be15 56209->56210 56211 44af01 137 API calls 56210->56211 56211->56212 56212->55977 56213->55982 56214->55979 56216 44af0d __EH_prolog3 56215->56216 56380 425f10 56216->56380 56218 44af56 56386 45433c 56218->56386 56219 44af1a 56219->56218 56220 44af47 56219->56220 56221 44af3e lstrlenA 56219->56221 56398 454223 87 API calls ~_Task_impl 56220->56398 56221->56220 56224 44af69 56225 45433c 119 API calls 56224->56225 56226 44af7c 56225->56226 56227 44af8f 6 API calls 56226->56227 56228 44afcf ~_Task_impl 56227->56228 56228->55977 56229->56169 56230->56177 56231->56177 56232->56181 56233->56182 56234->56188 56235->56197 56237 45b3de 56236->56237 56241 45b411 56236->56241 56242 45af96 56237->56242 56239 45b3e7 56239->56241 56250 45b1a5 56239->56250 56241->55976 56244 45afa2 __EH_prolog3_catch 56242->56244 56243 45b055 ~_Task_impl 56243->56239 56247 44a01a ctype 109 API calls 56244->56247 56248 45afc9 56244->56248 56245 45b024 GetParent 56246 444804 ctype 110 API calls 56245->56246 56246->56248 56247->56248 56248->56243 56248->56245 56249 45b041 GetWindowLongA 56248->56249 56249->56243 56249->56248 56255 45b06a 56250->56255 56252 45b21a 56253 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 56252->56253 56254 45b227 56253->56254 56254->56241 56256 45b076 __EH_prolog3_catch 56255->56256 56257 45b0bf 56256->56257 56258 44a01a ctype 109 API calls 56256->56258 56263 45b0ff 56257->56263 56269 45b0f0 ~_Task_impl 56257->56269 56271 454ad2 56257->56271 56259 45b0a7 56258->56259 56260 45b0ba 56259->56260 56261 4494a9 ~_Task_impl KiUserExceptionDispatcher 56259->56261 56262 44a01a ctype 109 API calls 56260->56262 56261->56260 56262->56257 56264 441404 _Allocate 66 API calls 56263->56264 56263->56269 56265 45b14b 56264->56265 56277 453451 67 API calls 56265->56277 56267 45b167 56267->56269 56278 452a03 67 API calls 2 library calls 56267->56278 56269->56252 56272 454b15 56271->56272 56279 4561e2 56272->56279 56273 454b3d 56274 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 56273->56274 56275 454b4a 56274->56275 56275->56263 56277->56267 56278->56269 56280 4561ee __EH_prolog3 56279->56280 56307 449a4e 56280->56307 56284 456214 56285 456232 56284->56285 56286 456218 ~_Task_impl 56284->56286 56330 4566db 56284->56330 56285->56286 56287 4494a9 ~_Task_impl KiUserExceptionDispatcher 56285->56287 56288 45627f 56285->56288 56286->56273 56287->56285 56293 4562d5 56288->56293 56364 4508ab 56288->56364 56290 45628f 56371 45e935 9 API calls 56290->56371 56292 4562ad 56372 4508ff 56292->56372 56348 4560d7 56293->56348 56296 456372 56297 4563a5 OffsetRect 56296->56297 56298 456399 56296->56298 56302 45640c ctype 56296->56302 56300 4563c3 56297->56300 56360 4569ed 56298->56360 56299 4563a3 56299->56302 56378 454f1b KiUserExceptionDispatcher _memset ~_Task_impl 56299->56378 56300->56302 56303 4563dc OffsetRect 56300->56303 56302->56286 56379 4550cd 110 API calls ~_Task_impl 56302->56379 56303->56299 56308 45254f ctype 103 API calls 56307->56308 56309 449a5d 56308->56309 56309->56284 56310 460559 56309->56310 56311 460565 __EH_prolog3 56310->56311 56312 449a4e _Error_objects 103 API calls 56311->56312 56313 46056a 56312->56313 56314 44a01a ctype 109 API calls 56313->56314 56315 460571 56314->56315 56316 460581 OleInitialize 56315->56316 56322 460578 ~_Task_impl 56315->56322 56317 460596 56316->56317 56318 46058c 56316->56318 56320 44e277 ctype 109 API calls 56317->56320 56319 4604aa 114 API calls 56318->56319 56319->56322 56321 4605a5 56320->56321 56321->56322 56323 441404 _Allocate 66 API calls 56321->56323 56322->56284 56324 4605ba 56323->56324 56325 4605cc 56324->56325 56326 462f76 109 API calls 56324->56326 56327 44e277 ctype 109 API calls 56325->56327 56326->56325 56328 4605dc 56327->56328 56329 462b8c CoRegisterMessageFilter 56328->56329 56329->56322 56331 4566e7 __EH_prolog3 56330->56331 56332 454b9d CoGetClassObject CoGetClassObject 56331->56332 56334 45670c 56331->56334 56332->56334 56333 456846 56336 456862 CreateILockBytesOnHGlobal 56333->56336 56339 4568ba 56333->56339 56346 4567a1 ~_Task_impl 56333->56346 56334->56333 56335 4567f0 56334->56335 56334->56346 56338 453c6f 80 API calls 56335->56338 56335->56346 56337 45687d StgCreateDocfileOnILockBytes 56336->56337 56336->56346 56337->56346 56338->56346 56340 456908 56339->56340 56341 4568d8 GlobalAlloc 56339->56341 56339->56346 56343 45691a CreateILockBytesOnHGlobal 56340->56343 56340->56346 56341->56340 56342 4568e7 GlobalLock 56341->56342 56342->56340 56344 4568f2 GlobalUnlock 56342->56344 56345 456930 StgOpenStorageOnILockBytes 56343->56345 56343->56346 56344->56340 56345->56346 56346->56285 56349 4560e3 __EH_prolog3 56348->56349 56350 4508ab 110 API calls 56349->56350 56351 456101 56350->56351 56352 45e8a5 9 API calls 56351->56352 56353 456111 56352->56353 56354 456124 56353->56354 56355 4494a9 ~_Task_impl KiUserExceptionDispatcher 56353->56355 56358 45e935 9 API calls 56354->56358 56359 456155 56354->56359 56355->56354 56356 4508ff ctype 111 API calls 56357 45617c ~_Task_impl 56356->56357 56357->56296 56358->56359 56359->56356 56361 4569f8 56360->56361 56362 4494a9 ~_Task_impl KiUserExceptionDispatcher 56361->56362 56363 456a0b 56361->56363 56362->56363 56363->56299 56365 4508b7 __EH_prolog3 56364->56365 56366 4508da GetDC 56365->56366 56367 450829 109 API calls 56366->56367 56368 4508ec 56367->56368 56369 450253 KiUserExceptionDispatcher 56368->56369 56370 4508f5 ~_Task_impl 56368->56370 56369->56370 56370->56290 56371->56292 56373 45090b __EH_prolog3 56372->56373 56374 45085f ctype 109 API calls 56373->56374 56375 45091f ReleaseDC 56374->56375 56376 450892 ctype 110 API calls 56375->56376 56377 450934 ~_Task_impl 56376->56377 56377->56293 56378->56302 56379->56286 56381 425f49 56380->56381 56382 425f1d 56380->56382 56381->56219 56399 425f60 70 API calls List 56382->56399 56384 425f28 56384->56381 56400 402860 79 API calls _DebugHeapAllocator 56384->56400 56387 45434b __EH_prolog3 56386->56387 56388 4543a5 ~_Task_impl 56387->56388 56389 454366 lstrlenA SysAllocStringByteLen 56387->56389 56390 454380 56387->56390 56388->56224 56389->56388 56391 45437b 56389->56391 56402 4542f5 116 API calls 3 library calls 56390->56402 56401 449471 KiUserExceptionDispatcher __CxxThrowException@8 56391->56401 56394 45438b 56403 454295 SysAllocStringLen 56394->56403 56396 454397 56404 4542ab 79 API calls ctype 56396->56404 56398->56218 56399->56384 56400->56381 56402->56394 56403->56396 56404->56388 56406 428307 _memset 56405->56406 56431 402c00 56406->56431 56408 428315 56409 402c00 _DebugHeapAllocator 79 API calls 56408->56409 56410 428320 56409->56410 56411 402c00 _DebugHeapAllocator 79 API calls 56410->56411 56412 42832b 56411->56412 56413 402c00 _DebugHeapAllocator 79 API calls 56412->56413 56414 428336 56413->56414 56415 402c00 _DebugHeapAllocator 79 API calls 56414->56415 56416 428341 56415->56416 56417 402c00 _DebugHeapAllocator 79 API calls 56416->56417 56418 42834c 56417->56418 56419 402c00 _DebugHeapAllocator 79 API calls 56418->56419 56420 428357 56419->56420 56421 402c00 _DebugHeapAllocator 79 API calls 56420->56421 56422 428362 56421->56422 56423 402c00 _DebugHeapAllocator 79 API calls 56422->56423 56424 42836d 56423->56424 56425 402c00 _DebugHeapAllocator 79 API calls 56424->56425 56426 428378 56425->56426 56427 402c00 _DebugHeapAllocator 79 API calls 56426->56427 56428 428383 56427->56428 56429 402c00 _DebugHeapAllocator 79 API calls 56428->56429 56430 41f08a 56429->56430 56430->56015 56432 402c11 _DebugHeapAllocator 56431->56432 56434 402c25 _DebugHeapAllocator ctype 56432->56434 56435 402c90 56432->56435 56434->56408 56436 402c9d _DebugHeapAllocator 56435->56436 56438 402cb7 _DebugHeapAllocator 56436->56438 56439 402860 79 API calls _DebugHeapAllocator 56436->56439 56438->56434 56439->56438 56441 402a59 56440->56441 56443 402a79 _DebugHeapAllocator 56441->56443 56444 402860 79 API calls _DebugHeapAllocator 56441->56444 56443->56018 56444->56441 56566 402ba0 56445->56566 56448 428820 56450 42882f _DebugHeapAllocator 56448->56450 56449 402c90 _DebugHeapAllocator 79 API calls 56451 42885e 56449->56451 56450->56449 56451->56025 56453 4274e8 GetFileVersionInfoSizeA 56452->56453 56454 427505 56453->56454 56565 4274fe codecvt ctype 56453->56565 56455 427527 GetFileVersionInfoA 56454->56455 56454->56565 56456 427547 56455->56456 56457 42755c VerQueryValueA 56455->56457 56458 4652a1 __CxxThrowException@8 KiUserExceptionDispatcher 56456->56458 56459 427596 VerQueryValueA GetUserDefaultLangID 56457->56459 56460 427576 56457->56460 56458->56457 56461 4275d6 56459->56461 56460->56459 56571 463a70 __VEC_memcpy 56460->56571 56464 42760c 56461->56464 56465 4275e9 GetUserDefaultLangID 56461->56465 56463 427593 56463->56459 56466 402990 SafeRWList 79 API calls 56464->56466 56465->56464 56467 42767f 56466->56467 56468 403170 104 API calls 56467->56468 56469 4276a7 56468->56469 56572 4283d0 80 API calls 2 library calls 56469->56572 56471 4276bc _DebugHeapAllocator 56472 4276d8 VerQueryValueA 56471->56472 56473 4276ed codecvt 56472->56473 56474 42772a codecvt 56473->56474 56573 413fc0 56473->56573 56584 4283d0 80 API calls 2 library calls 56474->56584 56478 427748 _DebugHeapAllocator 56480 427764 VerQueryValueA 56478->56480 56481 427779 codecvt 56480->56481 56482 4277b6 codecvt 56481->56482 56484 413fc0 116 API calls 56481->56484 56585 4283d0 80 API calls 2 library calls 56482->56585 56485 42778b 56484->56485 56487 404240 _DebugHeapAllocator 80 API calls 56485->56487 56486 4277d4 _DebugHeapAllocator 56488 4277f0 VerQueryValueA 56486->56488 56487->56482 56489 427805 codecvt 56488->56489 56490 427842 codecvt 56489->56490 56492 413fc0 116 API calls 56489->56492 56586 4283d0 80 API calls 2 library calls 56490->56586 56494 427817 56492->56494 56493 427860 _DebugHeapAllocator 56496 42787c VerQueryValueA 56493->56496 56495 404240 _DebugHeapAllocator 80 API calls 56494->56495 56495->56490 56497 427891 codecvt 56496->56497 56498 4278ce codecvt 56497->56498 56499 413fc0 116 API calls 56497->56499 56587 4283d0 80 API calls 2 library calls 56498->56587 56502 4278a3 56499->56502 56501 4278ec _DebugHeapAllocator 56504 427908 VerQueryValueA 56501->56504 56503 404240 _DebugHeapAllocator 80 API calls 56502->56503 56503->56498 56505 42791d codecvt 56504->56505 56506 42795a codecvt 56505->56506 56507 413fc0 116 API calls 56505->56507 56588 4283d0 80 API calls 2 library calls 56506->56588 56509 42792f 56507->56509 56511 404240 _DebugHeapAllocator 80 API calls 56509->56511 56510 427978 _DebugHeapAllocator 56512 427994 VerQueryValueA 56510->56512 56511->56506 56513 4279a9 codecvt 56512->56513 56514 413fc0 116 API calls 56513->56514 56520 4279e6 codecvt 56513->56520 56516 4279bb 56514->56516 56518 404240 _DebugHeapAllocator 80 API calls 56516->56518 56517 427a07 _DebugHeapAllocator 56519 427a23 VerQueryValueA 56517->56519 56518->56520 56521 427a3b codecvt 56519->56521 56589 4283d0 80 API calls 2 library calls 56520->56589 56522 427a7b codecvt 56521->56522 56523 413fc0 116 API calls 56521->56523 56590 4283d0 80 API calls 2 library calls 56522->56590 56525 427a50 56523->56525 56527 404240 _DebugHeapAllocator 80 API calls 56525->56527 56526 427a9f _DebugHeapAllocator 56528 427abb VerQueryValueA 56526->56528 56527->56522 56529 427ad6 codecvt 56528->56529 56530 427b19 codecvt 56529->56530 56532 413fc0 116 API calls 56529->56532 56591 4283d0 80 API calls 2 library calls 56530->56591 56534 427aee 56532->56534 56533 427b3d _DebugHeapAllocator 56536 427b59 VerQueryValueA 56533->56536 56535 404240 _DebugHeapAllocator 80 API calls 56534->56535 56535->56530 56537 427b74 codecvt 56536->56537 56538 427bb7 codecvt 56537->56538 56540 413fc0 116 API calls 56537->56540 56592 4283d0 80 API calls 2 library calls 56538->56592 56542 427b8c 56540->56542 56541 427bdb _DebugHeapAllocator 56544 427bf7 VerQueryValueA 56541->56544 56543 404240 _DebugHeapAllocator 80 API calls 56542->56543 56543->56538 56545 427c12 codecvt 56544->56545 56546 427c55 codecvt 56545->56546 56547 413fc0 116 API calls 56545->56547 56593 4283d0 80 API calls 2 library calls 56546->56593 56549 427c2a 56547->56549 56551 404240 _DebugHeapAllocator 80 API calls 56549->56551 56550 427c79 _DebugHeapAllocator 56552 427c95 VerQueryValueA 56550->56552 56551->56546 56553 427cb0 codecvt 56552->56553 56554 427cf3 codecvt 56553->56554 56555 413fc0 116 API calls 56553->56555 56594 4283d0 80 API calls 2 library calls 56554->56594 56557 427cc8 56555->56557 56559 404240 _DebugHeapAllocator 80 API calls 56557->56559 56558 427d17 _DebugHeapAllocator 56560 427d33 VerQueryValueA 56558->56560 56559->56554 56561 427d4e codecvt 56560->56561 56562 413fc0 116 API calls 56561->56562 56561->56565 56563 427d66 56562->56563 56564 404240 _DebugHeapAllocator 80 API calls 56563->56564 56564->56565 56565->56027 56567 402bb1 _DebugHeapAllocator 56566->56567 56568 402a23 GetModuleFileNameA 56567->56568 56570 402e20 80 API calls _DebugHeapAllocator 56567->56570 56568->56448 56570->56568 56571->56463 56572->56471 56574 413feb SafeRWList 56573->56574 56575 402a50 _DebugHeapAllocator 79 API calls 56574->56575 56576 413ff4 56575->56576 56595 414040 56576->56595 56579 41401a 56581 404240 56579->56581 56601 404260 56581->56601 56583 404253 56583->56474 56584->56478 56585->56486 56586->56493 56587->56501 56588->56510 56589->56517 56590->56526 56591->56533 56592->56541 56593->56550 56594->56558 56596 414053 56595->56596 56597 414007 56595->56597 56596->56597 56600 414090 116 API calls 56596->56600 56597->56579 56599 4029f0 80 API calls _DebugHeapAllocator 56597->56599 56599->56579 56600->56597 56602 404271 _DebugHeapAllocator 56601->56602 56603 4042be 56602->56603 56605 4042bc _DebugHeapAllocator ctype 56602->56605 56606 4042a2 _DebugHeapAllocator 56602->56606 56609 402ee0 56603->56609 56605->56583 56608 402d30 80 API calls 2 library calls 56606->56608 56608->56605 56610 402f00 _DebugHeapAllocator 56609->56610 56612 402f1c _DebugHeapAllocator 56610->56612 56613 402f4f _DebugHeapAllocator 56610->56613 56615 403030 79 API calls _DebugHeapAllocator 56610->56615 56612->56605 56616 402fd0 67 API calls _memcpy_s 56613->56616 56615->56613 56616->56612 56620 402aa0 56617->56620 56619 4029c3 56619->56031 56621 402ab1 _DebugHeapAllocator 56620->56621 56622 402ee0 _DebugHeapAllocator 80 API calls 56621->56622 56623 402abd _DebugHeapAllocator 56622->56623 56623->56619 56625 4031b9 56624->56625 56626 4031af 56624->56626 56636 403210 56625->56636 56645 402860 79 API calls _DebugHeapAllocator 56626->56645 56630 402a10 _DebugHeapAllocator 80 API calls 56631 4031d8 56630->56631 56639 403230 56631->56639 56646 463fb2 56636->56646 56656 464122 56639->56656 56642 402ce0 56643 402c90 _DebugHeapAllocator 79 API calls 56642->56643 56644 402cf3 56643->56644 56644->55937 56645->56625 56649 463f5b 56646->56649 56650 463f6b 56649->56650 56654 4031c6 56649->56654 56651 467b78 __mbsnbcpy_s_l 66 API calls 56650->56651 56652 463f70 56651->56652 56655 467355 6 API calls 2 library calls 56652->56655 56654->56630 56659 46409a 56656->56659 56660 4640a7 56659->56660 56661 4640c4 56659->56661 56663 467b78 __mbsnbcpy_s_l 66 API calls 56660->56663 56662 4640d1 56661->56662 56664 4640de 56661->56664 56665 467b78 __mbsnbcpy_s_l 66 API calls 56662->56665 56666 4640ac 56663->56666 56675 463fce 100 API calls 2 library calls 56664->56675 56667 4640d6 56665->56667 56674 467355 6 API calls 2 library calls 56666->56674 56676 467355 6 API calls 2 library calls 56667->56676 56670 4640f5 56672 4031f3 56670->56672 56673 467b78 __mbsnbcpy_s_l 66 API calls 56670->56673 56672->56642 56673->56667 56675->56670 56678 44a01a ctype 109 API calls 56677->56678 56680 447631 _memset 56678->56680 56679 44763e SetRectEmpty 56722 443595 56679->56722 56680->56679 56681 44a01a ctype 109 API calls 56680->56681 56682 447669 56681->56682 56683 44769a 56682->56683 56726 447428 116 API calls 4 library calls 56682->56726 56685 4476bc 56683->56685 56727 447428 116 API calls 4 library calls 56683->56727 56687 4476e3 56685->56687 56728 447428 116 API calls 4 library calls 56685->56728 56688 447709 56687->56688 56729 4475e0 118 API calls ctype 56687->56729 56691 447736 56688->56691 56730 4475e0 118 API calls ctype 56688->56730 56693 447757 56691->56693 56731 444ef6 115 API calls ctype 56691->56731 56695 447778 56693->56695 56732 444ef6 115 API calls ctype 56693->56732 56697 447795 56695->56697 56733 444ef6 115 API calls ctype 56695->56733 56699 4477ae 56697->56699 56734 444ef6 115 API calls ctype 56697->56734 56705 4477cb 56699->56705 56735 444ef6 115 API calls ctype 56699->56735 56703 4477e8 56704 447805 56703->56704 56737 444ef6 115 API calls ctype 56703->56737 56707 447822 56704->56707 56738 444ef6 115 API calls ctype 56704->56738 56705->56703 56736 444ef6 115 API calls ctype 56705->56736 56709 44783f 56707->56709 56739 444ef6 115 API calls ctype 56707->56739 56711 447858 56709->56711 56740 444ef6 115 API calls ctype 56709->56740 56713 447871 56711->56713 56741 444ef6 115 API calls ctype 56711->56741 56715 44788e 56713->56715 56742 444ef6 115 API calls ctype 56713->56742 56717 4478ab 56715->56717 56743 444ef6 115 API calls ctype 56715->56743 56719 4478c4 56717->56719 56744 444ef6 115 API calls ctype 56717->56744 56719->56679 56745 444ef6 115 API calls ctype 56719->56745 56723 4435a4 56722->56723 56746 446686 56723->56746 56726->56683 56727->56685 56728->56687 56729->56688 56730->56691 56731->56693 56732->56695 56733->56697 56734->56699 56735->56705 56736->56703 56737->56704 56738->56707 56739->56709 56740->56711 56741->56713 56742->56715 56743->56717 56744->56719 56745->56679 56747 4466aa 56746->56747 56750 446699 56746->56750 56748 44a01a ctype 109 API calls 56747->56748 56749 4466e8 56748->56749 56757 41f1cf 56749->56757 56758 44662c 56749->56758 56750->56747 56751 4494a9 ~_Task_impl KiUserExceptionDispatcher 56750->56751 56751->56747 56755 446740 56776 4448bd 56755->56776 56757->56050 56759 45254f ctype 103 API calls 56758->56759 56760 446642 56759->56760 56761 44664d 56760->56761 56762 4494a9 ~_Task_impl KiUserExceptionDispatcher 56760->56762 56763 44667d 56761->56763 56764 44665b GetCurrentThreadId SetWindowsHookExA 56761->56764 56762->56761 56767 4431ff 56763->56767 56764->56763 56765 446678 56764->56765 56785 449471 KiUserExceptionDispatcher __CxxThrowException@8 56765->56785 56768 44320b __tzset_nolock 56767->56768 56769 44a01a ctype 109 API calls 56768->56769 56770 443219 56769->56770 56771 449765 KiUserExceptionDispatcher 56770->56771 56772 443224 56771->56772 56773 443232 CreateWindowExA 56772->56773 56775 44322e __tzset_nolock 56772->56775 56786 443279 56773->56786 56775->56755 56777 45254f ctype 103 API calls 56776->56777 56778 4448cf 56777->56778 56779 4448da 56778->56779 56780 4494a9 ~_Task_impl KiUserExceptionDispatcher 56778->56780 56781 44a01a ctype 109 API calls 56779->56781 56780->56779 56782 4448df 56781->56782 56783 4448f7 56782->56783 56784 4448ec UnhookWindowsHookEx 56782->56784 56783->56757 56784->56783 56787 4432ad 56786->56787 56788 44327f 56786->56788 56787->56775 56789 44328d GetLastError 56788->56789 56790 443297 ctype 56788->56790 56789->56790 56790->56787 56791 4432a6 SetLastError 56790->56791 56791->56787 56794 44ccea ctype 56792->56794 56803 45c02c 56794->56803 56795 44cd31 56795->56054 56795->56055 56795->56056 56796 44cd0c 56796->56795 56797 402990 SafeRWList 79 API calls 56796->56797 56797->56796 56798->56069 56799->56069 56800->56069 56801->56062 56802->56056 56804 45c03f 56803->56804 56805 4494a9 ~_Task_impl KiUserExceptionDispatcher 56804->56805 56807 45c05c 56804->56807 56810 45c065 56804->56810 56805->56804 56811 464e99 66 API calls 2 library calls 56807->56811 56809 45c075 56809->56796 56810->56809 56812 464e0b 56810->56812 56811->56810 56813 464e17 __tzset_nolock 56812->56813 56814 464e56 56813->56814 56816 46f85d __lock 64 API calls 56813->56816 56817 464e90 __tzset_nolock __dosmaperr 56813->56817 56815 464e6b HeapFree 56814->56815 56814->56817 56815->56817 56818 464e7d 56815->56818 56821 464e2e ___sbh_find_block 56816->56821 56817->56809 56819 467b78 __mbsnbcpy_s_l 64 API calls 56818->56819 56820 464e82 GetLastError 56819->56820 56820->56817 56822 464e48 56821->56822 56825 46f8c0 VirtualFree VirtualFree HeapFree ___sbh_free_block 56821->56825 56826 464e61 LeaveCriticalSection _doexit 56822->56826 56825->56822 56826->56814 56827->56076 56828->56091 56829->56100 56830->56107 56834 4427e4 GetWindowLongA 56831->56834 56835 442807 SetWindowLongA 56834->56835 56836 41f2e3 SetWindowLongA 56834->56836 56835->56836 56837 44281d SetWindowPos 56835->56837 56836->56116 56837->56836 56892 450ae5 56838->56892 56900 441e13 56841->56900 56843 402928 56843->56123 56843->56124 56845 402990 SafeRWList 79 API calls 56844->56845 56846 43e9d2 56845->56846 56846->56126 56848 43f0d7 _DebugHeapAllocator 56847->56848 56849 43f104 56848->56849 56850 43f0db 56848->56850 56852 43f1a5 _DebugHeapAllocator 56849->56852 56853 43f10e _DebugHeapAllocator 56849->56853 56851 402c00 _DebugHeapAllocator 79 API calls 56850->56851 56857 43f0e6 codecvt 56851->56857 56855 43f1b8 RegOpenKeyExA 56852->56855 56854 43f12b RegCreateKeyExA 56853->56854 56856 43f15b 56854->56856 56854->56857 56855->56857 56858 43f1ee 56855->56858 56860 404240 _DebugHeapAllocator 80 API calls 56856->56860 56857->56130 56859 404240 _DebugHeapAllocator 80 API calls 56858->56859 56861 43f1fd 56859->56861 56862 43f16a 56860->56862 56863 43f210 RegCloseKey 56861->56863 56864 43f206 RegFlushKey 56861->56864 56865 43f173 RegFlushKey 56862->56865 56866 43f17d RegCloseKey 56862->56866 56863->56857 56864->56863 56865->56866 56866->56857 56957 4262e0 56867->56957 56869 43f26f RegOpenKeyExA 56870 43f295 _DebugHeapAllocator 56869->56870 56872 43f281 codecvt 56869->56872 56871 43f2a5 RegQueryValueExA RegCloseKey 56870->56871 56871->56872 56872->56134 56958 424860 56873->56958 56882->56135 56883->56153 56884->56153 56885->56153 56886->56153 56887->56153 56888->56153 56889->56153 56890->56157 56891->56159 56893 450af4 56892->56893 56894 41f5bb 56892->56894 56898 450a5d 109 API calls 4 library calls 56893->56898 56894->56120 56896 450afe 56899 4434ae 67 API calls ctype 56896->56899 56898->56896 56899->56894 56901 441e2b 56900->56901 56902 44a01a ctype 109 API calls 56901->56902 56903 441e3c FindResourceA LoadResource 56902->56903 56906 441dd4 LockResource 56903->56906 56909 441da7 56906->56909 56910 441db6 56909->56910 56911 441dbb 56909->56911 56912 4415cd 109 API calls 56910->56912 56915 441a25 56911->56915 56912->56911 56914 441dcf FreeResource 56914->56843 56916 441a31 __EH_prolog3_catch 56915->56916 56917 441a42 56916->56917 56918 44a01a ctype 109 API calls 56916->56918 56919 44a01a ctype 109 API calls 56917->56919 56918->56917 56920 441a4d 56919->56920 56921 447624 124 API calls 56920->56921 56922 441a60 56921->56922 56923 447624 124 API calls 56922->56923 56924 441a6a 56923->56924 56925 402990 SafeRWList 79 API calls 56924->56925 56927 441a80 ~_Task_impl 56924->56927 56926 441aa8 56925->56926 56947 451f25 56926->56947 56927->56914 56929 441b0c 56932 44662c 105 API calls 56929->56932 56934 441b1a CreateDialogIndirectParamA 56932->56934 56933 441ad6 56954 451e45 78 API calls __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 56933->56954 56939 441b46 ctype 56934->56939 56936 441ae5 56955 451b44 GlobalFree 56936->56955 56941 4448bd 110 API calls 56939->56941 56940 441afc 56940->56929 56942 441b01 GlobalLock 56940->56942 56943 441b94 56941->56943 56942->56929 56944 441bb5 56943->56944 56946 441bac DestroyWindow 56943->56946 56944->56927 56945 441bba GlobalUnlock GlobalFree 56944->56945 56945->56927 56946->56944 56949 451f34 56947->56949 56948 441abd 56948->56929 56953 451ee9 71 API calls _DebugHeapAllocator 56948->56953 56949->56948 56956 445b2d 80 API calls _DebugHeapAllocator 56949->56956 56951 451f6e WideCharToMultiByte 56952 428820 79 API calls 56951->56952 56952->56948 56953->56933 56954->56936 56955->56940 56956->56951 56957->56869 56962 424876 56958->56962 56959 424932 57029 426740 GetMenuItemInfoA 56959->57029 56962->56959 57031 426740 GetMenuItemInfoA 56962->57031 57032 426770 SetMenuItemInfoA 56962->57032 56963 424945 57030 426770 SetMenuItemInfoA 56963->57030 56966 4212a4 56967 41f780 56966->56967 56968 402990 SafeRWList 79 API calls 56967->56968 56969 41f7b9 56968->56969 57033 440a30 56969->57033 56972 43e9c0 79 API calls 56973 41f7e0 56972->56973 56974 413fc0 116 API calls 56973->56974 56975 41f806 56974->56975 56976 43f0a0 86 API calls 56975->56976 56977 41f814 56976->56977 56978 413fc0 116 API calls 56977->56978 56979 41f82e 56978->56979 56980 43f250 3 API calls 56979->56980 56981 41f83c 56980->56981 56982 41f870 56981->56982 56983 413fc0 116 API calls 56981->56983 56985 402990 SafeRWList 79 API calls 56982->56985 56984 41f862 56983->56984 57050 43f750 RegOpenKeyExA RegQueryValueExA RegCloseKey codecvt _DebugHeapAllocator 56984->57050 56987 41f893 56985->56987 56988 448140 111 API calls 56987->56988 56989 41f8a7 56988->56989 57036 426920 56989->57036 57029->56963 57030->56966 57031->56962 57032->56962 57034 41f7d8 57033->57034 57035 440a3f CloseHandle 57033->57035 57034->56972 57035->57034 57058 427150 57036->57058 57050->56982 57062 462fe7 57058->57062 57066 462ffa 57062->57066 57063 4494a9 ~_Task_impl KiUserExceptionDispatcher 57063->57066 57066->57063 57073 4674e8 57074 4674f9 57073->57074 57110 46f6b1 HeapCreate 57074->57110 57077 467538 57112 46a553 GetModuleHandleW 57077->57112 57081 467549 __RTC_Initialize 57146 472112 57081->57146 57084 467557 57085 467563 GetCommandLineA 57084->57085 57243 46845b 66 API calls 3 library calls 57084->57243 57161 471fdb 57085->57161 57088 467562 57088->57085 57092 467588 57201 471ca8 57092->57201 57096 467599 57216 46851a 57096->57216 57099 4675a0 57103 4675ab 57099->57103 57246 46845b 66 API calls 3 library calls 57099->57246 57222 471c49 57103->57222 57106 4675da 57248 4686f7 66 API calls _doexit 57106->57248 57109 4675df __tzset_nolock 57111 46752c 57110->57111 57111->57077 57241 467490 66 API calls 3 library calls 57111->57241 57113 46a567 57112->57113 57114 46a56e 57112->57114 57249 46842b Sleep GetModuleHandleW 57113->57249 57116 46a6d6 57114->57116 57117 46a578 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 57114->57117 57259 46a1ff 69 API calls 2 library calls 57116->57259 57119 46a5c1 TlsAlloc 57117->57119 57118 46a56d 57118->57114 57122 46753e 57119->57122 57123 46a60f TlsSetValue 57119->57123 57122->57081 57242 467490 66 API calls 3 library calls 57122->57242 57123->57122 57124 46a620 57123->57124 57250 468715 6 API calls 4 library calls 57124->57250 57126 46a625 57127 46a098 __encode_pointer 6 API calls 57126->57127 57128 46a630 57127->57128 57129 46a098 __encode_pointer 6 API calls 57128->57129 57130 46a640 57129->57130 57131 46a098 __encode_pointer 6 API calls 57130->57131 57132 46a650 57131->57132 57133 46a098 __encode_pointer 6 API calls 57132->57133 57134 46a660 57133->57134 57251 46f6e1 InitializeCriticalSectionAndSpinCount __mtinitlocknum 57134->57251 57136 46a66d 57136->57116 57137 46a113 __decode_pointer 6 API calls 57136->57137 57138 46a681 57137->57138 57138->57116 57252 46f5c5 57138->57252 57141 46a113 __decode_pointer 6 API calls 57142 46a6b4 57141->57142 57142->57116 57143 46a6bb 57142->57143 57258 46a23c 66 API calls 5 library calls 57143->57258 57145 46a6c3 GetCurrentThreadId 57145->57122 57277 46791c 57146->57277 57148 47211e GetStartupInfoA 57149 46f5c5 __calloc_crt 66 API calls 57148->57149 57157 47213f 57149->57157 57150 47235d __tzset_nolock 57150->57084 57151 4722da GetStdHandle 57156 4722a4 57151->57156 57152 46f5c5 __calloc_crt 66 API calls 57152->57157 57153 47233f SetHandleCount 57153->57150 57154 4722ec GetFileType 57154->57156 57155 472227 57155->57150 57155->57156 57158 472250 GetFileType 57155->57158 57278 472c42 InitializeCriticalSectionAndSpinCount __tzset_nolock 57155->57278 57156->57150 57156->57151 57156->57153 57156->57154 57279 472c42 InitializeCriticalSectionAndSpinCount __tzset_nolock 57156->57279 57157->57150 57157->57152 57157->57155 57157->57156 57158->57155 57162 472018 57161->57162 57163 471ff9 GetEnvironmentStringsW 57161->57163 57164 472001 57162->57164 57166 4720b1 57162->57166 57163->57164 57165 47200d GetLastError 57163->57165 57168 472034 GetEnvironmentStringsW 57164->57168 57169 472043 WideCharToMultiByte 57164->57169 57165->57162 57167 4720ba GetEnvironmentStrings 57166->57167 57170 467573 57166->57170 57167->57170 57171 4720ca 57167->57171 57168->57169 57168->57170 57174 472077 57169->57174 57175 4720a6 FreeEnvironmentStringsW 57169->57175 57188 471f20 57170->57188 57281 46f580 66 API calls _malloc 57171->57281 57280 46f580 66 API calls _malloc 57174->57280 57175->57170 57178 4720e4 57180 4720f7 57178->57180 57181 4720eb FreeEnvironmentStringsA 57178->57181 57179 47207d 57179->57175 57182 472085 WideCharToMultiByte 57179->57182 57282 463a70 __VEC_memcpy 57180->57282 57181->57170 57184 472097 57182->57184 57185 47209f 57182->57185 57187 464e0b ___free_lc_time 66 API calls 57184->57187 57185->57175 57186 472101 FreeEnvironmentStringsA 57186->57170 57187->57185 57189 471f35 57188->57189 57190 471f3a GetModuleFileNameA 57188->57190 57289 46dc1c 110 API calls __setmbcp 57189->57289 57192 471f61 57190->57192 57283 471d86 57192->57283 57195 46757d 57195->57092 57244 46845b 66 API calls 3 library calls 57195->57244 57196 471f9d 57290 46f580 66 API calls _malloc 57196->57290 57198 471fa3 57198->57195 57199 471d86 _parse_cmdline 76 API calls 57198->57199 57200 471fbd 57199->57200 57200->57195 57202 471cb1 57201->57202 57204 471cb6 _strlen 57201->57204 57292 46dc1c 110 API calls __setmbcp 57202->57292 57205 46f5c5 __calloc_crt 66 API calls 57204->57205 57208 46758e 57204->57208 57210 471ceb _strlen 57205->57210 57206 471d49 57207 464e0b ___free_lc_time 66 API calls 57206->57207 57207->57208 57208->57096 57245 46845b 66 API calls 3 library calls 57208->57245 57209 46f5c5 __calloc_crt 66 API calls 57209->57210 57210->57206 57210->57208 57210->57209 57211 471d6f 57210->57211 57214 471d30 57210->57214 57293 468763 66 API calls __mbsnbcpy_s_l 57210->57293 57212 464e0b ___free_lc_time 66 API calls 57211->57212 57212->57208 57214->57210 57294 46722d 10 API calls 3 library calls 57214->57294 57217 468528 __IsNonwritableInCurrentImage 57216->57217 57295 46b658 57217->57295 57219 468546 __initterm_e 57220 464cc8 __cinit 74 API calls 57219->57220 57221 468565 __IsNonwritableInCurrentImage __initterm 57219->57221 57220->57221 57221->57099 57223 471c57 57222->57223 57225 471c5c 57222->57225 57299 46dc1c 110 API calls __setmbcp 57223->57299 57226 4675b1 57225->57226 57300 4690ec 76 API calls x_ismbbtype_l 57225->57300 57228 477d38 57226->57228 57229 477d79 57228->57229 57230 44e277 ctype 109 API calls 57229->57230 57231 477d89 57230->57231 57232 44a01a ctype 109 API calls 57231->57232 57233 477d90 57232->57233 57301 45f014 SetErrorMode SetErrorMode 57233->57301 57237 4675cc 57237->57106 57247 4686cb 66 API calls _doexit 57237->57247 57238 477dc1 57338 4546ad 119 API calls 2 library calls 57238->57338 57241->57077 57242->57081 57243->57088 57244->57092 57245->57096 57246->57103 57247->57106 57248->57109 57249->57118 57250->57126 57251->57136 57254 46f5ce 57252->57254 57255 46a69a 57254->57255 57256 46f5ec Sleep 57254->57256 57260 470354 57254->57260 57255->57116 57255->57141 57257 46f601 57256->57257 57257->57254 57257->57255 57258->57145 57259->57122 57261 470360 __tzset_nolock 57260->57261 57262 470378 57261->57262 57272 470397 _memset 57261->57272 57263 467b78 __mbsnbcpy_s_l 65 API calls 57262->57263 57264 47037d 57263->57264 57273 467355 6 API calls 2 library calls 57264->57273 57265 47038d __tzset_nolock 57265->57254 57267 470409 HeapAlloc 57267->57272 57269 46f85d __lock 65 API calls 57269->57272 57272->57265 57272->57267 57272->57269 57274 47006f 5 API calls 2 library calls 57272->57274 57275 470450 LeaveCriticalSection _doexit 57272->57275 57276 472457 6 API calls __decode_pointer 57272->57276 57274->57272 57275->57272 57276->57272 57277->57148 57278->57155 57279->57156 57280->57179 57281->57178 57282->57186 57285 471da5 57283->57285 57287 471e12 57285->57287 57291 4690ec 76 API calls x_ismbbtype_l 57285->57291 57286 471f10 57286->57195 57286->57196 57287->57286 57288 4690ec 76 API calls _parse_cmdline 57287->57288 57288->57287 57289->57190 57290->57198 57291->57285 57292->57204 57293->57210 57294->57214 57296 46b65e 57295->57296 57297 46a098 __encode_pointer 6 API calls 57296->57297 57298 46b676 57296->57298 57297->57296 57298->57219 57299->57225 57300->57225 57302 44a01a ctype 109 API calls 57301->57302 57303 45f031 57302->57303 57339 449798 57303->57339 57306 44a01a ctype 109 API calls 57308 45f046 57306->57308 57307 45f063 57310 44a01a ctype 109 API calls 57307->57310 57308->57307 57347 45ee8e 57308->57347 57311 45f068 57310->57311 57312 45f074 GetModuleHandleA 57311->57312 57371 44e87a 57311->57371 57314 45f094 57312->57314 57315 45f083 GetProcAddress 57312->57315 57314->57238 57316 41e500 #17 57314->57316 57331 44d9a9 57314->57331 57315->57314 57317 44d9a9 158 API calls 57316->57317 57318 41e542 57317->57318 57319 44fb3a 109 API calls 57318->57319 57320 41e549 57319->57320 57428 44f013 57320->57428 57326 41e58a 57493 41e620 113 API calls 2 library calls 57326->57493 57328 41e5a9 57329 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 57328->57329 57330 41e5c4 57329->57330 57330->57238 57332 44d9b3 57331->57332 57656 44dd3d GetModuleFileNameA 57332->57656 57334 44d9d8 57334->57238 57336 44d9ca InterlockedExchange 57336->57334 57338->57237 57377 44969c 57339->57377 57342 4497de 57343 4497e5 SetLastError 57342->57343 57344 4497f2 57342->57344 57343->57344 57345 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 57344->57345 57346 449892 57345->57346 57346->57306 57348 44a01a ctype 109 API calls 57347->57348 57349 45eead GetModuleFileNameA 57348->57349 57350 45eed5 57349->57350 57351 45eede PathFindExtensionA 57350->57351 57403 45026f KiUserExceptionDispatcher __CxxThrowException@8 57350->57403 57353 45eef5 57351->57353 57354 45eefa 57351->57354 57404 45026f KiUserExceptionDispatcher __CxxThrowException@8 57353->57404 57383 45ee4e 57354->57383 57358 45ef20 57368 45ef32 57358->57368 57406 46883f 57358->57406 57362 45f005 57363 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 57362->57363 57366 45f012 57363->57366 57366->57307 57368->57362 57370 46883f 66 API calls __strdup 57368->57370 57391 44d27d 57368->57391 57416 449471 KiUserExceptionDispatcher __CxxThrowException@8 57368->57416 57417 44d880 67 API calls 2 library calls 57368->57417 57418 4687cb 66 API calls __mbsnbcpy_s_l 57368->57418 57419 408c40 KiUserExceptionDispatcher _DebugHeapAllocator ~_Task_impl 57368->57419 57370->57368 57372 44a01a ctype 109 API calls 57371->57372 57373 44e87f 57372->57373 57374 44e8a7 57373->57374 57375 449a4e _Error_objects 103 API calls 57373->57375 57374->57312 57376 44e88b GetCurrentThreadId SetWindowsHookExA 57375->57376 57376->57374 57378 4496a5 GetModuleHandleA 57377->57378 57379 449709 GetModuleFileNameW 57377->57379 57380 4496be GetProcAddress GetProcAddress GetProcAddress GetProcAddress 57378->57380 57381 4496b9 57378->57381 57379->57342 57379->57344 57380->57379 57382 4494a9 ~_Task_impl KiUserExceptionDispatcher 57381->57382 57382->57380 57384 45ee5e PathFindFileNameA 57383->57384 57385 45ee59 57383->57385 57387 45ee77 57384->57387 57388 45ee6d lstrlenA 57384->57388 57386 4494a9 ~_Task_impl KiUserExceptionDispatcher 57385->57386 57386->57384 57420 4480c1 77 API calls 2 library calls 57387->57420 57390 45ee85 57388->57390 57390->57358 57405 45026f KiUserExceptionDispatcher __CxxThrowException@8 57390->57405 57392 44d2d1 57391->57392 57393 44d28e 57391->57393 57394 4494a9 ~_Task_impl KiUserExceptionDispatcher 57392->57394 57393->57392 57395 44d295 57393->57395 57396 44d2d6 57394->57396 57397 44a01a ctype 109 API calls 57395->57397 57398 44d29a 57397->57398 57421 414160 FindResourceA 57398->57421 57401 44d2b7 WideCharToMultiByte 57402 44d2ac 57401->57402 57402->57368 57403->57351 57404->57354 57405->57358 57407 468850 _strlen 57406->57407 57408 46884c 57406->57408 57409 467690 _malloc 66 API calls 57407->57409 57408->57368 57410 468863 57409->57410 57410->57408 57426 468763 66 API calls __mbsnbcpy_s_l 57410->57426 57412 468875 57412->57408 57413 46887c 57412->57413 57427 46722d 10 API calls 3 library calls 57413->57427 57415 468886 57415->57408 57417->57368 57418->57368 57419->57368 57420->57390 57422 414186 57421->57422 57423 41418a 57421->57423 57422->57401 57422->57402 57425 4141b0 LoadResource LockResource SizeofResource 57423->57425 57425->57422 57426->57412 57427->57415 57429 464e0b ___free_lc_time 66 API calls 57428->57429 57430 44f023 57429->57430 57431 46883f __strdup 66 API calls 57430->57431 57432 44f02b 57431->57432 57433 464e0b ___free_lc_time 66 API calls 57432->57433 57434 44f036 57433->57434 57435 46883f __strdup 66 API calls 57434->57435 57436 41e55c 57435->57436 57437 41ee30 57436->57437 57494 44b909 57437->57494 57439 41ee69 57504 441220 57439->57504 57441 41eea5 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 57507 44c723 57441->57507 57447 41e569 57448 441bdb 57447->57448 57449 441be7 __EH_prolog3_catch 57448->57449 57450 44a01a ctype 109 API calls 57449->57450 57451 441bfd 57450->57451 57452 441c26 57451->57452 57453 44a01a ctype 109 API calls 57451->57453 57454 441c37 57452->57454 57455 441c2b LockResource 57452->57455 57456 441c0c FindResourceA LoadResource 57453->57456 57460 441c3c ~_Task_impl 57454->57460 57525 441751 57454->57525 57455->57454 57456->57452 57459 4448bd 110 API calls 57461 441c53 57459->57461 57460->57326 57462 441c61 GetDesktopWindow 57461->57462 57489 441cbb 57461->57489 57464 441c6c IsWindowEnabled 57462->57464 57462->57489 57463 44662c 105 API calls 57465 441ccc 57463->57465 57466 441c79 EnableWindow 57464->57466 57464->57489 57467 444804 ctype 110 API calls 57465->57467 57468 4415cd 109 API calls 57466->57468 57469 441cd4 57467->57469 57472 441c90 57468->57472 57470 441a25 148 API calls 57469->57470 57471 441ce0 57470->57471 57474 441d20 57471->57474 57476 448273 GetWindowLongA 57471->57476 57488 441d08 57471->57488 57472->57489 57554 4483c8 IsWindowEnabled 57472->57554 57475 441d59 57474->57475 57556 4483e3 EnableWindow 57474->57556 57480 441d5e EnableWindow 57475->57480 57481 441d69 57475->57481 57482 441cf6 57476->57482 57477 441cae 57477->57489 57555 4483e3 EnableWindow 57477->57555 57478 448607 SetWindowPos 57478->57474 57480->57481 57483 441d82 57481->57483 57484 441d6e GetActiveWindow 57481->57484 57534 44438d 57482->57534 57557 44178d 112 API calls ctype 57483->57557 57484->57483 57487 441d79 SetActiveWindow 57484->57487 57487->57483 57488->57474 57488->57478 57489->57463 57491 441d90 57491->57460 57492 441d95 FreeResource 57491->57492 57492->57460 57493->57328 57495 44b915 __EH_prolog3 57494->57495 57516 441517 57495->57516 57497 44b925 57498 402990 SafeRWList 79 API calls 57497->57498 57499 44b946 57498->57499 57500 402990 SafeRWList 79 API calls 57499->57500 57501 44b95d 57500->57501 57502 4434c7 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 109 API calls 57501->57502 57503 44b96c ~_Task_impl 57502->57503 57503->57439 57505 441517 109 API calls 57504->57505 57506 441238 57505->57506 57506->57441 57519 45bf49 57507->57519 57510 426660 57511 44a01a ctype 109 API calls 57510->57511 57512 41ef24 57511->57512 57513 426890 57512->57513 57522 4268b0 57513->57522 57517 4434c7 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 109 API calls 57516->57517 57518 441525 _memset 57517->57518 57518->57497 57520 4434c7 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 109 API calls 57519->57520 57521 41eedb 57520->57521 57521->57510 57523 44a01a ctype 109 API calls 57522->57523 57524 4268a1 LoadIconA 57523->57524 57524->57447 57526 44a01a ctype 109 API calls 57525->57526 57527 44175c 57526->57527 57528 44176c 57527->57528 57558 44ee03 109 API calls 57527->57558 57530 44ed63 115 API calls 57528->57530 57531 441780 57530->57531 57532 44662c 105 API calls 57531->57532 57533 441788 57532->57533 57533->57459 57535 4443b0 GetParent 57534->57535 57536 4443ab 57534->57536 57559 44e280 57535->57559 57537 448273 GetWindowLongA 57536->57537 57537->57535 57540 4443dd PeekMessageA 57542 4443d2 57540->57542 57542->57540 57543 4483a1 ShowWindow 57542->57543 57544 4444b8 57542->57544 57546 44442c SendMessageA 57542->57546 57548 444414 SendMessageA 57542->57548 57549 4483a1 ShowWindow 57542->57549 57550 4444be 57542->57550 57553 4444a5 PeekMessageA 57542->57553 57562 44e6cc 57542->57562 57572 44e5cf 57542->57572 57545 4443fc UpdateWindow 57543->57545 57577 44d6cf 110 API calls ctype 57544->57577 57545->57542 57546->57542 57548->57542 57551 444478 UpdateWindow 57549->57551 57550->57488 57551->57542 57553->57542 57554->57477 57555->57489 57556->57475 57557->57491 57558->57528 57560 449a4e _Error_objects 103 API calls 57559->57560 57561 44e285 57560->57561 57561->57542 57563 44a04d ctype 109 API calls 57562->57563 57564 44e686 57563->57564 57565 449a4e _Error_objects 103 API calls 57564->57565 57566 44e68f KiUserCallbackDispatcher 57565->57566 57567 44e6a4 57566->57567 57568 44e6c6 57566->57568 57567->57568 57578 44e53d 57567->57578 57568->57542 57570 44e6b3 57570->57568 57571 44e6b8 TranslateMessage DispatchMessageA 57570->57571 57571->57568 57573 44a04d ctype 109 API calls 57572->57573 57574 44e55e 57573->57574 57575 449a4e _Error_objects 103 API calls 57574->57575 57576 44e578 57574->57576 57575->57576 57576->57542 57579 44a04d ctype 109 API calls 57578->57579 57580 44e547 57579->57580 57581 44e54e 57580->57581 57582 44e4ca 57580->57582 57601 44e659 57581->57601 57584 44a04d ctype 109 API calls 57582->57584 57586 44e4d5 57584->57586 57585 4415cd 109 API calls 57587 44e4fb 57585->57587 57586->57585 57593 44e4f0 57586->57593 57595 444d15 57587->57595 57590 444804 ctype 110 API calls 57591 44e51f 57590->57591 57604 445e62 114 API calls ctype 57591->57604 57593->57570 57596 444d23 57595->57596 57597 444d4e 57596->57597 57598 444830 109 API calls 57596->57598 57599 444d41 GetParent 57596->57599 57605 441606 57596->57605 57597->57590 57597->57593 57598->57596 57599->57596 57644 44e4ca 57601->57644 57604->57593 57620 4428f3 57605->57620 57608 44161c 57608->57596 57610 441698 57630 442f12 57610->57630 57611 441628 57611->57608 57611->57610 57612 44164c GetWindowLongA 57611->57612 57612->57610 57614 44165a 57612->57614 57634 451a69 7 API calls __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 57614->57634 57616 441666 57616->57610 57617 44166a GetDlgItem 57616->57617 57618 441684 SendMessageA 57617->57618 57619 441679 IsWindowEnabled 57617->57619 57618->57608 57619->57610 57619->57618 57621 44a01a ctype 109 API calls 57620->57621 57622 441618 57621->57622 57622->57608 57623 4452df 57622->57623 57624 4452ee 57623->57624 57625 4452e8 57623->57625 57624->57611 57625->57624 57628 445305 57625->57628 57635 4452a0 111 API calls ctype 57625->57635 57627 44531c 57627->57611 57628->57627 57636 4452a0 111 API calls ctype 57628->57636 57631 442f24 57630->57631 57633 442f3f 57631->57633 57637 44823c 57631->57637 57633->57608 57634->57616 57635->57628 57636->57628 57638 448262 IsDialogMessageA 57637->57638 57639 44824d 57637->57639 57640 448260 57638->57640 57641 44a01a ctype 109 API calls 57639->57641 57640->57633 57642 448252 57641->57642 57643 45def7 165 API calls 57642->57643 57643->57640 57645 44a04d ctype 109 API calls 57644->57645 57647 44e4d5 57645->57647 57646 4415cd 109 API calls 57648 44e4fb 57646->57648 57647->57646 57654 44e4f0 57647->57654 57649 444d15 174 API calls 57648->57649 57650 44e50b 57649->57650 57651 444804 ctype 110 API calls 57650->57651 57650->57654 57652 44e51f 57651->57652 57655 445e62 114 API calls ctype 57652->57655 57654->57570 57655->57654 57657 44dd6f 57656->57657 57662 44dd9f 57656->57662 57658 44dd73 PathFindExtensionA 57657->57658 57657->57662 57664 44dace 57658->57664 57659 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 57661 44d9bd 57659->57661 57661->57334 57663 44d89e 109 API calls ctype 57661->57663 57662->57659 57663->57336 57686 4677c3 57664->57686 57666 44dadd GetModuleHandleA GetProcAddress 57667 44db26 ConvertDefaultLocale ConvertDefaultLocale GetProcAddress 57666->57667 57668 44dbcb GetModuleHandleA 57666->57668 57670 44dc3b GetModuleFileNameA 57667->57670 57673 44db8d ConvertDefaultLocale ConvertDefaultLocale 57667->57673 57669 44dbd6 EnumResourceLanguagesA 57668->57669 57668->57670 57669->57670 57672 44dbfc ConvertDefaultLocale ConvertDefaultLocale 57669->57672 57675 44dc7e _memset 57670->57675 57685 44dc76 57670->57685 57672->57670 57673->57670 57687 44d3ec 57675->57687 57681 44dd21 57725 44d984 DeactivateActCtx ReleaseActCtx 57681->57725 57684 44dce2 57684->57681 57698 44d8b2 57684->57698 57724 467846 5 API calls __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 57685->57724 57686->57666 57688 44d49e 57687->57688 57689 44d40e GetModuleHandleA 57687->57689 57694 44d4a3 57688->57694 57690 44d426 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 57689->57690 57693 44d421 57689->57693 57690->57693 57691 4494a9 ~_Task_impl KiUserExceptionDispatcher 57691->57690 57692 44d494 57692->57688 57693->57691 57693->57692 57695 44d4b4 57694->57695 57696 44d4b8 57694->57696 57695->57684 57696->57695 57697 44d4c7 CreateActCtxA 57696->57697 57697->57695 57699 44d8f4 GetLocaleInfoA 57698->57699 57700 44d8dc 57698->57700 57702 44d974 57699->57702 57703 44d8ef 57699->57703 57729 468763 66 API calls __mbsnbcpy_s_l 57700->57729 57706 4637e0 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 57702->57706 57705 467b78 __mbsnbcpy_s_l 66 API calls 57703->57705 57704 44d8e9 57730 408c40 KiUserExceptionDispatcher _DebugHeapAllocator ~_Task_impl 57704->57730 57708 44d90c 57705->57708 57709 44d982 57706->57709 57710 467b78 __mbsnbcpy_s_l 66 API calls 57708->57710 57709->57684 57711 44d913 57710->57711 57726 4644a6 57711->57726 57714 467b78 __mbsnbcpy_s_l 66 API calls 57715 44d940 57714->57715 57716 44d954 57715->57716 57717 44d945 57715->57717 57719 467b78 __mbsnbcpy_s_l 66 API calls 57716->57719 57718 467b78 __mbsnbcpy_s_l 66 API calls 57717->57718 57720 44d94a 57718->57720 57721 44d951 57719->57721 57731 441e87 79 API calls _DebugHeapAllocator 57720->57731 57721->57702 57723 44d965 LoadLibraryA 57721->57723 57723->57702 57725->57685 57732 46413f 57726->57732 57729->57704 57730->57703 57731->57721 57733 46416d 57732->57733 57734 46414d 57732->57734 57737 46417b 57733->57737 57739 4641a2 57733->57739 57735 467b78 __mbsnbcpy_s_l 66 API calls 57734->57735 57736 464152 57735->57736 57762 467355 6 API calls 2 library calls 57736->57762 57740 467b78 __mbsnbcpy_s_l 66 API calls 57737->57740 57741 44d936 57737->57741 57742 467b78 __mbsnbcpy_s_l 66 API calls 57739->57742 57760 464197 57740->57760 57741->57714 57743 4641a7 57742->57743 57744 4641b5 57743->57744 57745 4641e2 57743->57745 57763 463fce 100 API calls 2 library calls 57744->57763 57764 463fce 100 API calls 2 library calls 57745->57764 57749 4641c7 57751 4641cf 57749->57751 57752 46421b 57749->57752 57750 4641f3 57750->57752 57754 464205 57750->57754 57753 467b78 __mbsnbcpy_s_l 66 API calls 57751->57753 57752->57741 57757 467b78 __mbsnbcpy_s_l 66 API calls 57752->57757 57755 4641d4 57753->57755 57756 467b78 __mbsnbcpy_s_l 66 API calls 57754->57756 57755->57741 57759 467b78 __mbsnbcpy_s_l 66 API calls 57755->57759 57758 46420a 57756->57758 57757->57760 57758->57741 57761 467b78 __mbsnbcpy_s_l 66 API calls 57758->57761 57759->57741 57765 467355 6 API calls 2 library calls 57760->57765 57761->57741 57763->57749 57764->57750 57766 44b71b 57767 44b731 57766->57767 57769 44b750 57767->57769 57770 44a744 57767->57770 57771 44a750 __EH_prolog3 57770->57771 57772 44a77c SysFreeString SysFreeString SysFreeString 57771->57772 57776 44a7dd 57771->57776 57774 44a79a ~_Task_impl 57772->57774 57773 44a9c0 SysFreeString SysFreeString SysFreeString 57773->57774 57774->57769 57775 44a9a1 57775->57773 57776->57773 57776->57775 57777 425f10 83 API calls 57776->57777 57778 44a983 SysFreeString 57776->57778 57780 468361 78 API calls 2 library calls 57776->57780 57777->57776 57778->57776 57780->57776

                Control-flow Graph

                APIs
                  • Part of subcall function 00440A30: CloseHandle.KERNEL32(?,?,?,0041F7D8,34224227), ref: 00440A45
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                  • Part of subcall function 0043F250: RegOpenKeyExA.KERNEL32(00000002,00000000,00000000,000F003F,'B"4,?,?,?,00FFFFFF,009B5900,34224227), ref: 0043F277
                  • Part of subcall function 0043F750: RegOpenKeyExA.ADVAPI32(00000002,00000000,00000000,00020019,00000001,CommPort,?,Software\DataIndustrial\,?,00000001), ref: 0043F785
                • GetLastError.KERNEL32(00000001,Offline,00000001,000012C0,00000001), ref: 0041FAA9
                • _memset.LIBCMT ref: 0041FAC6
                • FormatMessageA.KERNEL32(00001000,00000000,?,00000400,?,00000400,00000000), ref: 0041FAEB
                • _strcat.LIBCMT ref: 0041FB03
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Open$AllocatorCloseDebugErrorFormatHandleHeapLastMessage_memset_strcat
                • String ID: 'B"4$COM%d: does not exist, setting to COM%d:$CommError$CommPort$CommPort$Error Opening COM%d:%s$Offline$Online - COM%d: @ %dbps$Port Unavailable$Software\DataIndustrial\
                • API String ID: 3209270271-2566837557
                • Opcode ID: f803201affaca469957cc87ca31269438521d2fdc8acc3979a050fd9e01dc2ed
                • Instruction ID: 931baba77bf1f923f1ee873cf3df8f83bb38f430515d82cf233ae60682da2dbc
                • Opcode Fuzzy Hash: f803201affaca469957cc87ca31269438521d2fdc8acc3979a050fd9e01dc2ed
                • Instruction Fuzzy Hash: 83B151B0D002089FDB14EF95CC96BEEB775AF54308F1041AEE205672C1DB792A89CF99
                APIs
                • _strcpy_s.LIBCMT ref: 0044D8E4
                  • Part of subcall function 00467B78: __getptd_noexit.LIBCMT ref: 00467B78
                • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 0044D8FC
                • __snwprintf_s.LIBCMT ref: 0044D931
                • LoadLibraryA.KERNEL32(?), ref: 0044D96C
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: InfoLibraryLoadLocale__getptd_noexit__snwprintf_s_strcpy_s
                • String ID: LOC
                • API String ID: 1155623865-519433814
                • Opcode ID: c4be6c38367b4786e670b09670c40114d9c12781a61c7a805f0aa2a628481ed3
                • Instruction ID: 6aa362d5f81b9d15dd4667ab5174f247d76dd1d93e453a0aa19a050c9da60629
                • Opcode Fuzzy Hash: c4be6c38367b4786e670b09670c40114d9c12781a61c7a805f0aa2a628481ed3
                • Instruction Fuzzy Hash: 0221B7B1900208ABEB14BB75DC46BEA37AC9B0571DF1001BBB205E7191EE789D4587AA
                APIs
                • FindResourceA.KERNEL32(00000000,00000000,00000006), ref: 00414177
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: FindResource
                • String ID: @A
                • API String ID: 1635176832-361999007
                • Opcode ID: fb03bc7ce73d39d825292528f7e942dd3f432342a04420acd344a96ec928c96d
                • Instruction ID: 64fec69d50cdaea4fe898f9cfbc67dc858d3cfbf204f0b0e6309a666df7d1ba6
                • Opcode Fuzzy Hash: fb03bc7ce73d39d825292528f7e942dd3f432342a04420acd344a96ec928c96d
                • Instruction Fuzzy Hash: 30E065B5510108BBC704CF95DC45AAA77B8E798314F108559FD0D8B240E135EA809764
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: H_prolog3
                • String ID:
                • API String ID: 431132790-0
                • Opcode ID: c0e20bd98d7b32b381bc7e4a5d55a9d249b77d94f45eb68d35a8ddff8a3fff4e
                • Instruction ID: f5d6983fa30239938ad42086662cbb246b804b34ed81ad9edb46f4d95fe560f5
                • Opcode Fuzzy Hash: c0e20bd98d7b32b381bc7e4a5d55a9d249b77d94f45eb68d35a8ddff8a3fff4e
                • Instruction Fuzzy Hash: 6BF1A370600119EFEB14EF55C885ABE7BA9FF06714F12811AF819AB242D738D901DB6A

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 4274a0-4274fc GetFileVersionInfoSizeA 2 427505-42751e call 441433 0->2 3 4274fe-427500 0->3 7 427520-427522 2->7 8 427527-427545 GetFileVersionInfoA 2->8 4 427e11-427e22 3->4 7->4 9 427547-427557 call 4652a1 8->9 10 42755c-427574 VerQueryValueA 8->10 9->10 12 427596-4275e3 VerQueryValueA GetUserDefaultLangID call 427350 10->12 13 427576-42757a 10->13 19 427677-4276f1 call 402990 call 403170 call 4283d0 call 4262e0 VerQueryValueA call 4029d0 12->19 20 4275e9-427619 GetUserDefaultLangID call 427350 12->20 13->12 14 42757c-427593 call 463a70 13->14 14->12 40 4276f3-427731 call 413fc0 call 404240 call 4029d0 19->40 41 427736-42777d call 4283d0 call 4262e0 VerQueryValueA call 4029d0 19->41 20->19 26 42761b-427643 call 427350 20->26 26->19 31 427645-42766d call 427350 26->31 31->19 37 42766f-427674 31->37 37->19 40->41 53 4277c2-427809 call 4283d0 call 4262e0 VerQueryValueA call 4029d0 41->53 54 42777f-4277bd call 413fc0 call 404240 call 4029d0 41->54 66 42780b-427849 call 413fc0 call 404240 call 4029d0 53->66 67 42784e-427895 call 4283d0 call 4262e0 VerQueryValueA call 4029d0 53->67 54->53 66->67 79 427897-4278d5 call 413fc0 call 404240 call 4029d0 67->79 80 4278da-427921 call 4283d0 call 4262e0 VerQueryValueA call 4029d0 67->80 79->80 92 427923-427961 call 413fc0 call 404240 call 4029d0 80->92 93 427966-4279ad call 4283d0 call 4262e0 VerQueryValueA call 4029d0 80->93 92->93 105 4279f2-427a3f call 4283d0 call 4262e0 VerQueryValueA call 4029d0 93->105 106 4279af-4279ed call 413fc0 call 404240 call 4029d0 93->106 118 427a41-427a85 call 413fc0 call 404240 call 4029d0 105->118 119 427a8a-427add call 4283d0 call 4262e0 VerQueryValueA call 4029d0 105->119 106->105 118->119 131 427b28-427b7b call 4283d0 call 4262e0 VerQueryValueA call 4029d0 119->131 132 427adf-427b23 call 413fc0 call 404240 call 4029d0 119->132 144 427bc6-427c19 call 4283d0 call 4262e0 VerQueryValueA call 4029d0 131->144 145 427b7d-427bc1 call 413fc0 call 404240 call 4029d0 131->145 132->131 157 427c64-427cb7 call 4283d0 call 4262e0 VerQueryValueA call 4029d0 144->157 158 427c1b-427c5f call 413fc0 call 404240 call 4029d0 144->158 145->144 170 427d02-427d55 call 4283d0 call 4262e0 VerQueryValueA call 4029d0 157->170 171 427cb9-427cfd call 413fc0 call 404240 call 4029d0 157->171 158->157 183 427da0-427e0c call 44143e call 4029d0 170->183 184 427d57-427d9b call 413fc0 call 404240 call 4029d0 170->184 171->170 183->4 184->183
                APIs
                • GetFileVersionInfoSizeA.VERSION(?,00000000), ref: 004274F0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: FileInfoSizeVersion
                • String ID: 4$Comments$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$LegalTrademarks$OriginalFileName$PrivateBuild$ProductName$ProductVersion$SpecialBuild$\StringFileInfo\%04X%04X\$\VarFileInfo\Translation
                • API String ID: 1661704012-1403475910
                • Opcode ID: 905e9d523f7a918fba9d19afe879f2a4932e228a772e69e02764efb415089d16
                • Instruction ID: 5ff76a7507d07098f6884f367ec9f3871cb655d49045fca9b2a858ceead15f28
                • Opcode Fuzzy Hash: 905e9d523f7a918fba9d19afe879f2a4932e228a772e69e02764efb415089d16
                • Instruction Fuzzy Hash: D2520BB1D001189BCB14DBA5DD91FEEB7B4AF48304F5441AEE109B7281DB786A84CFA8

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 196 4463d9-446412 call 4677c3 call 45254f 201 446414 call 4494a9 196->201 202 446419-44641d 196->202 201->202 204 446432-446448 call 44a01a 202->204 205 44641f-44642d CallNextHookEx 202->205 210 44645f-446466 204->210 211 44644a-446451 204->211 206 446624-446629 call 467846 205->206 215 4464b3-4464b5 210->215 216 446468-446476 GetClassLongA 210->216 213 446457-446459 211->213 214 4465f2-446613 CallNextHookEx 211->214 213->210 213->214 218 446615-44661e UnhookWindowsHookEx 214->218 219 446622 214->219 220 4464b7-4464f2 call 44a066 call 444851 SetWindowLongA 215->220 221 44651d-446525 215->221 216->214 217 44647c-446484 216->217 222 446486-44649b GlobalGetAtomNameA 217->222 223 44649e-4464ad call 44343e 217->223 218->219 219->206 246 4464f4 220->246 247 4464f6-446508 220->247 224 446527-44655f call 463970 call 44316b 221->224 225 446561-446574 GetClassLongA 221->225 222->223 223->214 223->215 224->225 242 446578-44658d GetClassNameA 224->242 230 4465a6-4465b4 GetWindowLongA 225->230 231 446576 225->231 230->214 232 4465b6-4465c7 GetPropA 230->232 231->214 232->214 236 4465c9-4465db SetPropA GetPropA 232->236 236->214 239 4465dd-4465ec GlobalAddAtomA SetWindowLongA 236->239 239->214 242->230 243 44658f-4465a4 call 4643f4 242->243 243->214 243->230 246->247 247->214 249 44650e-446518 call 44974e 247->249 249->214
                APIs
                • __EH_prolog3_GS.LIBCMT ref: 004463E3
                  • Part of subcall function 0045254F: __EH_prolog3.LIBCMT ref: 00452556
                • CallNextHookEx.USER32(?,?,?,?), ref: 00446427
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                • GetClassLongA.USER32(?,000000E6), ref: 0044646B
                • GlobalGetAtomNameA.KERNEL32(?,?,?,?,?,?,00000005), ref: 00446495
                • SetWindowLongA.USER32(?,000000FC,Function_00045128), ref: 004464EA
                • _memset.LIBCMT ref: 00446534
                • GetClassLongA.USER32(?,000000E0), ref: 00446564
                • GetClassNameA.USER32(?,?,00000100), ref: 00446585
                • GetWindowLongA.USER32(?,000000FC), ref: 004465A9
                • GetPropA.USER32(?,AfxOldWndProc423), ref: 004465C3
                • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 004465CE
                • GetPropA.USER32(?,AfxOldWndProc423), ref: 004465D6
                • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 004465DE
                • SetWindowLongA.USER32(?,000000FC,Function_0004628C), ref: 004465EC
                • CallNextHookEx.USER32(?,00000003,?,?), ref: 00446604
                • UnhookWindowsHookEx.USER32(?), ref: 00446618
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                • String ID: #32768$AfxOldWndProc423$ime
                • API String ID: 867647115-4034971020
                • Opcode ID: 112306065b04b01a56eb49408750da570438d46644b5c62301e9b3dc77841513
                • Instruction ID: bbad3e1df59397287983f672d3dce4f26a218f096bb0c5825e8859e38cdab7ce
                • Opcode Fuzzy Hash: 112306065b04b01a56eb49408750da570438d46644b5c62301e9b3dc77841513
                • Instruction Fuzzy Hash: 48612E71500225ABEF259F65DC05BEF7B78AF09325F01426AF505A7291DB38CE80CB9E

                Control-flow Graph

                APIs
                • __EH_prolog3_GS.LIBCMT ref: 0044DAD8
                • GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,0044DD9F,?,?), ref: 0044DB08
                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0044DB1C
                • ConvertDefaultLocale.KERNEL32(?), ref: 0044DB58
                • ConvertDefaultLocale.KERNEL32(?), ref: 0044DB66
                • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 0044DB83
                • ConvertDefaultLocale.KERNEL32(?), ref: 0044DBAE
                • ConvertDefaultLocale.KERNEL32(000003FF), ref: 0044DBB7
                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 0044DBD0
                • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,Function_0004D3D2,?), ref: 0044DBED
                • ConvertDefaultLocale.KERNEL32(?), ref: 0044DC20
                • ConvertDefaultLocale.KERNEL32(00000000), ref: 0044DC29
                • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0044DC6C
                • _memset.LIBCMT ref: 0044DC8C
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
                • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                • API String ID: 3537336938-2299501126
                • Opcode ID: b2c97db82279207d2d408a858f5eba1e2e28cfd2f0bbbc08a828cdf2fb90492b
                • Instruction ID: 52fde0f04e9dbc3975f3b7d384cff73f71e17c689c04c0244843f61edb776047
                • Opcode Fuzzy Hash: b2c97db82279207d2d408a858f5eba1e2e28cfd2f0bbbc08a828cdf2fb90492b
                • Instruction Fuzzy Hash: A9513DB1D002289FDB64DF65DC457EDBAB4AB49300F1041EBE548E3291DBB89E81CF99

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 285 4441cd-4441e9 call 448273 288 4441f0-4441f7 285->288 289 4441eb-4441ee 285->289 291 444204-444209 GetWindow 288->291 292 4441f9-444202 GetParent 288->292 290 44422b-444242 GetWindowRect 289->290 294 4442d3-4442fa GetParent GetClientRect * 2 MapWindowPoints 290->294 295 444248-44424a 290->295 293 44420f-444213 291->293 292->293 293->290 297 444215-444227 SendMessageA 293->297 296 444300-444347 294->296 298 444265-44426e 295->298 299 44424c-44425a GetWindowLongA 295->299 302 444351-444355 296->302 303 444349-44434f 296->303 297->290 306 444229 297->306 304 444270-444277 call 4415cd 298->304 305 4442aa-4442d1 GetWindowRect call 442063 call 4420d0 CopyRect 298->305 300 444263 299->300 301 44425c-444261 299->301 300->298 301->298 301->300 308 444357 302->308 309 44435a-444362 302->309 303->302 315 44427c-4442a8 call 442063 call 4420d0 CopyRect * 2 304->315 316 444279 304->316 305->296 306->290 308->309 312 444364-44436a 309->312 313 44436d-444370 309->313 312->313 317 444375-444382 call 448607 313->317 318 444372 313->318 315->296 316->315 324 444387-44438a 317->324 318->317
                APIs
                  • Part of subcall function 00448273: GetWindowLongA.USER32(?,000000F0), ref: 0044827E
                • GetParent.USER32(?), ref: 004441FC
                • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 0044421F
                • GetWindowRect.USER32(?,?), ref: 00444239
                • GetWindowLongA.USER32(00000000,000000F0), ref: 0044424F
                • CopyRect.USER32(?,?), ref: 0044429C
                • CopyRect.USER32(?,?), ref: 004442A6
                • GetWindowRect.USER32(00000000,?), ref: 004442AF
                  • Part of subcall function 00442063: MonitorFromWindow.USER32(00000002,00000000), ref: 0044207A
                  • Part of subcall function 004420D0: GetMonitorInfoA.USER32(00000002,00000000), ref: 004420E7
                • CopyRect.USER32(?,?), ref: 004442CB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: RectWindow$Copy$LongMonitor$FromInfoMessageParentSend
                • String ID: ($0PD$0PD
                • API String ID: 1450647913-1806896817
                • Opcode ID: 2b8bd5d4e0b8c2f9e2ac51fd812c52dcdad2cd85903dad2d1e4e79b0d1fe1a2c
                • Instruction ID: c10e76b1d47ff5cf78dfdc122a34e4e24be6fbeea46ee805c2a397d138b0548f
                • Opcode Fuzzy Hash: 2b8bd5d4e0b8c2f9e2ac51fd812c52dcdad2cd85903dad2d1e4e79b0d1fe1a2c
                • Instruction Fuzzy Hash: 77516272900119ABEB00DFA9DC85BEEBBB9BF88314F154255F905F3290DB74E941CB68
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                • String ID:
                • API String ID: 656273425-0
                • Opcode ID: c69dd93b862874a2599f0bf401e328db37af829d15c6ca427a910b18ec611d57
                • Instruction ID: d2fdfe1b1f4ac3947f1583cfe13a02c7ecd96ca909a6548ff818dad62cbe29f4
                • Opcode Fuzzy Hash: c69dd93b862874a2599f0bf401e328db37af829d15c6ca427a910b18ec611d57
                • Instruction Fuzzy Hash: D0F1F031900215ABDF38AF66C844AAF77A5AF44706F14402BFC15A7292DB7CCE89CB59

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 643 4674e8-4674f7 644 467520 643->644 645 4674f9-467505 643->645 647 467523-46752f call 46f6b1 644->647 645->644 646 467507-46750e 645->646 646->644 648 467510-46751e 646->648 651 467531-467538 call 467490 647->651 652 467539-467540 call 46a553 647->652 648->647 651->652 657 467542-467549 call 467490 652->657 658 46754a-467559 call 472366 call 472112 652->658 657->658 665 467563-46757f GetCommandLineA call 471fdb call 471f20 658->665 666 46755b-467562 call 46845b 658->666 673 467581-467588 call 46845b 665->673 674 467589-467590 call 471ca8 665->674 666->665 673->674 679 467592-467599 call 46845b 674->679 680 46759a-4675a3 call 46851a 674->680 679->680 685 4675a5-4675ab call 46845b 680->685 686 4675ac-4675b4 call 471c49 680->686 685->686 691 4675b6-4675ba 686->691 692 4675bc-4675be 686->692 693 4675bf-4675c7 call 477d38 691->693 692->693 695 4675cc-4675d2 693->695 696 4675d4-4675d5 call 4686cb 695->696 697 4675da-467636 call 4686f7 call 467961 695->697 696->697
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __amsg_exit$_fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__mtinit__setargv__setenvp__wincmdln
                • String ID:
                • API String ID: 3545360858-0
                • Opcode ID: a856c1644862e094a6d422c5b669ab4b2eb6acaaa891df72f758518ed2d87e72
                • Instruction ID: 4bde3e4ac248c83f261ccd626a5852a1050345daf7b1399a0bac0498a861416e
                • Opcode Fuzzy Hash: a856c1644862e094a6d422c5b669ab4b2eb6acaaa891df72f758518ed2d87e72
                • Instruction Fuzzy Hash: 1821F770908305EADB14BB72A94677E2764AF0071CF1085AFF40A6A592FF7CC9418B5F

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 705 45214d-45216e EnterCriticalSection 706 452170-452177 705->706 707 45217d-452182 705->707 706->707 708 45223b-45223e 706->708 709 452184-452187 707->709 710 45219f-4521a7 707->710 712 452246-452264 LeaveCriticalSection 708->712 713 452240-452243 708->713 711 45218a-45218d 709->711 714 4521be-4521e2 GlobalHandle GlobalUnlock call 44963f GlobalReAlloc 710->714 715 4521a9-4521bc call 44963f GlobalAlloc 710->715 717 452197-452199 711->717 718 45218f-452195 711->718 713->712 722 4521e8-4521ea 714->722 715->722 717->708 717->710 718->711 718->717 723 4521ec-4521f1 722->723 724 45220f-452238 GlobalLock call 463970 722->724 725 452201-45220a LeaveCriticalSection call 449471 723->725 726 4521f3-4521fb GlobalHandle GlobalLock 723->726 724->708 725->724 726->725
                APIs
                • EnterCriticalSection.KERNEL32(004A0DF4,?,?,?,004A0DD8,004A0DD8,?,004525A3,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452160
                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,004A0DD8,004A0DD8,?,004525A3,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4), ref: 004521B6
                • GlobalHandle.KERNEL32(00733F00), ref: 004521BF
                • GlobalUnlock.KERNEL32(00000000), ref: 004521C9
                • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 004521E2
                • GlobalHandle.KERNEL32(00733F00), ref: 004521F4
                • GlobalLock.KERNEL32(00000000), ref: 004521FB
                • LeaveCriticalSection.KERNEL32('B"4,?,?,?,004A0DD8,004A0DD8,?,004525A3,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452204
                • GlobalLock.KERNEL32(00000000), ref: 00452210
                • _memset.LIBCMT ref: 0045222A
                • LeaveCriticalSection.KERNEL32('B"4,00000000), ref: 00452258
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                • String ID: 'B"4
                • API String ID: 496899490-3921257376
                • Opcode ID: 92006fac8345390f61008f2911d0783b13f49da8a9a6823e12cca9008d11fe87
                • Instruction ID: 1d0511e1ccf03195e113fabd0c01b0e5215e2a6a2c09a01a5cb669d43b3658c8
                • Opcode Fuzzy Hash: 92006fac8345390f61008f2911d0783b13f49da8a9a6823e12cca9008d11fe87
                • Instruction Fuzzy Hash: 8A31D071600704AFD7209F65CD89A5B7BF9EF44302F018AAFF946D3261DB74E9448B18

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 730 45ee8e-45eed3 call 44a01a GetModuleFileNameA 733 45eed5-45eed7 730->733 734 45eed9 call 45026f 730->734 733->734 735 45eede-45eef3 PathFindExtensionA 733->735 734->735 737 45eef5 call 45026f 735->737 738 45eefa-45ef19 call 45ee4e 735->738 737->738 742 45ef20-45ef24 738->742 743 45ef1b call 45026f 738->743 744 45ef26-45ef38 call 46883f 742->744 745 45ef3f-45ef44 742->745 743->742 744->745 756 45ef3a call 449471 744->756 748 45ef46-45ef57 call 44d27d 745->748 749 45ef79-45ef80 745->749 757 45ef5c-45ef5e 748->757 752 45ef82-45ef8f 749->752 753 45efcd-45efd1 749->753 754 45ef91-45ef96 752->754 755 45ef98 752->755 758 45f005-45f013 call 4637e0 753->758 759 45efd3-45efff call 4687cb call 408c40 call 46883f 753->759 760 45ef9d-45efbe call 44d880 call 46883f 754->760 755->760 756->745 763 45ef60-45ef67 757->763 764 45ef69 757->764 759->756 759->758 760->756 778 45efc4-45efca 760->778 768 45ef6c-45ef77 call 46883f 763->768 764->768 768->749 768->756 778->753
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __strdup$ExtensionFileFindModuleNamePath_strcat_s
                • String ID: .CHM$.HLP$.INI
                • API String ID: 1153805871-4017452060
                • Opcode ID: f96202abf8737f5eb4b8290cc4afc90313b1a7d5a7333fcf6264e97d2fd8e7d8
                • Instruction ID: 2737bb421080709eed419f029882a4d65bdb15f7b5a000e855b7848276850dcb
                • Opcode Fuzzy Hash: f96202abf8737f5eb4b8290cc4afc90313b1a7d5a7333fcf6264e97d2fd8e7d8
                • Instruction Fuzzy Hash: 1B417071904319ABDB25EB66CC45B9AB7ECAB14345F0009ABE945D3242EF78DA84CB24

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 780 441bdb-441c05 call 46778d call 44a01a 785 441c26-441c29 780->785 786 441c07-441c23 call 44a01a FindResourceA LoadResource 780->786 788 441c37-441c3a 785->788 789 441c2b-441c34 LockResource 785->789 786->785 790 441c44-441c5f call 441751 call 4448bd 788->790 791 441c3c-441c3f 788->791 789->788 800 441c61-441c6a GetDesktopWindow 790->800 801 441cc2-441ce4 call 44662c call 444804 call 441a25 790->801 793 441da1-441da6 call 467832 791->793 800->801 803 441c6c-441c77 IsWindowEnabled 800->803 813 441ce6-441cea 801->813 814 441d20-441d4e 801->814 803->801 805 441c79-441c97 EnableWindow call 4415cd 803->805 805->801 811 441c99-441ca5 805->811 811->801 819 441ca7-441cb0 call 4483c8 811->819 817 441cec-441cfb call 448273 813->817 818 441d0a-441d0d 813->818 822 441d50-441d54 call 4483e3 814->822 823 441d59-441d5c 814->823 831 441d00-441d03 call 44438d 817->831 832 441cfd-441cff 817->832 818->814 821 441d0f-441d1b call 448607 818->821 819->801 833 441cb2-441cbb call 4483e3 819->833 821->814 822->823 828 441d5e-441d63 EnableWindow 823->828 829 441d69-441d6c 823->829 828->829 834 441d82-441d93 call 44178d 829->834 835 441d6e-441d77 GetActiveWindow 829->835 840 441d08 831->840 832->831 833->801 844 441d95-441d98 FreeResource 834->844 845 441d9e 834->845 835->834 838 441d79-441d7c SetActiveWindow 835->838 838->834 840->818 844->845 845->793
                APIs
                • __EH_prolog3_catch.LIBCMT ref: 00441BE2
                • FindResourceA.KERNEL32(?,?,00000005), ref: 00441C15
                • LoadResource.KERNEL32(?,00000000), ref: 00441C1D
                  • Part of subcall function 004448BD: UnhookWindowsHookEx.USER32(?), ref: 004448ED
                • LockResource.KERNEL32(?,00000024,004070BD,34224227), ref: 00441C2E
                • GetDesktopWindow.USER32 ref: 00441C61
                • IsWindowEnabled.USER32(?), ref: 00441C6F
                • EnableWindow.USER32(?,00000000), ref: 00441C7E
                  • Part of subcall function 004483C8: IsWindowEnabled.USER32(?), ref: 004483D1
                  • Part of subcall function 004483E3: EnableWindow.USER32(?,00000478), ref: 004483F4
                • EnableWindow.USER32(?,00000001), ref: 00441D63
                • GetActiveWindow.USER32 ref: 00441D6E
                • SetActiveWindow.USER32(?,?,00000024,004070BD,34224227), ref: 00441D7C
                • FreeResource.KERNEL32(?,?,00000024,004070BD,34224227), ref: 00441D98
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
                • String ID:
                • API String ID: 964565984-0
                • Opcode ID: accdb36f2cb00b8aa74bf515dc48c3199f5ee3a087da4f31ecd60e99218a84e7
                • Instruction ID: ee87a2788e3f257d036b519ac04e3c782c75f8c2c7e6d3f2c0c0a5e48439bb71
                • Opcode Fuzzy Hash: accdb36f2cb00b8aa74bf515dc48c3199f5ee3a087da4f31ecd60e99218a84e7
                • Instruction Fuzzy Hash: 6B51B470E007049BEB10AFA6CC896AEBBB1BF48709F10013FE405A62A1DB795D81CB5D

                Control-flow Graph

                APIs
                • RegCreateKeyExA.KERNEL32(00000002,00000000,00000000,00000000,00000000,000F003F,00000000,?,?,34224227), ref: 0043F133
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Create
                • String ID: 'B"4
                • API String ID: 2289755597-3921257376
                • Opcode ID: 4b852eee8b1abd593b33de7cd22b128e51219a690c9175172c5ebb7b52396e3c
                • Instruction ID: f8a36754a91b74c184557738512502ab15f9e312cb056196eabf9993c878bd6c
                • Opcode Fuzzy Hash: 4b852eee8b1abd593b33de7cd22b128e51219a690c9175172c5ebb7b52396e3c
                • Instruction Fuzzy Hash: 71514070E00108DBDB14DF94C945BEEB7B4FB08354F108269E525AB2D1DB78AA45CF68

                Control-flow Graph

                APIs
                • __EH_prolog3_catch.LIBCMT ref: 00446293
                • GetPropA.USER32(?,AfxOldWndProc423), ref: 004462A2
                • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 004462FC
                  • Part of subcall function 00444FBF: GetWindowRect.USER32(?,10000000), ref: 00444FE9
                • SetWindowLongA.USER32(?,000000FC,?), ref: 00446323
                • RemovePropA.USER32(?,AfxOldWndProc423), ref: 0044632B
                • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 00446332
                • GlobalDeleteAtom.KERNEL32(?), ref: 0044633C
                • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 00446390
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
                • String ID: AfxOldWndProc423
                • API String ID: 2109165785-1060338832
                • Opcode ID: 51cc153e2c6cef03e3093e220952760a16eb511584d40ad2b3852e298b7dfd45
                • Instruction ID: 84565f954886d946ca497fbe4b24ef248bda055b7afdff43183705a922001171
                • Opcode Fuzzy Hash: 51cc153e2c6cef03e3093e220952760a16eb511584d40ad2b3852e298b7dfd45
                • Instruction Fuzzy Hash: F8316F31800149ABEF01AFE5DD49DFF7A78AF4A315F01012AF905A1152D7388911DB6A

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 911 45c68f-45c6b0 DefWindowProcA 912 45c6b6-45c6e1 GetWindowRect 911->912 913 45c798-45c79b 911->913 914 45c6e3-45c6ed 912->914 915 45c73f-45c741 912->915 914->915 916 45c6ef-45c73c SetRect InvalidateRect SetRect InvalidateRect 914->916 917 45c797 915->917 918 45c743-45c74d 915->918 916->915 917->913 918->917 919 45c74f-45c791 SetRect InvalidateRect SetRect InvalidateRect 918->919 919->917
                APIs
                • DefWindowProcA.USER32(?,00000046,00000000,?,?,?), ref: 0045C6A6
                • GetWindowRect.USER32(?,?), ref: 0045C6BE
                • SetRect.USER32(?,?,00000000,?,?), ref: 0045C6FE
                • InvalidateRect.USER32(?,?,00000001), ref: 0045C70D
                • SetRect.USER32(?,?,00000000,?,?), ref: 0045C724
                • InvalidateRect.USER32(?,?,00000001), ref: 0045C733
                • SetRect.USER32(?,00000000,?,?,?), ref: 0045C764
                • InvalidateRect.USER32(?,?,00000001), ref: 0045C76F
                • SetRect.USER32(?,00000000,?,?,?), ref: 0045C786
                • InvalidateRect.USER32(?,?,00000001), ref: 0045C791
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Rect$Invalidate$Window$Proc
                • String ID:
                • API String ID: 570070710-0
                • Opcode ID: 4ea5aaf8b389da22c416f0f7de2bece073fe15b96e526b111410a6eac713b76e
                • Instruction ID: f75abfcbd212941b49f5a9d73e623c4ea54dcc6fc4d7cf006741b3d23f5a0219
                • Opcode Fuzzy Hash: 4ea5aaf8b389da22c416f0f7de2bece073fe15b96e526b111410a6eac713b76e
                • Instruction Fuzzy Hash: 14310A7290020ABFDB04CFA4DD88FAABB78FB08744F100165FA05A7560E770AA54CFA5

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 920 44a744-44a77a call 46775a 923 44a77c-44a798 SysFreeString * 3 920->923 924 44a7dd-44a7ea 920->924 927 44a7a0-44a7a9 923->927 928 44a79a-44a79c 923->928 925 44a9c0-44a9d8 SysFreeString * 3 924->925 926 44a7f0-44a7fe 924->926 931 44a9e0-44a9e9 925->931 932 44a9da-44a9dc 925->932 942 44a804-44a816 926->942 943 44a9ae-44a9b5 926->943 929 44a7b1-44a7ba 927->929 930 44a7ab-44a7ad 927->930 928->927 933 44a7c2-44a7cb 929->933 934 44a7bc-44a7be 929->934 930->929 935 44a9f1-44a9fa 931->935 936 44a9eb-44a9ed 931->936 932->931 938 44a7d3-44a7d8 933->938 939 44a7cd-44a7cf 933->939 934->933 940 44aa02-44aa0b 935->940 941 44a9fc-44a9fe 935->941 936->935 945 44aa16-44aa1b call 467832 938->945 939->938 946 44aa13 940->946 947 44aa0d-44aa0f 940->947 941->940 942->943 950 44a81c-44a82b 942->950 943->925 944 44a9b7-44a9bd 943->944 944->925 946->945 947->946 950->943 954 44a831-44a836 950->954 954->943 955 44a83c-44a842 954->955 956 44a846-44a84d 955->956 957 44a855-44a85c 956->957 958 44a84f-44a851 956->958 957->943 959 44a862 957->959 958->957 960 44a864-44a86a 959->960 961 44a870-44a876 960->961 962 44a989-44a99b 960->962 963 44a8dd-44a8e0 961->963 964 44a878-44a87b 961->964 962->960 965 44a9a1 962->965 968 44a931-44a934 963->968 969 44a8e2-44a8e5 963->969 966 44a893-44a898 964->966 967 44a87d-44a882 964->967 965->943 972 44a8b7-44a8ba 966->972 973 44a89a-44a8b5 call 425f10 call 4683f4 966->973 975 44a884-44a891 967->975 976 44a8c1-44a8c3 967->976 968->962 974 44a936-44a939 968->974 970 44a8e7-44a8ec 969->970 971 44a8fd-44a91a call 425f10 call 4683f4 969->971 977 44a920 970->977 978 44a8ee-44a8fb 970->978 971->977 1009 44a91c-44a91e 971->1009 981 44a8c5 972->981 982 44a8bc-44a8bf 972->982 973->972 973->976 984 44a951-44a96e call 425f10 call 468361 974->984 985 44a93b-44a940 974->985 975->966 975->982 983 44a8c7-44a8cb 976->983 992 44a922-44a926 977->992 978->971 978->977 981->983 982->976 982->981 993 44a985-44a987 983->993 994 44a8d1-44a8d8 983->994 986 44a974 984->986 1010 44a970-44a972 984->1010 985->986 987 44a942-44a94f 985->987 999 44a976-44a97a 986->999 987->984 987->986 992->993 1000 44a928-44a92f 992->1000 993->962 1001 44a9a3-44a9ac 993->1001 1002 44a983 SysFreeString 994->1002 999->993 1007 44a97c-44a980 999->1007 1000->1002 1001->925 1001->943 1002->993 1007->1002 1009->992 1010->999
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: FreeString$H_prolog3__wcsicoll
                • String ID:
                • API String ID: 1416311275-0
                • Opcode ID: e72753241d7c919bb5e1eeb99ec0b77e044f515f0eb309f148dd256b4c1c54f2
                • Instruction ID: aa9a76f8d40faa444a327544464b434a71512eddf0027e12f4c9b9f578c57ebd
                • Opcode Fuzzy Hash: e72753241d7c919bb5e1eeb99ec0b77e044f515f0eb309f148dd256b4c1c54f2
                • Instruction Fuzzy Hash: 2EB16D70D4020ADFEF20DFA4C884AAEBBB5FF45314F24495AE451AB2A0C7399D51CF66

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1011 44ee15-44ee5d call 44ed2a call 44ed63 1016 44ee5f-44ee62 EnableWindow 1011->1016 1017 44ee68-44ee7e GetWindowThreadProcessId 1011->1017 1016->1017 1018 44eea6-44eea8 1017->1018 1019 44ee80-44ee8c GetCurrentProcessId 1017->1019 1021 44eead-44eeb6 1018->1021 1022 44eeaa 1018->1022 1019->1018 1020 44ee8e-44eea0 SendMessageA 1019->1020 1020->1018 1025 44eea2-44eea4 1020->1025 1023 44eece-44eed2 1021->1023 1024 44eeb8-44eec5 1021->1024 1022->1021 1027 44eed4-44eedd 1023->1027 1028 44eef1-44eefa 1023->1028 1024->1023 1026 44eec7-44eecc 1024->1026 1025->1021 1026->1023 1029 44eeed 1027->1029 1030 44eedf-44eee5 1027->1030 1031 44ef01-44ef1a GetModuleFileNameA 1028->1031 1032 44eefc-44eeff 1028->1032 1029->1028 1030->1028 1033 44eee7-44eeeb 1030->1033 1034 44ef20-44ef30 call 4432ae 1031->1034 1035 44ef1c 1031->1035 1032->1034 1033->1028 1037 44ef35-44ef3c 1034->1037 1035->1034 1038 44ef46-44ef4d 1037->1038 1039 44ef3e-44ef44 1037->1039 1040 44ef5d-44ef75 call 44ed2a call 4637e0 1038->1040 1041 44ef4f-44ef57 EnableWindow 1038->1041 1039->1038 1041->1040
                APIs
                  • Part of subcall function 0044ED63: GetParent.USER32(?), ref: 0044EDB7
                  • Part of subcall function 0044ED63: GetLastActivePopup.USER32(?), ref: 0044EDC8
                  • Part of subcall function 0044ED63: IsWindowEnabled.USER32(?), ref: 0044EDDC
                  • Part of subcall function 0044ED63: KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 0044EDEF
                • EnableWindow.USER32(?,00000001), ref: 0044EE62
                • GetWindowThreadProcessId.USER32(?,?), ref: 0044EE76
                • GetCurrentProcessId.KERNEL32 ref: 0044EE80
                • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 0044EE98
                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 0044EF12
                • EnableWindow.USER32(00000000,00000001), ref: 0044EF57
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$EnableProcess$ActiveCallbackCurrentDispatcherEnabledFileLastMessageModuleNameParentPopupSendThreadUser
                • String ID: 0
                • API String ID: 2070481171-4108050209
                • Opcode ID: 88b068b4ae8eec3bb82c64e97ba6f6ee533804f12cea4734bbe91cce3cc5075f
                • Instruction ID: cf20ff38150e1d62b89d1af0b0e6a28719ba9d881e61ed3c3aee24a4833b7b23
                • Opcode Fuzzy Hash: 88b068b4ae8eec3bb82c64e97ba6f6ee533804f12cea4734bbe91cce3cc5075f
                • Instruction Fuzzy Hash: 1541C47190021DABEB318F26CC45BDAB7B8FF04714F2405AAF94996281D7B5DE808F98

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1046 4566db-4566f6 call 46775a 1049 456717-45673a call 454da4 1046->1049 1050 4566f8-456707 call 454b9d 1046->1050 1058 45676d-456772 1049->1058 1059 45673c-456751 1049->1059 1053 45670c-456711 1050->1053 1053->1049 1055 4569e5-4569ea call 467832 1053->1055 1061 456774-456777 1058->1061 1062 4567d7-4567da 1058->1062 1059->1058 1067 456753-45675e 1059->1067 1063 456846-456858 1061->1063 1065 45677d-45678f 1061->1065 1062->1063 1064 4567dc-4567ee 1062->1064 1071 4569a7-4569aa 1063->1071 1072 45685e-456860 1063->1072 1064->1063 1073 4567f0-4567f2 1064->1073 1065->1064 1074 456791-45679f 1065->1074 1075 456762-456767 1067->1075 1076 4569ac-4569b0 1071->1076 1081 4569c4-4569c9 1071->1081 1077 456862-456877 CreateILockBytesOnHGlobal 1072->1077 1078 4568ba-4568bd 1072->1078 1079 4567f4-4567f9 1073->1079 1080 456802-456839 call 453c6f call 45f796 call 453c31 1073->1080 1074->1064 1097 4567a1-4567d2 1074->1097 1075->1058 1075->1076 1076->1081 1090 4569b2-4569c2 1076->1090 1084 456976 1077->1084 1085 45687d-456898 StgCreateDocfileOnILockBytes 1077->1085 1088 4568c3-4568cf 1078->1088 1089 45696f 1078->1089 1094 4567fd-456800 1079->1094 1100 45683e-456841 1080->1100 1082 4569d1-4569d4 1081->1082 1083 4569cb-4569cd 1081->1083 1095 4569d6-4569d9 1082->1095 1096 4569e2 1082->1096 1083->1082 1091 456979-45697b 1084->1091 1092 4568b2-4568b5 1085->1092 1093 45689a-4568ae 1085->1093 1109 4568d1 1088->1109 1110 456908-45690f 1088->1110 1089->1084 1090->1081 1105 45697f-456982 1091->1105 1103 456967-45696d 1092->1103 1093->1092 1094->1100 1095->1096 1101 4569db 1095->1101 1096->1055 1097->1105 1100->1091 1101->1096 1103->1084 1105->1076 1115 456984-456987 1105->1115 1111 4568d3-4568d6 1109->1111 1112 4568d8-4568e5 GlobalAlloc 1109->1112 1116 456912-456918 1110->1116 1111->1110 1111->1112 1112->1110 1117 4568e7-4568f0 GlobalLock 1112->1117 1115->1071 1118 456989-456993 1115->1118 1116->1084 1119 45691a-45692e CreateILockBytesOnHGlobal 1116->1119 1117->1110 1122 4568f2-456906 GlobalUnlock 1117->1122 1118->1071 1123 456995-4569a4 1118->1123 1119->1084 1124 456930-45694a StgOpenStorageOnILockBytes 1119->1124 1122->1116 1123->1071 1126 456964 1124->1126 1127 45694c-456960 1124->1127 1126->1103 1127->1126
                APIs
                • __EH_prolog3.LIBCMT ref: 004566E2
                  • Part of subcall function 00454B9D: SysStringLen.OLEAUT32(?), ref: 00454BA7
                  • Part of subcall function 00454B9D: CoGetClassObject.COMBASE(?,?,00000000,0048EA14,?), ref: 00454BC5
                • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 0045686C
                • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 0045688D
                • GlobalAlloc.KERNEL32(00000000,00000000), ref: 004568DA
                • GlobalLock.KERNEL32(00000000), ref: 004568E8
                • GlobalUnlock.KERNEL32(?), ref: 00456900
                • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 00456923
                • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 0045693F
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                • String ID:
                • API String ID: 317715441-0
                • Opcode ID: 79cede604b0585a6dcde8cdeac39ae0f5729898c88cb21d0cc3c5218c5ed9a48
                • Instruction ID: 32085e0b990c3d4599043b487a31d322d06a38e44cb4bebb9c8620067bc1f447
                • Opcode Fuzzy Hash: 79cede604b0585a6dcde8cdeac39ae0f5729898c88cb21d0cc3c5218c5ed9a48
                • Instruction Fuzzy Hash: 73C12AB0A0020ADFCF10DFA4C8889AEB7B9FF48306B50496EF915EB251D775D945CB64
                APIs
                • GetClientRect.USER32(?,00000000), ref: 00444BFE
                • BeginDeferWindowPos.USER32(00000008), ref: 00444C16
                • GetTopWindow.USER32(?), ref: 00444C28
                • GetDlgCtrlID.USER32(00000000), ref: 00444C33
                • SendMessageA.USER32(00000000,00000361,00000000,00000000), ref: 00444C64
                • GetWindow.USER32(00000000,00000002), ref: 00444C6D
                • CopyRect.USER32(000080E8,00000000), ref: 00444C8B
                • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00444D08
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$Rect$BeginCallbackClientCopyCtrlDeferDispatcherMessageSendUser
                • String ID:
                • API String ID: 1656430526-0
                • Opcode ID: ec03bfc234627a07c1a168c9729a55e3774edb0abf8bc347cff3b9b922b8b935
                • Instruction ID: 48d15df69bbb2440fc0c7f56b7d74f6ad512ff9b7e999f0c7388acabe7d0da88
                • Opcode Fuzzy Hash: ec03bfc234627a07c1a168c9729a55e3774edb0abf8bc347cff3b9b922b8b935
                • Instruction Fuzzy Hash: F1418D71801209EFDF11DF95D888AEEB7B4FF8D314B15816AE805A7210D7799D50CF68
                APIs
                • __EH_prolog3.LIBCMT ref: 0044AF08
                  • Part of subcall function 00453ED5: _memset.LIBCMT ref: 00453EE7
                • lstrlenA.KERNEL32(?,?,?,00000048,0044BFE7,?,00000000,00000000,00000000,00000000,00000000,00000066), ref: 0044AF41
                • VariantClear.OLEAUT32(?,?,00000000,00000000,00000008,00000000,?,00000003,?,00000008,?,00000008,?,?,00000048,0044BFE7), ref: 0044AFA0
                • VariantClear.OLEAUT32(?), ref: 0044AFAD
                • VariantClear.OLEAUT32(?), ref: 0044AFB3
                • VariantClear.OLEAUT32(?), ref: 0044AFB9
                • VariantClear.OLEAUT32(?), ref: 0044AFBF
                • SysFreeString.OLEAUT32(?), ref: 0044AFC4
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClearVariant$FreeH_prolog3String_memsetlstrlen
                • String ID:
                • API String ID: 3999370675-0
                • Opcode ID: dba7bc26b4e96fffd916356cd94b7967fd6a26b94d89a40eb77dd2a17824b5b1
                • Instruction ID: a5ed0d6c422b757fa461bf1b39aaaa391c1364c81a275a19bbb552f45085a936
                • Opcode Fuzzy Hash: dba7bc26b4e96fffd916356cd94b7967fd6a26b94d89a40eb77dd2a17824b5b1
                • Instruction Fuzzy Hash: 1C215C7190014DAEDF01EFE0CC45AEE7B78EF54309F10805AF909AB151DB789A59CBA5
                APIs
                • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 00453105
                • GetSystemMetrics.USER32(0000000C), ref: 0045310C
                • GetSystemMetrics.USER32(00000002), ref: 00453113
                • GetSystemMetrics.USER32(00000003), ref: 0045311D
                • GetDC.USER32(00000000), ref: 00453127
                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00453138
                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00453140
                • ReleaseDC.USER32(00000000,00000000), ref: 00453148
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                • String ID:
                • API String ID: 1031845853-0
                • Opcode ID: c8628de3c9cef1e5052bd380a7e5ad55164898618af0f9869e7bffa5f21257c1
                • Instruction ID: 5a9c41469ee9b4c839eb6382646c1649025035926baa233302a21e8b7a50e139
                • Opcode Fuzzy Hash: c8628de3c9cef1e5052bd380a7e5ad55164898618af0f9869e7bffa5f21257c1
                • Instruction Fuzzy Hash: FAF06DB1E40718BAE7205FB29C49B167F68FB48761F004A27F6098B290DBB598518FD4
                APIs
                • GetParent.USER32(?), ref: 004443C0
                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004443E4
                • UpdateWindow.USER32(?), ref: 004443FF
                • SendMessageA.USER32(?,00000121,00000000,?), ref: 00444420
                • SendMessageA.USER32(?,0000036A,00000000,00000002), ref: 00444438
                • UpdateWindow.USER32(?), ref: 0044447B
                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004444AC
                  • Part of subcall function 00448273: GetWindowLongA.USER32(?,000000F0), ref: 0044827E
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Message$Window$PeekSendUpdate$LongParent
                • String ID:
                • API String ID: 2853195852-0
                • Opcode ID: 0fa6bb188a18b14c73429d6b317de1e345f03ba23687a08ebc5fab31aebc29f2
                • Instruction ID: 5b9aa243483a3de07e74dedb4d5c3c9e8fb21dc083a1d7c5c00b4d8cad5d9381
                • Opcode Fuzzy Hash: 0fa6bb188a18b14c73429d6b317de1e345f03ba23687a08ebc5fab31aebc29f2
                • Instruction Fuzzy Hash: 4B41B430900605EBEF219F96CC45F6FBBB4FFC0758F10816EE445A2251D7798940DB29
                APIs
                • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 004269AF
                • GetLastError.KERNEL32 ref: 004269BE
                • CloseHandle.KERNEL32(000000FF), ref: 004269ED
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseCreateErrorFileHandleLast
                • String ID: $'B"4$\\.\COM%d
                • API String ID: 2528220319-3525418015
                • Opcode ID: f70dd0e4ed8e295b5290acb9815c62a3b5d0e59e8d728988a21ee8d82ccd3017
                • Instruction ID: bc0583e2993c1ff57927ce906d8d391beef2036e9bd3ca98f36c8dddf21f1f7b
                • Opcode Fuzzy Hash: f70dd0e4ed8e295b5290acb9815c62a3b5d0e59e8d728988a21ee8d82ccd3017
                • Instruction Fuzzy Hash: 3A319CB0A00229DBDB10EF94DD09BEEB774FB08314F50062EE521772C0DBB85A80CB99
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID: Edit$`@
                • API String ID: 0-3759813892
                • Opcode ID: 0323967f16c333137a830218bdd731d14148454422273c562761c1ea7ac5dd57
                • Instruction ID: 1d090f91bf1d06e9a03c7b1fcca7a5a00191e2b0eef148675b3fd8cd50f915ae
                • Opcode Fuzzy Hash: 0323967f16c333137a830218bdd731d14148454422273c562761c1ea7ac5dd57
                • Instruction Fuzzy Hash: E11125302402097BFB202A668C09B6BB76DAF11755F1E0527F409E22B1DBA8DCD0DA1C
                APIs
                • SetErrorMode.KERNEL32(00000000), ref: 0045F022
                • SetErrorMode.KERNEL32(00000000), ref: 0045F02A
                  • Part of subcall function 00449798: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 004497D0
                  • Part of subcall function 00449798: SetLastError.KERNEL32(0000006F), ref: 004497E7
                • GetModuleHandleA.KERNEL32(user32.dll), ref: 0045F079
                • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 0045F089
                  • Part of subcall function 0045EE8E: GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0045EECB
                  • Part of subcall function 0045EE8E: PathFindExtensionA.SHLWAPI(?), ref: 0045EEE5
                  • Part of subcall function 0045EE8E: __strdup.LIBCMT ref: 0045EF2D
                  • Part of subcall function 0045EE8E: __strdup.LIBCMT ref: 0045EF6C
                  • Part of subcall function 0045EE8E: __strdup.LIBCMT ref: 0045EFB3
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ErrorModule__strdup$FileModeName$AddressExtensionFindHandleLastPathProc
                • String ID: NotifyWinEvent$user32.dll
                • API String ID: 621541537-597752486
                • Opcode ID: 7070ca615288211024a0643a176351de1a60be75645245b56491e4a63f8f7d4a
                • Instruction ID: a3876f4d1ccdd473f35eb3dff5b776a13309212298833aaac021e7633853f43f
                • Opcode Fuzzy Hash: 7070ca615288211024a0643a176351de1a60be75645245b56491e4a63f8f7d4a
                • Instruction Fuzzy Hash: FB0175705502049FDB10AF769805B593B98EF04715B0580AFF909D73A3DA79D840CBAA
                APIs
                • __EH_prolog3_catch.LIBCMT ref: 00441A2C
                • GlobalLock.KERNEL32(?), ref: 00441B04
                • CreateDialogIndirectParamA.USER32(?,?,?,00441449,00000000), ref: 00441B33
                • DestroyWindow.USER32(00000000), ref: 00441BAD
                • GlobalUnlock.KERNEL32(?), ref: 00441BBD
                • GlobalFree.KERNEL32(?), ref: 00441BC6
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                • String ID:
                • API String ID: 3003189058-0
                • Opcode ID: 46595df3985a2f106fefc0b6ecae9cabd9e3d4b733529ce00a01273b2eedd58d
                • Instruction ID: cf35f89b44316319660cbf299e7c6009d0b62f5098c18317d76f02983c1763a7
                • Opcode Fuzzy Hash: 46595df3985a2f106fefc0b6ecae9cabd9e3d4b733529ce00a01273b2eedd58d
                • Instruction Fuzzy Hash: 0551B371900149DFDF10EFA5C8859EEBBB5EF04314F14056EF502A72A2EB38AE85CB59
                APIs
                • __EH_prolog3.LIBCMT ref: 0045C864
                  • Part of subcall function 0045093A: __EH_prolog3.LIBCMT ref: 00450941
                  • Part of subcall function 0045093A: GetWindowDC.USER32(00000000,00000004,0045C874,?,00000034), ref: 0045096D
                • GetClientRect.USER32(?,?), ref: 0045C87F
                • GetWindowRect.USER32(?,?), ref: 0045C88C
                  • Part of subcall function 004505C9: ScreenToClient.USER32(?,?), ref: 004505DA
                  • Part of subcall function 004505C9: ScreenToClient.USER32(?,?), ref: 004505E7
                • OffsetRect.USER32(?,?,?), ref: 0045C8B3
                  • Part of subcall function 00450189: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 004501B2
                  • Part of subcall function 00450189: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 004501C7
                • OffsetRect.USER32(?,?,?), ref: 0045C8D1
                  • Part of subcall function 004501D0: IntersectClipRect.GDI32(?,?,?,?,?), ref: 004501F9
                  • Part of subcall function 004501D0: IntersectClipRect.GDI32(?,?,?,?,?), ref: 0045020E
                • SendMessageA.USER32(?,00000014,?,00000000), ref: 0045C8FB
                  • Part of subcall function 0045098E: __EH_prolog3.LIBCMT ref: 00450995
                  • Part of subcall function 0045098E: ReleaseDC.USER32(?,00000000), ref: 004509B2
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Rect$Clip$ClientH_prolog3$ExcludeIntersectOffsetScreenWindow$MessageReleaseSend
                • String ID:
                • API String ID: 2952362992-0
                • Opcode ID: 01d0949d8f97083204687a297f0f563a467412acf9e3ab81398ec322390731d6
                • Instruction ID: d51cba5459fe96a68c4ec1a47e0972a9641f886ffdfd676abbc5c55d8d2b0367
                • Opcode Fuzzy Hash: 01d0949d8f97083204687a297f0f563a467412acf9e3ab81398ec322390731d6
                • Instruction Fuzzy Hash: 9D21FB7291000DEFDB15DBD5CC55DEEB3B8BF08305F00421AF516A71A1EB246A09CB64
                APIs
                • GetWindowLongA.USER32(?,000000F0), ref: 0044ED96
                • GetParent.USER32(?), ref: 0044EDA4
                • GetParent.USER32(?), ref: 0044EDB7
                • GetLastActivePopup.USER32(?), ref: 0044EDC8
                • IsWindowEnabled.USER32(?), ref: 0044EDDC
                • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 0044EDEF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ParentWindow$ActiveCallbackDispatcherEnabledLastLongPopupUser
                • String ID:
                • API String ID: 3747766783-0
                • Opcode ID: 58b4254ecba27862fe8bce7242cc3684a24385a93ecdb4f150b025db61a307d3
                • Instruction ID: 78607c10628ea45a243d5a21ec2e764f0e0447fb31f9fa9e74a9c92f203e88c2
                • Opcode Fuzzy Hash: 58b4254ecba27862fe8bce7242cc3684a24385a93ecdb4f150b025db61a307d3
                • Instruction Fuzzy Hash: B211E3B2D002336BF7315A6B9C44B6B76A9BF98B64F150263ED04E7350EB28CC4146ED
                APIs
                  • Part of subcall function 0044BED2: GetClientRect.USER32(?,?), ref: 0044BEF6
                  • Part of subcall function 004267D0: GetSystemMenu.USER32(?,00000000,?,?,0041EFD6,00000000,34224227), ref: 004267E2
                • SetWindowLongA.USER32(?,000000EC,00000008), ref: 0041F2F4
                  • Part of subcall function 00426710: AppendMenuA.USER32(00000000,00000000,00000065,00000000), ref: 0042672A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Menu$AppendClientLongRectSystemWindow
                • String ID: %s v%s$'B"4$Idle$Offline
                • API String ID: 3113333077-250256607
                • Opcode ID: a726c993a9d65625c4b510e67b94d762bc61b2d10584657512e6fa6cf90a0f98
                • Instruction ID: e7f35fe7b5914459477c7b479cf8badd3e702af8aff47df5e85fedb637dc934c
                • Opcode Fuzzy Hash: a726c993a9d65625c4b510e67b94d762bc61b2d10584657512e6fa6cf90a0f98
                • Instruction Fuzzy Hash: 99A14D70A00218AFEB58EB15CC52FAEB775AF45304F1080EDA2496B2C2CF746E85CF59
                APIs
                • SysStringLen.OLEAUT32(?), ref: 00454BA7
                • CoGetClassObject.COMBASE(?,?,00000000,0048EA14,?), ref: 00454BC5
                • CoGetClassObject.OLE32(?,?,00000000,0048E7D4,00000000), ref: 00454BFF
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClassObject$String
                • String ID: P?<up=<u
                • API String ID: 1109195124-951417710
                • Opcode ID: 37b6813c3a58a15486b5a65cb9f977ae8dadafe190fd25892298e30a91ef6d69
                • Instruction ID: dabc6cb748e5582a5f0e48a928203d74437219bd5c63e172cc72e087b3dccdaf
                • Opcode Fuzzy Hash: 37b6813c3a58a15486b5a65cb9f977ae8dadafe190fd25892298e30a91ef6d69
                • Instruction Fuzzy Hash: E6115676900209EFCF028F90CC04E9E7BA9EF48715F104465FD15AB260C736DD61DBA4
                APIs
                • RegOpenKeyExA.KERNEL32(00000002,00000000,00000000,000F003F,'B"4,?,?,?,00FFFFFF,009B5900,34224227), ref: 0043F277
                • RegQueryValueExA.KERNEL32('B"4,00000000,00000000,00000000,00000000,00000000,?,?,?,00FFFFFF,009B5900,34224227), ref: 0043F2AA
                • RegCloseKey.ADVAPI32('B"4,?,?,?,00FFFFFF,009B5900,34224227), ref: 0043F2B7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseOpenQueryValue
                • String ID: 'B"4
                • API String ID: 3677997916-3921257376
                • Opcode ID: a86addb9affeff07fe3086c7922b4e99f91941c63d600f186290435198b329e3
                • Instruction ID: a4e76281721976afc91e64b2fa2a16a7ec77446379bb61bea6a965ef88a609b0
                • Opcode Fuzzy Hash: a86addb9affeff07fe3086c7922b4e99f91941c63d600f186290435198b329e3
                • Instruction Fuzzy Hash: A8112174A00108EBDB04DF95C946FAE7778AB14304F1040AAF605AB2C1DBB5AA45DBA9
                APIs
                  • Part of subcall function 0044B909: __EH_prolog3.LIBCMT ref: 0044B910
                • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0041EEB2
                • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0041EEC4
                  • Part of subcall function 00426890: LoadIconA.USER32(00000000,00000000), ref: 004268A2
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ProcessorVirtual$Concurrency::RootRoot::$H_prolog3IconLoad
                • String ID: iA
                • API String ID: 314033358-1118743441
                • Opcode ID: 295b6b8ff9b64d5532633297aa64cccfe4526497a9c322fbebae0b91c8baae5d
                • Instruction ID: 8b6415bbb973631f210e79eca7197072835cb616985776030fcc61c62e7277ec
                • Opcode Fuzzy Hash: 295b6b8ff9b64d5532633297aa64cccfe4526497a9c322fbebae0b91c8baae5d
                • Instruction Fuzzy Hash: 45317FB0A04299DFEB04DF98C855BAEBBB1FF45308F1446ADE5216B3C1CB795900CBA5
                APIs
                  • Part of subcall function 0044969C: GetModuleHandleA.KERNEL32(KERNEL32,004497B6), ref: 004496AA
                  • Part of subcall function 0044969C: GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 004496CB
                  • Part of subcall function 0044969C: GetProcAddress.KERNEL32(ReleaseActCtx), ref: 004496DD
                  • Part of subcall function 0044969C: GetProcAddress.KERNEL32(ActivateActCtx), ref: 004496EF
                  • Part of subcall function 0044969C: GetProcAddress.KERNEL32(DeactivateActCtx), ref: 00449701
                • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 004497D0
                • SetLastError.KERNEL32(0000006F), ref: 004497E7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressProc$Module$ErrorFileHandleLastName
                • String ID:
                • API String ID: 2524245154-3916222277
                • Opcode ID: 262fdf62b07f86cb7f0bb43b7e2350d3a8d58d52ab9928816defc8a5018c64c3
                • Instruction ID: 90707752772c351ac8fe8ce12b0f955ff97fabce1126ce447bc93a7dd4024503
                • Opcode Fuzzy Hash: 262fdf62b07f86cb7f0bb43b7e2350d3a8d58d52ab9928816defc8a5018c64c3
                • Instruction Fuzzy Hash: 652180708102189AEB20EF75C8487EFB7F8BF55324F10469ED059D6180DB785E85DF65
                APIs
                • __EH_prolog3.LIBCMT ref: 0044BDC1
                  • Part of subcall function 00441404: _malloc.LIBCMT ref: 00441422
                • GetModuleFileNameA.KERNEL32(?,00000000,00000104,00000010,0044BFBD,?,00000066), ref: 0044BDF7
                  • Part of subcall function 0044AF01: __EH_prolog3.LIBCMT ref: 0044AF08
                  • Part of subcall function 0044AF01: lstrlenA.KERNEL32(?,?,?,00000048,0044BFE7,?,00000000,00000000,00000000,00000000,00000000,00000066), ref: 0044AF41
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?,?,00000000,00000000,00000008,00000000,?,00000003,?,00000008,?,00000008,?,?,00000048,0044BFE7), ref: 0044AFA0
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?), ref: 0044AFAD
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?), ref: 0044AFB3
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?), ref: 0044AFB9
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?), ref: 0044AFBF
                  • Part of subcall function 0044AF01: SysFreeString.OLEAUT32(?), ref: 0044AFC4
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClearVariant$H_prolog3$FileFreeModuleNameString_malloclstrlen
                • String ID: res://%s/%d
                • API String ID: 88287491-163381412
                • Opcode ID: c5c446ac21526d4fe7f55a35c83fc89a92bd381e6917d333fb75bf896c13b200
                • Instruction ID: cc15cdae85c4c0b20495313dce795c16c1d56e442635379ff6ee5d54dad80f2d
                • Opcode Fuzzy Hash: c5c446ac21526d4fe7f55a35c83fc89a92bd381e6917d333fb75bf896c13b200
                • Instruction Fuzzy Hash: 7301447090010A9BDF00EFA6CC569FFBB74EF44318F10442BB214671D2DA799A51DB99
                APIs
                • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0044DD65
                • PathFindExtensionA.SHLWAPI(?), ref: 0044DD7B
                  • Part of subcall function 0044DACE: __EH_prolog3_GS.LIBCMT ref: 0044DAD8
                  • Part of subcall function 0044DACE: GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,0044DD9F,?,?), ref: 0044DB08
                  • Part of subcall function 0044DACE: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0044DB1C
                  • Part of subcall function 0044DACE: ConvertDefaultLocale.KERNEL32(?), ref: 0044DB58
                  • Part of subcall function 0044DACE: ConvertDefaultLocale.KERNEL32(?), ref: 0044DB66
                  • Part of subcall function 0044DACE: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 0044DB83
                  • Part of subcall function 0044DACE: ConvertDefaultLocale.KERNEL32(?), ref: 0044DBAE
                  • Part of subcall function 0044DACE: ConvertDefaultLocale.KERNEL32(000003FF), ref: 0044DBB7
                  • Part of subcall function 0044DACE: GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0044DC6C
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
                • String ID: %s%s.dll
                • API String ID: 1311856149-1649984862
                • Opcode ID: 1436604fb243e4b49cca6cafcc8f9ca07d6ae960efaf7c1aa41eab7d93ac4b95
                • Instruction ID: f9679f0863d4af9ceb78e9de002daa9d4e1efd3aef7996d693cd6989bc4956e8
                • Opcode Fuzzy Hash: 1436604fb243e4b49cca6cafcc8f9ca07d6ae960efaf7c1aa41eab7d93ac4b95
                • Instruction Fuzzy Hash: 590181B1E001189BEB14EF69DD41AEF7BECAF89704F0404BAA605E7240DA74DE04CB65
                APIs
                • __EH_prolog3.LIBCMT ref: 004561E9
                • OffsetRect.USER32(?,FFFF8300,FFFF8300), ref: 004563B6
                • OffsetRect.USER32(?,00007D00,00007D00), ref: 004563E7
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: OffsetRect$H_prolog3
                • String ID:
                • API String ID: 3703573103-0
                • Opcode ID: 148d92e9c6f1864bcd86dc454229f4b7f3cb5a7dbf23146c66127e8dc7e7b91c
                • Instruction ID: 984aa12605eb11afe445b2c624af8e9dee6600f709982b871ecb1c22d730f082
                • Opcode Fuzzy Hash: 148d92e9c6f1864bcd86dc454229f4b7f3cb5a7dbf23146c66127e8dc7e7b91c
                • Instruction Fuzzy Hash: AA917A71600205DFCF05EF64C884AAE3BA9BF48305F1546AAFC05DF256DB78D858CB94
                APIs
                • RegOpenKeyExA.KERNEL32(80000001,0049D0A8,00000000,00000001,?), ref: 0044D575
                • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 0044D595
                • RegCloseKey.ADVAPI32(?), ref: 0044D5D9
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseOpenQueryValue
                • String ID:
                • API String ID: 3677997916-0
                • Opcode ID: 4417f4e3ef2b3a53563a08be5055b1ba34d78f16337c1a076acd2e8cee1a9a9c
                • Instruction ID: e50b8b10da38c13adeecf9278ae1b4db401d75c8a9ca84eb24ab8dd9b3842c8b
                • Opcode Fuzzy Hash: 4417f4e3ef2b3a53563a08be5055b1ba34d78f16337c1a076acd2e8cee1a9a9c
                • Instruction Fuzzy Hash: BC212CB1D00208FFEB11CF99D944AAEBBF8FF94708F2041AAE445A6250D7755A40CB65
                APIs
                • FindResourceA.KERNEL32(?,?,00000005), ref: 00441E43
                • LoadResource.KERNEL32(?,00000000,?,?,?,?,00402928,?,?), ref: 00441E4B
                • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,?,00402928,?,?), ref: 00441E62
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Resource$FindFreeLoad
                • String ID:
                • API String ID: 934874419-0
                • Opcode ID: c7300f0cf5ec9f522b27c9b49ce469ceca7f1da95176a55e351571f0ab687194
                • Instruction ID: 2c046b40f85067e2cf69d57b216290e743fe60410043c0a13df0af940b58b14a
                • Opcode Fuzzy Hash: c7300f0cf5ec9f522b27c9b49ce469ceca7f1da95176a55e351571f0ab687194
                • Instruction Fuzzy Hash: 07F09072501614BFE7105BAB9C88DABBB9CFF59365F00412AF90CC7220CB399C8187A8
                APIs
                • KiUserCallbackDispatcher.NTDLL(00000030,00000000,00000000,00000000), ref: 0044E69A
                • TranslateMessage.USER32(00000030), ref: 0044E6B9
                • DispatchMessageA.USER32(00000030), ref: 0044E6C0
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Message$CallbackDispatchDispatcherTranslateUser
                • String ID:
                • API String ID: 2960505505-0
                • Opcode ID: be608bb0ef86af02fb7d1efdde6493e242f3fd46e6b6c53f18354438c0049d89
                • Instruction ID: 81f8f0f4213ca4ed987f58462c6f68f706527f95bf2989f310f9d45775e18eb2
                • Opcode Fuzzy Hash: be608bb0ef86af02fb7d1efdde6493e242f3fd46e6b6c53f18354438c0049d89
                • Instruction Fuzzy Hash: 97F05E32200500ABA3356B23AD4CC3F36ACBF95B1578649BEF406D6511DB3CDC429A6A
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: InitVariant
                • String ID: p=<u
                • API String ID: 1927566239-894760207
                • Opcode ID: e732e5d86d4125cebda5b425e939353ed74759c62842d9919d3464660c7f02f6
                • Instruction ID: 4e9df48c0afb872c1986ab5074ba7dc0de0754082f1a26689967d5e08025aea1
                • Opcode Fuzzy Hash: e732e5d86d4125cebda5b425e939353ed74759c62842d9919d3464660c7f02f6
                • Instruction Fuzzy Hash: 59214C36200208EFDB15CF65C884E9E77F9EF88764B21806AF909CB261DB34DE01DB95
                APIs
                • __EH_prolog3_catch.LIBCMT ref: 0044503C
                  • Part of subcall function 0045254F: __EH_prolog3.LIBCMT ref: 00452556
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Exception@8H_prolog3H_prolog3_catchThrow
                • String ID: 8VSD
                • API String ID: 1377961577-2630735438
                • Opcode ID: d32c81d620238c526b2180f3e8a9183c95686df64b9896f70fc3884b2f06c685
                • Instruction ID: 1a0d9f7ec60e1466a17c05fb10439c04fab574f33403cd92071826e6d915aa8c
                • Opcode Fuzzy Hash: d32c81d620238c526b2180f3e8a9183c95686df64b9896f70fc3884b2f06c685
                • Instruction Fuzzy Hash: 10218C75A00208DFDF05DFA5C481ADE3BB6AF48314F10806BF905AB242C778AA45DB95
                APIs
                • #17.COMCTL32(34224227), ref: 0041E531
                  • Part of subcall function 0044D9A9: InterlockedExchange.KERNEL32(004A1BD8,?), ref: 0044D9D2
                  • Part of subcall function 0044F013: __strdup.LIBCMT ref: 0044F026
                  • Part of subcall function 0044F013: __strdup.LIBCMT ref: 0044F039
                  • Part of subcall function 0041EE30: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0041EEB2
                  • Part of subcall function 0041EE30: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0041EEC4
                  • Part of subcall function 00441BDB: __EH_prolog3_catch.LIBCMT ref: 00441BE2
                  • Part of subcall function 00441BDB: FindResourceA.KERNEL32(?,?,00000005), ref: 00441C15
                  • Part of subcall function 00441BDB: LoadResource.KERNEL32(?,00000000), ref: 00441C1D
                  • Part of subcall function 00441BDB: LockResource.KERNEL32(?,00000024,004070BD,34224227), ref: 00441C2E
                  • Part of subcall function 0041E620: std::bad_exception::~bad_exception.LIBCMTD ref: 0041E668
                  • Part of subcall function 0041E620: std::bad_exception::~bad_exception.LIBCMTD ref: 0041E67A
                  • Part of subcall function 0041E620: std::bad_exception::~bad_exception.LIBCMTD ref: 0041E68C
                Strings
                • Local AppWizard-Generated Applications, xrefs: 0041E54C
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ProcessorVirtual$Resourcestd::bad_exception::~bad_exception$Concurrency::RootRoot::__strdup$ExchangeFindH_prolog3_catchInterlockedLoadLock
                • String ID: Local AppWizard-Generated Applications
                • API String ID: 2474535597-3869840320
                • Opcode ID: 10495cbdefee91d144784c5afba2ffcd32badd8ed5f03e92730107ebe9c311ac
                • Instruction ID: 51c34ded2872ff67161870102a2b075827c32b0e916a6512c420e8baba5fdbbb
                • Opcode Fuzzy Hash: 10495cbdefee91d144784c5afba2ffcd32badd8ed5f03e92730107ebe9c311ac
                • Instruction Fuzzy Hash: 5D116D75E003189BDB24EF15DD52B9DB7B4EB09318F1002AEE41A67792DB382E44CF46
                APIs
                  • Part of subcall function 00448273: GetWindowLongA.USER32(?,000000F0), ref: 0044827E
                • SetRectEmpty.USER32(?), ref: 0044C953
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: EmptyLongRectWindow
                • String ID: msctls_statusbar32
                • API String ID: 2293799620-4095915827
                • Opcode ID: abb8b915f6e19711050c81371644d0db07bd31079b3a71e288cca5a01023e307
                • Instruction ID: aa8b3a36d607084a3f3f205b883f157a145e5d487b9cbad7f0c712f5cc2716a4
                • Opcode Fuzzy Hash: abb8b915f6e19711050c81371644d0db07bd31079b3a71e288cca5a01023e307
                • Instruction Fuzzy Hash: AAF0C87270024967EB10EEADDC06FDF3BE9AB88754F04443ABA59D7180CAB8E9518658
                APIs
                • _malloc.LIBCMT ref: 00441422
                  • Part of subcall function 00467690: __FF_MSGBANNER.LIBCMT ref: 004676B3
                  • Part of subcall function 00467690: __NMSG_WRITE.LIBCMT ref: 004676BA
                  • Part of subcall function 00467690: RtlAllocateHeap.NTDLL(00000000,00000069,?,?,?,x'B"4,00441427,x'B"4,?,?,004028BC,x'B"4,?,0040102C,00000078,34224227), ref: 00467707
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocateHeap_malloc
                • String ID: x'B"4
                • API String ID: 501242067-3346866351
                • Opcode ID: 2fdbb4024e25e8e1c93f3e1bbb68b2fd79f3aee3788e2c1cafa931a39179aa19
                • Instruction ID: 4d05f2cfef3a8bce518e92c19379877cc0256f3a7e6b8964481215bb1cc9efba
                • Opcode Fuzzy Hash: 2fdbb4024e25e8e1c93f3e1bbb68b2fd79f3aee3788e2c1cafa931a39179aa19
                • Instruction Fuzzy Hash: 5DD02B3630412B676B10199ADC00457BB4ACB407F03044033F908D7631DB14CD8143D8
                APIs
                • IsDialogMessageA.USER32(?,`@,?,?,00442F3F,`@,?,004416A0,`@,`@,?,?,?,004060EA,?), ref: 00448268
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: DialogMessage
                • String ID: `@
                • API String ID: 547518314-4145069739
                • Opcode ID: a45b272d9900456a42f65f44cf7c0c083c3d3a96d7bc54cf57a9b8fca3cfe9ba
                • Instruction ID: 4f74f02bc3504ebd49a640d70fa8679f41d26fbec129ac0bc212293888228252
                • Opcode Fuzzy Hash: a45b272d9900456a42f65f44cf7c0c083c3d3a96d7bc54cf57a9b8fca3cfe9ba
                • Instruction Fuzzy Hash: B2E08632100604AFD7115F95C808CCA7BB9FF4D320700816AF54597521CBB5EC50DB94
                APIs
                • SendMessageA.USER32(?,00000080,00000001,00000000), ref: 0042685B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MessageSend
                • String ID: 'B"4
                • API String ID: 3850602802-3921257376
                • Opcode ID: 20b29eee0edb3c8d17e3024bb61ad4fd4a615ffe4c375f5e4286d5af38787a06
                • Instruction ID: f81f31a17f999f33ef9297bee5e8b458fd20b750d85255c359fb38485297eebe
                • Opcode Fuzzy Hash: 20b29eee0edb3c8d17e3024bb61ad4fd4a615ffe4c375f5e4286d5af38787a06
                • Instruction Fuzzy Hash: 2AD067B5605109BBC744DF89D855D5AB7ACFB4C310F108299B94887340D671AE549BA4
                APIs
                  • Part of subcall function 00426800: IsIconic.USER32(?), ref: 0042680E
                  • Part of subcall function 004509C9: __EH_prolog3.LIBCMT ref: 004509D0
                  • Part of subcall function 004509C9: BeginPaint.USER32(?,?,00000004,004414D5,?,00000058,0041F50C,34224227), ref: 004509FC
                  • Part of subcall function 004267A0: SendMessageA.USER32(?,?,00000000,00000000), ref: 004267BA
                • GetSystemMetrics.USER32(0000000B), ref: 0041F46A
                • GetSystemMetrics.USER32(0000000C), ref: 0041F478
                  • Part of subcall function 00408D10: GetClientRect.USER32(?,0049C1FC), ref: 00408D22
                  • Part of subcall function 004266E0: DrawIcon.USER32(00000000,?,?,?), ref: 004266FA
                  • Part of subcall function 00450A1D: __EH_prolog3.LIBCMT ref: 00450A24
                  • Part of subcall function 00450A1D: EndPaint.USER32(?,?,00000004,004414FB,?,?,00000058,0041F50C,34224227), ref: 00450A3F
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: H_prolog3MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                • String ID:
                • API String ID: 2914073315-0
                • Opcode ID: dd8044cc1e23b09f7c99924cc181b13f83bad4f63159e6047be4c98d5eb64ad2
                • Instruction ID: 2177e60eb50e3d83777f14cc4fa938a2e56b4789382a7af9944a48422048a252
                • Opcode Fuzzy Hash: dd8044cc1e23b09f7c99924cc181b13f83bad4f63159e6047be4c98d5eb64ad2
                • Instruction Fuzzy Hash: EE3129719001199FDB14EF65DD42BEDB7B5BF08304F1042AEA90AA7682DF346E44CF68
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: H_prolog3Initialize
                • String ID:
                • API String ID: 3221705332-0
                • Opcode ID: fc16c681f7c2221ae157b2e8076df7a892d9f3486d1b38b6ae91933461db9546
                • Instruction ID: 3c13e59edafea36e5f201d857e7a81cbee7e9aaee3dbfbdcdc4301775ebdcfc9
                • Opcode Fuzzy Hash: fc16c681f7c2221ae157b2e8076df7a892d9f3486d1b38b6ae91933461db9546
                • Instruction Fuzzy Hash: 71015EB0904781ABDB74FFB2884665F26A07F0431DB104A6FE19797192FB7C99409A1F
                APIs
                  • Part of subcall function 0045254F: __EH_prolog3.LIBCMT ref: 00452556
                • GetCurrentThreadId.KERNEL32 ref: 0044665B
                • SetWindowsHookExA.USER32(00000005,004463D9,00000000,00000000), ref: 0044666B
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CurrentException@8H_prolog3HookThreadThrowWindows
                • String ID:
                • API String ID: 1226552664-0
                • Opcode ID: ccb11d1700a4efefd25fcd3d97b8e85fd856274808d2b4c8e1759535115968ae
                • Instruction ID: eebe497f716fd3bff9f601ecc7bca55c45c1769e48eb6242c0e02460fa80b35f
                • Opcode Fuzzy Hash: ccb11d1700a4efefd25fcd3d97b8e85fd856274808d2b4c8e1759535115968ae
                • Instruction Fuzzy Hash: FBF02E31541714A7E3301F979C05B177668DBC2775F13062FFA8585640C674DC448AFE
                APIs
                • DefWindowProcA.USER32(?,?,?,?), ref: 004428CF
                • CallWindowProcA.USER32(?,?,?,?,?), ref: 004428E4
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ProcWindow$Call
                • String ID:
                • API String ID: 2316559721-0
                • Opcode ID: a5a010ba33a6b004b710942e49102777f2408aa91270b3fe84876deee8022e30
                • Instruction ID: 75a001b2f803f85922e0f1e0fd4eba8721c57cee49e8204b0a4407f357e8eea6
                • Opcode Fuzzy Hash: a5a010ba33a6b004b710942e49102777f2408aa91270b3fe84876deee8022e30
                • Instruction Fuzzy Hash: 99F01C36100209FFDF115FA5DC08DAA7BB9FF0C354B044969FA59C6520E772D860EB44
                APIs
                • IsWindow.USER32(?), ref: 00448313
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                • SetWindowTextA.USER32(?,00403380), ref: 0044833B
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$Exception@8TextThrow
                • String ID:
                • API String ID: 735465941-0
                • Opcode ID: e76c99fb6c76e617c6aeeb4b59805d3ffc3783c53e17d80d382686b001877c5d
                • Instruction ID: f93f585900b163941ccc82a2603d1afbb1d18409b8febc81779e50499754e2b0
                • Opcode Fuzzy Hash: e76c99fb6c76e617c6aeeb4b59805d3ffc3783c53e17d80d382686b001877c5d
                • Instruction Fuzzy Hash: 0AF0A032100714DBEB305F65D804A9BB7A8FB08765B00457EE88582A20DF72AC40CB84
                APIs
                • GetCurrentThreadId.KERNEL32 ref: 0044E88D
                • SetWindowsHookExA.USER32(000000FF,Function_0004E6E2,00000000,00000000), ref: 0044E89D
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CurrentHookThreadWindows
                • String ID:
                • API String ID: 1904029216-0
                • Opcode ID: ade0e00573b2ae69bccd0ad76519d265523efd2741d4abd19094a0099e335d28
                • Instruction ID: dcbdaeaf2f500b33d7c4a3856e3713013984ab107d632418030696d4f27db756
                • Opcode Fuzzy Hash: ade0e00573b2ae69bccd0ad76519d265523efd2741d4abd19094a0099e335d28
                • Instruction Fuzzy Hash: DBD0A731408250AEFB202F726C0DB5A3A446F04328F25079AF060521D2C5684881575D
                APIs
                • GetClientRect.USER32(?,?), ref: 0044BEF6
                  • Part of subcall function 004482FF: IsWindow.USER32(?), ref: 00448313
                  • Part of subcall function 0044BDBA: __EH_prolog3.LIBCMT ref: 0044BDC1
                  • Part of subcall function 0044BDBA: GetModuleFileNameA.KERNEL32(?,00000000,00000104,00000010,0044BFBD,?,00000066), ref: 0044BDF7
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClientFileH_prolog3ModuleNameRectWindow
                • String ID:
                • API String ID: 621134874-0
                • Opcode ID: dda450aaa7496d01dd711678f5534955ab9988edc93611ad3c1e9408c01e8233
                • Instruction ID: 6bb587ed7e5562a6d9b100fc5adfd1a56531cd38bf12c6546c466a0133ea89f7
                • Opcode Fuzzy Hash: dda450aaa7496d01dd711678f5534955ab9988edc93611ad3c1e9408c01e8233
                • Instruction Fuzzy Hash: 20317271200645AFFB54AA65CC85F7F72AAEB44708F10481EF25AC7241DF69EC098B99
                APIs
                • __EH_prolog3_catch.LIBCMT ref: 0045B071
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Exception@8H_prolog3_catchThrow
                • String ID:
                • API String ID: 1118002619-0
                • Opcode ID: 8af9f9c7f9602d9ed0a5b3957efaf63d3c9545b863b70872bc3b4675e504f8f0
                • Instruction ID: 53b5421474e1232323d7148b4b32ca259d2ad0335fa82702d6d7f301716eaead
                • Opcode Fuzzy Hash: 8af9f9c7f9602d9ed0a5b3957efaf63d3c9545b863b70872bc3b4675e504f8f0
                • Instruction Fuzzy Hash: 22418B30200605EFCF12DFA5C9559AF7BB2FF08346B10415AF8069B2A2C739DD15DB95
                APIs
                  • Part of subcall function 00414160: FindResourceA.KERNEL32(00000000,00000000,00000006), ref: 00414177
                • WideCharToMultiByte.KERNEL32(00000000,00000000,-00000002,?,00000001,?,00000000,00000000,?,?,00000000,?,00449466,?,?,00000080), ref: 0044D2C6
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ByteCharFindMultiResourceWide
                • String ID:
                • API String ID: 3726879926-0
                • Opcode ID: 2c55e29664cfcada86b95bca3f7eaed0adbf95b0733fdd4c7ab867d838f32ff6
                • Instruction ID: 87f823f7735d390b44c15e82fe366d2413783523936e0aebbdc98f4ce3b312f9
                • Opcode Fuzzy Hash: 2c55e29664cfcada86b95bca3f7eaed0adbf95b0733fdd4c7ab867d838f32ff6
                • Instruction Fuzzy Hash: DDF0B4731041587FB7105FE69C89CBB7B9CEED5364315446FF5049B201D47ADC819278
                APIs
                • __EH_prolog3.LIBCMT ref: 00452556
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Exception@8H_prolog3Throw
                • String ID:
                • API String ID: 3670251406-0
                • Opcode ID: 9121e6609b1e2b889f046497d31da713b6d7a7499f2ddb1f45080690e1175fc3
                • Instruction ID: 2cc2998c44e6700d4fe6391e4f8e27a2b2efdfadc2a60e6c984cb1815b7804f0
                • Opcode Fuzzy Hash: 9121e6609b1e2b889f046497d31da713b6d7a7499f2ddb1f45080690e1175fc3
                • Instruction Fuzzy Hash: 58015E35601206ABDB24AFA5C92162A7AA2AB92356B10443FF845A7392EF7C9D04C758
                APIs
                  • Part of subcall function 00448273: GetWindowLongA.USER32(?,000000F0), ref: 0044827E
                • GetWindowRect.USER32(?,10000000), ref: 00444FE9
                  • Part of subcall function 00444FA4: GetWindow.USER32(?,0044500A), ref: 00444FAF
                  • Part of subcall function 004483C8: IsWindowEnabled.USER32(?), ref: 004483D1
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$EnabledLongRect
                • String ID:
                • API String ID: 3170195891-0
                • Opcode ID: e5c0d8551bd82bf2ebd4551e75ace69adfe433c2cfdc2ad338958a99f861fb20
                • Instruction ID: c83ca138592e5b6285026958407d9f1e9991e9e6433494525c3442907f39ed23
                • Opcode Fuzzy Hash: e5c0d8551bd82bf2ebd4551e75ace69adfe433c2cfdc2ad338958a99f861fb20
                • Instruction Fuzzy Hash: D6016D357106149BFF24EB65C865B7F73A9AF54754F80045AEC019B382DF39ED408AD8
                APIs
                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,00000104,34224227,0041E9BE,00000000), ref: 0042744E
                  • Part of subcall function 004274A0: GetFileVersionInfoSizeA.VERSION(?,00000000), ref: 004274F0
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: File$InfoModuleNameSizeVersion
                • String ID:
                • API String ID: 4074993645-0
                • Opcode ID: 2d725a769e06ab2f6fe8fa91ae8309817cd021246dca98f324f657cc9933ce12
                • Instruction ID: 4c8f6c33c544042d1094f6c9f472b786d6f869edd6a7ad07b9a4eba2bce602df
                • Opcode Fuzzy Hash: 2d725a769e06ab2f6fe8fa91ae8309817cd021246dca98f324f657cc9933ce12
                • Instruction Fuzzy Hash: B80140B1A00119ABCB04EF95DD41BEEB7B8FB14724F50067EA521A76D0DB746A04CB58
                APIs
                • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00443259
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: 769e82745af57435a871f604a688beb3ee72a5034e81ef4bd2f66ef554ac962d
                • Instruction ID: 630068e4274c24ab306f64d499f251344fce4cbc180a60d54bd76652627aa30d
                • Opcode Fuzzy Hash: 769e82745af57435a871f604a688beb3ee72a5034e81ef4bd2f66ef554ac962d
                • Instruction Fuzzy Hash: 5C01C472900209EFDF02AFE1CD459DD7A71BF0C348F50416AFA14A2161D73A8A61EF55
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Parent
                • String ID:
                • API String ID: 975332729-0
                • Opcode ID: 0ddab3757fc1d8a0194cadd895950bb0ae164abdd8770c3922f51f1e1f9baf26
                • Instruction ID: 87f32954ede295a75c7807f805ea51373e51a397a830fb917eef8ff3fffbea5c
                • Opcode Fuzzy Hash: 0ddab3757fc1d8a0194cadd895950bb0ae164abdd8770c3922f51f1e1f9baf26
                • Instruction Fuzzy Hash: 99F0E533A0002567AB206A669804BABF76CEFD23A17144033EC05E7300EE38EC0285E9
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 488dee1cab4f7c6a419c94489cce70458314f1beaf8b52e78aa1f583b6bddba8
                • Instruction ID: 61038a0d2efcbdb9894caa3b6a156b1f9bdfc76f8dfd33355f6b986e0a6da999
                • Opcode Fuzzy Hash: 488dee1cab4f7c6a419c94489cce70458314f1beaf8b52e78aa1f583b6bddba8
                • Instruction Fuzzy Hash: AAF0A73640051CFBDF125FA19C04EDB3B29FF08350F048416FA1451012D739C921DBAA
                APIs
                • MessageBoxA.USER32(00000453,00000478,?,00000002), ref: 004432F0
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Message
                • String ID:
                • API String ID: 2030045667-0
                • Opcode ID: 0dd6be9bb8660f47f4cb35d5cd8e9c2c57fcbc4a44f2a67dcde3abe5a7b4a987
                • Instruction ID: afc3b9bc1f4ec23502d0526f41d0d7d2a8789f5f4c1269f67f5920d060825d4a
                • Opcode Fuzzy Hash: 0dd6be9bb8660f47f4cb35d5cd8e9c2c57fcbc4a44f2a67dcde3abe5a7b4a987
                • Instruction Fuzzy Hash: 45F01771900209AFEF01EFE1CC419EE7AB0BF08709F10457EE515A6161D6398A11AB19
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f91fe7f98714ece97c1f3bdf91cbb51a017e55af33b4fa6f30f9716c5fd0304
                • Instruction ID: 81244150aa413f0516d6e81b77a05b237b554fd73011378497e69dbc8e68f176
                • Opcode Fuzzy Hash: 3f91fe7f98714ece97c1f3bdf91cbb51a017e55af33b4fa6f30f9716c5fd0304
                • Instruction Fuzzy Hash: B7E04876500216A7DF205D7898405EA77D45B62370F204337E575832D0D679A982E769
                APIs
                • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0046F6C6
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CreateHeap
                • String ID:
                • API String ID: 10892065-0
                • Opcode ID: 51914c449ec3a90a355134fa8a3b16158b601495d3e9df528747f6da31e21d1c
                • Instruction ID: 10fbd2093182e1385dc508451843e8bdf170d44e51bb48ebe8758b8a6e8eaef0
                • Opcode Fuzzy Hash: 51914c449ec3a90a355134fa8a3b16158b601495d3e9df528747f6da31e21d1c
                • Instruction Fuzzy Hash: 22D05E325503455ADB005FB5BC09B623BDCD388795F048836B91CC62A0F6B4D5419A08
                APIs
                • InterlockedExchange.KERNEL32(004A1BD8,?), ref: 0044D9D2
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ExchangeInterlocked
                • String ID:
                • API String ID: 367298776-0
                • Opcode ID: a97429b5006869dc46a66a22ec253d34502ed30b1ad860aa9dbe68eb71a9aaf5
                • Instruction ID: 342d9371917d94a5de3dff6f5ca406b3169b8bf2d81859c6b7354421c68e0828
                • Opcode Fuzzy Hash: a97429b5006869dc46a66a22ec253d34502ed30b1ad860aa9dbe68eb71a9aaf5
                • Instruction Fuzzy Hash: BFE0C231600A508FD7216F39D808A277BE9EF4D31170504FAF4A6C3221DB34DC00CB94
                APIs
                • LockResource.KERNEL32(?,?,?,00441E5F,00000000,?,?,?,?,?,?,00402928,?,?), ref: 00441DDF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: LockResource
                • String ID:
                • API String ID: 1236514755-0
                • Opcode ID: 6c824703503b6b3a2927eb9feea4f436743de9ae8cb2536bdae678a8e0b0663d
                • Instruction ID: 4f36f7d4c825cfe15f89cf2ce792de99f5146e6cfec0182ccc8e048f4864a2cd
                • Opcode Fuzzy Hash: 6c824703503b6b3a2927eb9feea4f436743de9ae8cb2536bdae678a8e0b0663d
                • Instruction Fuzzy Hash: F8D0C976500368B7DF212F929C09E8B7F1AEB997B0F00441AFE18462608A77D860D6A5
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ShowWindow
                • String ID:
                • API String ID: 1268545403-0
                • Opcode ID: fce7da1a44d4f2394c9b9f94322f9403b6e179387751e8b4fdc181e9d159296b
                • Instruction ID: 42387e99ae628aae55c2315d6e519e622592ab065a0a2b8a65af16b9690542ce
                • Opcode Fuzzy Hash: fce7da1a44d4f2394c9b9f94322f9403b6e179387751e8b4fdc181e9d159296b
                • Instruction Fuzzy Hash: 73D09272140648DFDB149F41D808FBA3BA9FB98719F6401E9E9580E622CB33A862DB44
                APIs
                • LoadIconA.USER32(00000000,00000000), ref: 004268A2
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: IconLoad
                • String ID:
                • API String ID: 2457776203-0
                • Opcode ID: 6d754fa8298e9457d1bc11d8ac839a8443932c6639e8c26408ccb1f50e6aa806
                • Instruction ID: aecbb7b8b6ea25d2ab8cb575b2e139cd18daa8ee0cf3e66144e060e717851b13
                • Opcode Fuzzy Hash: 6d754fa8298e9457d1bc11d8ac839a8443932c6639e8c26408ccb1f50e6aa806
                • Instruction Fuzzy Hash: 26C080B180530C7387006FD6BC0586AB75CD708301700456BFD04C3200E539955095BD
                APIs
                • __CxxThrowException@8.LIBCMT ref: 004494BF
                  • Part of subcall function 004652A1: KiUserExceptionDispatcher.NTDLL(000000AC,00000000,00401046,00000000,000000AC,00000000,00000000,?,00401046,00000000), ref: 004652E3
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: DispatcherExceptionException@8ThrowUser
                • String ID:
                • API String ID: 2513928553-0
                • Opcode ID: ca7f574900375cbb6651caf8758f7fa29b88f9baf2bdc6e16e9351e4da9ead02
                • Instruction ID: e2e1cd6b44fa5047f616c4b728c1a91fa4d0b20c750360059b03a0fedf58e483
                • Opcode Fuzzy Hash: ca7f574900375cbb6651caf8758f7fa29b88f9baf2bdc6e16e9351e4da9ead02
                • Instruction Fuzzy Hash: 40C09B7150060CBB4B04DBD6CD4AD4E7EADD545714F7581B6F114A3101E7B4BF045669
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID: #=$$=$%=$&=$d=$e=$f=$g=$i=$j=$k=$m=$n=$o=$p$p=$q=$s$t=$u=$v$z=$'B"4$330$bad length$invalid
                • API String ID: 0-683032966
                • Opcode ID: e7626a22800353dbc1670e4d9bd1edffe18422c5bafb50121c7bf68d285616f6
                • Instruction ID: 495b4a5e4549dfc4facf3fa892b2462ae1575260bf64be4e67a2d9082a604016
                • Opcode Fuzzy Hash: e7626a22800353dbc1670e4d9bd1edffe18422c5bafb50121c7bf68d285616f6
                • Instruction Fuzzy Hash: 913263B1E00218DBDB14DF54D881BED7775EF88304F5084AEE6096B281DB789E85CF9A
                APIs
                • LoadLibraryA.KERNEL32(SETUPAPI.DLL), ref: 00426D20
                • GetProcAddress.KERNEL32(00000000,SetupDiOpenDevRegKey), ref: 00426D3F
                • GetProcAddress.KERNEL32(00000000,SetupDiClassGuidsFromNameA), ref: 00426D51
                • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsA), ref: 00426D63
                • GetProcAddress.KERNEL32(00000000,SetupDiDestroyDeviceInfoList), ref: 00426D75
                • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInfo), ref: 00426D87
                • FreeLibrary.KERNEL32(00000000), ref: 00426DB2
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressProc$Library$FreeLoad
                • String ID: COM$PortName$Ports$Ports$SETUPAPI.DLL$SetupDiClassGuidsFromNameA$SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInfo$SetupDiGetClassDevsA$SetupDiOpenDevRegKey
                • API String ID: 2449869053-759707434
                • Opcode ID: 6b3cde61b4707c2b8b62d276c146249b94b68fa1a2bfc1b09e5e7881f1ca106c
                • Instruction ID: f2f00972c430718179f548a35f0e02d4b243340792daa420d0ee8e66e8aacfe2
                • Opcode Fuzzy Hash: 6b3cde61b4707c2b8b62d276c146249b94b68fa1a2bfc1b09e5e7881f1ca106c
                • Instruction Fuzzy Hash: F69160B4E00218EFDF14DFE0DC49BEEB7B8AF48304F5145AAE505A6290D7789A84CF58
                APIs
                • __EH_prolog3.LIBCMT ref: 00460D58
                • GetKeyState.USER32(00000001), ref: 00460D9F
                • GetKeyState.USER32(00000002), ref: 00460DAC
                • GetKeyState.USER32(00000004), ref: 00460DB9
                • GetParent.USER32(?), ref: 00460DDE
                • SendMessageA.USER32(?,00000401,00000000,00000000), ref: 00460E8A
                • _memset.LIBCMT ref: 00460EA1
                • ScreenToClient.USER32(?,?), ref: 00460EBF
                • _memset.LIBCMT ref: 00460ECD
                • GetCursorPos.USER32(?), ref: 00460F13
                • SendMessageA.USER32(?,00000412,00000000,?), ref: 00460F31
                • SendMessageA.USER32(?,00000404,00000000,?), ref: 00460FA0
                • SendMessageA.USER32(?,00000401,00000001,00000000), ref: 00460FC6
                • SendMessageA.USER32(?,00000411,00000001,?), ref: 00460FE5
                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000213), ref: 00460FF8
                • SendMessageA.USER32(?,00000405,00000000,?), ref: 00461022
                • _memset.LIBCMT ref: 00461047
                • SendMessageA.USER32(?,00000401,00000000,00000000), ref: 00461088
                • GetParent.USER32(?), ref: 004610B7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MessageSend$State_memset$Parent$ClientCursorH_prolog3ScreenWindow
                • String ID: ,
                • API String ID: 2864161637-3772416878
                • Opcode ID: ead85d1b0e5de877c14d9b95146aec2e46e0f2a8f1dfc69570ea0fbcc1898bd9
                • Instruction ID: 5bbe4c75d0ccd07b5a8d5eaa8d172a14677af3faa5af0cc5c229a76d2a39472e
                • Opcode Fuzzy Hash: ead85d1b0e5de877c14d9b95146aec2e46e0f2a8f1dfc69570ea0fbcc1898bd9
                • Instruction Fuzzy Hash: 4AC10371B00215ABDF249FA5C885BAF7771BF08304F14412BE605AB6B1E7799D81CB4A
                APIs
                • __EH_prolog3_GS.LIBCMT ref: 004513D5
                • GetFullPathNameA.KERNEL32(00000000,00000104,?,?,00000158,00451674,?,00000000,?,00000000,00000104,00000000), ref: 00451413
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                • _DebugHeapAllocator.LIBCPMTD ref: 0045145A
                • PathIsUNCA.SHLWAPI(?,?,?), ref: 00451483
                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004514AA
                • CharUpperA.USER32(?), ref: 004514DD
                • FindFirstFileA.KERNEL32(?,?), ref: 004514F9
                • FindClose.KERNEL32(00000000), ref: 00451505
                • lstrlenA.KERNEL32(?), ref: 00451523
                • _DebugHeapAllocator.LIBCPMTD ref: 00451580
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugFindHeapPath$CharCloseException@8FileFirstFullH_prolog3_InformationNameThrowUpperVolumelstrlen
                • String ID: 'B"4
                • API String ID: 511526410-3921257376
                • Opcode ID: 774dae894feb6716bd8c885b68e53b3cc095bb1059bac73c28a9ac74e583bdb5
                • Instruction ID: 424e3b5ac76cdbc09a84a10c099f67032867f4ef10abc82a528a2fc2edea3620
                • Opcode Fuzzy Hash: 774dae894feb6716bd8c885b68e53b3cc095bb1059bac73c28a9ac74e583bdb5
                • Instruction Fuzzy Hash: B941C5705001199BDF159F61CC49BFE7778AF4531AF0045DAFC19A62A2EB384E88CE19
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClientScreenWindow_memset
                • String ID: 0
                • API String ID: 1268500159-4108050209
                • Opcode ID: 9f5b4d7efe785f9c2ca03912ba12e45b2ef235444130b217c3199a192955a6ea
                • Instruction ID: ed81c27de746a059a605379ec5b3a1f83f8dfd9a0ee1a17e52c3f45da4a8f3f1
                • Opcode Fuzzy Hash: 9f5b4d7efe785f9c2ca03912ba12e45b2ef235444130b217c3199a192955a6ea
                • Instruction Fuzzy Hash: 0B51A131E006049FDF309FA5C848BAE7BB2BF44705F1001AAEC55A72D2DB799D89CB59
                APIs
                • GetVersionExA.KERNEL32(00000094), ref: 00426AF0
                • QueryDosDeviceA.KERNEL32(00000000,?,0000FFFF), ref: 00426B1E
                • _strlen.LIBCMT ref: 00426B71
                • SetLastError.KERNEL32(00000078), ref: 00426C06
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: DeviceErrorLastQueryVersion_strlen
                • String ID: COM
                • API String ID: 567198154-4061234284
                • Opcode ID: 4cd127e5ef39270cec0a98c6d36026f2a2589a7b83e062266234c05899ccb785
                • Instruction ID: 917c2ec15d43cf039117b5f9a5c1186fe0bfa68ad8db1e6f676496c310c834bd
                • Opcode Fuzzy Hash: 4cd127e5ef39270cec0a98c6d36026f2a2589a7b83e062266234c05899ccb785
                • Instruction Fuzzy Hash: 9B316D74B04228DFCB21DB25DC45FEAB775AB08304F4141EAA58997241DAB8AAC4CF4A
                APIs
                • IsDebuggerPresent.KERNEL32 ref: 0046A887
                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0046A89C
                • UnhandledExceptionFilter.KERNEL32(0048CD7C), ref: 0046A8A7
                • GetCurrentProcess.KERNEL32(C0000409), ref: 0046A8C3
                • TerminateProcess.KERNEL32(00000000), ref: 0046A8CA
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                • String ID:
                • API String ID: 2579439406-0
                • Opcode ID: 10b5d9b31d69fc19c5ff09f065543e279bb194a2f3b662aa25fabf5a1b38fd62
                • Instruction ID: fe80aac4001a47fba1d5bf563fd2658c61285419fdfbca92746fc204611e1a6f
                • Opcode Fuzzy Hash: 10b5d9b31d69fc19c5ff09f065543e279bb194a2f3b662aa25fabf5a1b38fd62
                • Instruction Fuzzy Hash: BA21CDBA8012049FD700DF29F9467943FA4FB1A345F5046BAE908E7271E77499818F4E
                APIs
                  • Part of subcall function 00448273: GetWindowLongA.USER32(?,000000F0), ref: 0044827E
                • GetKeyState.USER32(00000010), ref: 00444DE1
                • GetKeyState.USER32(00000011), ref: 00444DEA
                • GetKeyState.USER32(00000012), ref: 00444DF3
                • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 00444E09
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: State$LongMessageSendWindow
                • String ID:
                • API String ID: 1063413437-0
                • Opcode ID: 05049167b25a236502e04486aa565f0e6077436368e87f973118c4b8f72a44c6
                • Instruction ID: be9fb311374f2594d16f7d30ee74916af63e331d8128679a61c44d7289ad9097
                • Opcode Fuzzy Hash: 05049167b25a236502e04486aa565f0e6077436368e87f973118c4b8f72a44c6
                • Instruction Fuzzy Hash: 12F0E93578029B25FE102AB24C42FA644546FC4BDAF20043F7601EA2E1CEA8CC1251B8
                APIs
                • MonitorFromWindow.USER32(00000002,00000000), ref: 0044207A
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: FromMonitorWindow
                • String ID:
                • API String ID: 721739931-0
                • Opcode ID: f718e8644be2cada40cd0b1fdd0f2cd39609f517a1c1e52642859663c0b4ff62
                • Instruction ID: daae31f2c87e85b9e464a634629a6af47f83b6d50b737b916824591fcf4cfed8
                • Opcode Fuzzy Hash: f718e8644be2cada40cd0b1fdd0f2cd39609f517a1c1e52642859663c0b4ff62
                • Instruction Fuzzy Hash: 9AF03671100109FBEF156FA2CE04AAF3FF9AF14344B848022FA15D6061DB79DA55DB6A
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Iconic
                • String ID: 'B"4
                • API String ID: 110040809-3921257376
                • Opcode ID: bef9e85ef7a3865653dfe461b0a031b2748b04f66ca0fe9ad375099a8c1b8d74
                • Instruction ID: 77276be792103cc428f0c5315cc86a811fe67a7162e9471fa2a5a52db2143f22
                • Opcode Fuzzy Hash: bef9e85ef7a3865653dfe461b0a031b2748b04f66ca0fe9ad375099a8c1b8d74
                • Instruction Fuzzy Hash: 6AC012B090820CAB8708CB89EA40C69BBA8EB0C204B0002DCB90C833019A32AE008A99
                APIs
                • SetUnhandledExceptionFilter.KERNEL32(Function_00071A15), ref: 00471A5C
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ExceptionFilterUnhandled
                • String ID:
                • API String ID: 3192549508-0
                • Opcode ID: 1a1b744c8390322dde6e4d2c9b398c1345e0ac1560669c4ece9b8dbb630722a2
                • Instruction ID: 84786f66452913f852c5deb6a573cbd0f0534d494c74f673c79a2f0c26734643
                • Opcode Fuzzy Hash: 1a1b744c8390322dde6e4d2c9b398c1345e0ac1560669c4ece9b8dbb630722a2
                • Instruction Fuzzy Hash: A69002B0272140465E0017796C0B64525B49A4D61279185B56119D8465DA754080655A
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                • Instruction ID: c78dffc9b97294e10650c86bc8fcf609064c6025a5da516bb29452fb8050fe2e
                • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                • Instruction Fuzzy Hash: F9D15E73D0B9B34A8B35822E81A812BEE626FD1B5131FC3E6DCD42F389E12B5D0195D5
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                • Instruction ID: 4425c9fd691aa3c424f674da9377d2de7426330980a464a34cfefe8bf612c7ca
                • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                • Instruction Fuzzy Hash: 70D14C73C0B9B30A8B35822D819812BEAA26FD175131FC3E6DCD42F389E52B9D0596D5
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                • Instruction ID: fd26049cded69a23dbdcd0f375c8131dd0e54be41ba92060b3ece4b03ccb35ca
                • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                • Instruction Fuzzy Hash: B7C16D73C0B9B30A8B35822D81A822BEA626FD175131FC3E2DCD43F389E62B5D4595D5
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                • Instruction ID: 41d799d36a0c01644bdfbfaadc104a519afaa756c2c48d9fa65121dd7a3d8003
                • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                • Instruction Fuzzy Hash: BCC16073D0B9B30A8735822D85A812BEE626FD174131FC3E2CCD42F389E62B9D0596D5
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat
                • String ID: 'B"4$19200$38400$76800$9600$ASCII$Btu$Gallons$Galx100$Galx1000$KBtu$KBtu/hr$KBtu/min$KWh$Liters$MBtu$MWh$RTU$Tons$ft3$ft3/hr$ft3/min$ft3/sec$gph$gpm$l/hr$l/min$l/sec$m3/hr$m3/min$m3/sec
                • API String ID: 1765576173-3136508092
                • Opcode ID: 6ff55f5e1cf1e6a3923fa26e3241d97b036a4b8ec31ae9cc2e2cfcb1395eb992
                • Instruction ID: 19730f6a0e363eac0870538d74fe7cc7866d38cdd6f48314c6b8ba1fd750d2aa
                • Opcode Fuzzy Hash: 6ff55f5e1cf1e6a3923fa26e3241d97b036a4b8ec31ae9cc2e2cfcb1395eb992
                • Instruction Fuzzy Hash: C9028174A01208EBCB04EB41E989B9D7770FF94309F3545E8D8442B386DB7A9F64DB89
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 0040236D
                • _DebugHeapAllocator.LIBCPMTD ref: 0040237F
                • _DebugHeapAllocator.LIBCPMTD ref: 00402391
                • _DebugHeapAllocator.LIBCPMTD ref: 004023A3
                • _DebugHeapAllocator.LIBCPMTD ref: 004023B5
                • _DebugHeapAllocator.LIBCPMTD ref: 004023C7
                • _DebugHeapAllocator.LIBCPMTD ref: 004023D9
                • _DebugHeapAllocator.LIBCPMTD ref: 004023EB
                • _DebugHeapAllocator.LIBCPMTD ref: 004023FD
                • _DebugHeapAllocator.LIBCPMTD ref: 0040240F
                • _DebugHeapAllocator.LIBCPMTD ref: 00402421
                • _DebugHeapAllocator.LIBCPMTD ref: 00402433
                • _DebugHeapAllocator.LIBCPMTD ref: 00402445
                • _DebugHeapAllocator.LIBCPMTD ref: 00402457
                • _DebugHeapAllocator.LIBCPMTD ref: 00402469
                • _DebugHeapAllocator.LIBCPMTD ref: 0040247B
                • _DebugHeapAllocator.LIBCPMTD ref: 0040248D
                • _DebugHeapAllocator.LIBCPMTD ref: 0040249F
                • _DebugHeapAllocator.LIBCPMTD ref: 004024B1
                • _DebugHeapAllocator.LIBCPMTD ref: 004024C3
                • _DebugHeapAllocator.LIBCPMTD ref: 004024D5
                • _DebugHeapAllocator.LIBCPMTD ref: 004024E7
                • _DebugHeapAllocator.LIBCPMTD ref: 004024F6
                • _DebugHeapAllocator.LIBCPMTD ref: 00402505
                • _DebugHeapAllocator.LIBCPMTD ref: 00402514
                • _DebugHeapAllocator.LIBCPMTD ref: 00402523
                • _DebugHeapAllocator.LIBCPMTD ref: 00402532
                • _DebugHeapAllocator.LIBCPMTD ref: 00402541
                • _DebugHeapAllocator.LIBCPMTD ref: 00402550
                • _DebugHeapAllocator.LIBCPMTD ref: 0040255F
                • _DebugHeapAllocator.LIBCPMTD ref: 0040256B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap
                • String ID: BTU$KBTU$KBTU/Hr$KWH$Kg/m3$MBTU$MWH$TonsRefr$cfpm$cfps$cft$cmph$cmpm$cmps$degrees C$degrees F$gal$gpm$lit$lph$lpm$lps
                • API String ID: 571936431-2538614666
                • Opcode ID: 41f46b435fe150e343471789b363c046f62b6b36a18b5c5d3f04af77852fd475
                • Instruction ID: 88006adaf49cce32bd01ea1c94e5707a1fcf1452097f01879d9738ce9f89bed9
                • Opcode Fuzzy Hash: 41f46b435fe150e343471789b363c046f62b6b36a18b5c5d3f04af77852fd475
                • Instruction Fuzzy Hash: 5B515070614215A6D748EB62CE6EAFDB334BB14708F60467BA026330D2DAFC1705E64F
                APIs
                • _memset.LIBCMT ref: 0042B7BA
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 0042B80D
                • _DebugHeapAllocator.LIBCPMTD ref: 0042B826
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042B835
                  • Part of subcall function 0042BEE0: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 0042BF5F
                • _DebugHeapAllocator.LIBCPMTD ref: 0042B896
                • _DebugHeapAllocator.LIBCPMTD ref: 0042B8AF
                • _DebugHeapAllocator.LIBCPMTD ref: 0042B8BE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042B8F6
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BA1E
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BA37
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BA46
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BAA7
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BAC0
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BACF
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BB30
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BB49
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BB58
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BBB9
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BBD2
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BBE1
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BC42
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BC5B
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BC6A
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BCCB
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BCE4
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BCF3
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BD2B
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BD63
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BD9B
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BDD3
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BE0B
                • _DebugHeapAllocator.LIBCPMTD ref: 0042BE43
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep_memset
                • String ID: #=%0.4d$$=%0.4d$%%=%0.4d$&=%0.4d$A$d=%0.6f$e=%0.6f$g=%0.6f$j=%0.6f$k=%0.6f$m=%0.6f$n=%0.6f$o=%0.6f$p=%0.4d$q=%0.4d$s=0000$s=0001$s=0002$s=0003$u=%0.4d
                • API String ID: 301905206-423542660
                • Opcode ID: b213af6b9ba21d42104daf49a651b164f259914b062b836321be6adfc65b098c
                • Instruction ID: a6bad762aee4b92253e33bd2cd754327a3210912c211fe9ce3e82e865885762f
                • Opcode Fuzzy Hash: b213af6b9ba21d42104daf49a651b164f259914b062b836321be6adfc65b098c
                • Instruction Fuzzy Hash: DC226FB1E002299BCB04EFA5DD42BEEB7B5FF48304F00449EE559A7282DB746A44CF95
                APIs
                • _memset.LIBCMT ref: 0042E6A1
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E6E8
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E701
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E710
                  • Part of subcall function 00430440: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 004304BF
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E76E
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E787
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E796
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E7F7
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E810
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E81F
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E85A
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E869
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E8F6
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E930
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E968
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E977
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E9AF
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E9BE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042E9F6
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EA05
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EA40
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EA4F
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EBEE
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep_memset
                • String ID: E=%0.0f$F=%0.0f$H=%0.6E$I=%0.6E$M=0$M=1$M=2$P=0$P=1$R=%d$R=0$T1<T2$T2<T1$T=0$T=1$Y=%0.6E$Z=%0.6E$energy$k=%0.6f$o=%0.6f$s$s=0$s=1$u=%0.3f$w=%0.0f
                • API String ID: 301905206-2184146905
                • Opcode ID: 89aa7146a5af323685386e0378b1e138047bce49abe5bff6e1f7cfe0b889c248
                • Instruction ID: 93ff2e5880ccf9db875db8bc8f87c5a4352e6d194b6199a48b099c18d4b3334b
                • Opcode Fuzzy Hash: 89aa7146a5af323685386e0378b1e138047bce49abe5bff6e1f7cfe0b889c248
                • Instruction Fuzzy Hash: 3C028870E04218ABCB14FFA5DC52BAEBB74BF48308F20455EF159672C2DB385A44CB99
                APIs
                • _memset.LIBCMT ref: 0042ECA1
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 0042ECE8
                • _DebugHeapAllocator.LIBCPMTD ref: 0042ED01
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042ED10
                  • Part of subcall function 00430440: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 004304BF
                • _DebugHeapAllocator.LIBCPMTD ref: 0042ED6E
                • _DebugHeapAllocator.LIBCPMTD ref: 0042ED87
                • _DebugHeapAllocator.LIBCPMTD ref: 0042ED96
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EDF7
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EE10
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EE1F
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EE5A
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EE69
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EEF6
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EF30
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EF68
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EF77
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EFAF
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EFBE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042EFF6
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                • _DebugHeapAllocator.LIBCPMTD ref: 0042F005
                • _DebugHeapAllocator.LIBCPMTD ref: 0042F040
                • _DebugHeapAllocator.LIBCPMTD ref: 0042F04F
                • _DebugHeapAllocator.LIBCPMTD ref: 0042F1CD
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep_memset
                • String ID: E=%0.0f$F=%0.0f$H=%0.6E$I=%0.6E$M=0$M=1$M=2$P=0$P=1$R=%d$R=0$T1<T2$T2<T1$T=0$T=1$Y=%0.6E$Z=%0.6E$energy$k=%0.6f$o=%0.6f$s$s=0$s=1$u=%0.3f$w=%0.0f
                • API String ID: 301905206-2184146905
                • Opcode ID: 7bb76b0de8c854373aa8df7a7bb8d30277a45dd69cda9041936d54d56b7e5af0
                • Instruction ID: 3b0f5a2c4b4fc27a421fbb3beeefbd1e65aea9feebd9802ca497039a561eb6c9
                • Opcode Fuzzy Hash: 7bb76b0de8c854373aa8df7a7bb8d30277a45dd69cda9041936d54d56b7e5af0
                • Instruction Fuzzy Hash: F1027370E042189BCB14EFA9DC52BAEBB74BF48708F20455EF05977282DB385A44CB99
                APIs
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                  • Part of subcall function 00436CC0: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 00436D4A
                  • Part of subcall function 00436CC0: Sleep.KERNEL32(00000064), ref: 00436D54
                • Sleep.KERNEL32(000001F4,00487F24,?,34224227), ref: 0043671A
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 0043675F
                • _DebugHeapAllocator.LIBCPMTD ref: 00436778
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 00436787
                • _DebugHeapAllocator.LIBCPMTD ref: 004367DC
                • _DebugHeapAllocator.LIBCPMTD ref: 004367F5
                • _DebugHeapAllocator.LIBCPMTD ref: 00436804
                • _DebugHeapAllocator.LIBCPMTD ref: 00436862
                • _DebugHeapAllocator.LIBCPMTD ref: 0043687B
                • _DebugHeapAllocator.LIBCPMTD ref: 0043688A
                • _DebugHeapAllocator.LIBCPMTD ref: 004368E8
                • _DebugHeapAllocator.LIBCPMTD ref: 00436901
                • _DebugHeapAllocator.LIBCPMTD ref: 00436910
                • _DebugHeapAllocator.LIBCPMTD ref: 00436943
                • _DebugHeapAllocator.LIBCPMTD ref: 00436952
                • _DebugHeapAllocator.LIBCPMTD ref: 004369E6
                • _DebugHeapAllocator.LIBCPMTD ref: 004369FF
                • _DebugHeapAllocator.LIBCPMTD ref: 00436A0E
                • _DebugHeapAllocator.LIBCPMTD ref: 00436A6C
                • _DebugHeapAllocator.LIBCPMTD ref: 00436A85
                • _DebugHeapAllocator.LIBCPMTD ref: 00436A94
                • _DebugHeapAllocator.LIBCPMTD ref: 00436AD0
                • _DebugHeapAllocator.LIBCPMTD ref: 00436B2E
                • _DebugHeapAllocator.LIBCPMTD ref: 00436B47
                • _DebugHeapAllocator.LIBCPMTD ref: 00436B56
                • _DebugHeapAllocator.LIBCPMTD ref: 00436BB7
                • _DebugHeapAllocator.LIBCPMTD ref: 00436BD0
                • _DebugHeapAllocator.LIBCPMTD ref: 00436BDF
                • _DebugHeapAllocator.LIBCPMTD ref: 00436C2F
                • Sleep.KERNEL32(0000012C,00000000,?,00000000,?,00487F60,?,0041854E,0000000A), ref: 00436C47
                • _DebugHeapAllocator.LIBCPMTD ref: 00436C72
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep
                • String ID: 'B"4$+a=%s$+b=%s$d=%0.4d$g=%0.6f$h=%0.6f$k=%0.6f$l=%0.6f$m=%0.6f$o=%0.6f$p=%0.4d$w=%0.6f$x=%0.6f
                • API String ID: 2219973828-3089979199
                • Opcode ID: 8500e62593d6c2c88ba04bf9c314023d546a9a5e9ce6c16a370816b7bf6f27bf
                • Instruction ID: 7a2ee289a5f8c9ee629d9759307e69c7049d54f735402b87851f2528c5d1a8c2
                • Opcode Fuzzy Hash: 8500e62593d6c2c88ba04bf9c314023d546a9a5e9ce6c16a370816b7bf6f27bf
                • Instruction Fuzzy Hash: C8026071E102189BCB04EFA5DC91BEEBBB4BF48304F1044AEE159772C2DB746A44CB95
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat
                • String ID: 'B"4$acre-ft/100$acre-ft/1000$cubic ft.$ft3 x100$ft3/min$ft3/sec$ft3x1000$gal x100$gal x1000$gallons$gpm$l/min$l/sec$lit x100$lit x1000$liters$m3 x100$m3 x1000$m3/min$m3/sec
                • API String ID: 1765576173-1680912194
                • Opcode ID: 726133ea02ecc009275f07ea80f10eb45dcf9d9158682ad2a7938a5c930f4ca0
                • Instruction ID: 6bd2ce0d52be24dc9db35a1f364b30df5e0842d1cc7d450438d524a4d14dbeb7
                • Opcode Fuzzy Hash: 726133ea02ecc009275f07ea80f10eb45dcf9d9158682ad2a7938a5c930f4ca0
                • Instruction Fuzzy Hash: 4C417569D82204A7CA00F755EC47F5D72246BA274EF65481EB80436343FE3EAB1853AE
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat
                • String ID: 'B"4$ft3$ft3$ft3/min$ft3/sec$gal$gal$gph$gpm$km/h$l/min$l/sec$m3/min$m3/sec$miles$mph$x100 lit$x100 lit
                • API String ID: 1765576173-404405958
                • Opcode ID: a4ba5da7366c289acc765570d86a2ef2588001a40a39da93c0e493805d2c8325
                • Instruction ID: 0026ee75b8649e0dab658969d8a4083241103aefd53f208268b371bf4bcc0d3a
                • Opcode Fuzzy Hash: a4ba5da7366c289acc765570d86a2ef2588001a40a39da93c0e493805d2c8325
                • Instruction Fuzzy Hash: 5361A278A41608E7CB04EB81FD86B9D7330BF94309F6505E9E84437346EE399B349399
                APIs
                • ShellExecuteA.SHELL32(00000000,open,Manuals\872019-Model-310.pdf,00000000,00000000,00000001), ref: 004213FA
                • ShellExecuteA.SHELL32(00000000,open,Manuals\872024-Model-320.pdf,00000000,00000000,00000001), ref: 0042141A
                • ShellExecuteA.SHELL32(00000000,open,Manuals\872039-Series-330-IOM.pdf,00000000,00000000,00000001), ref: 0042143A
                • ShellExecuteA.SHELL32(00000000,open,Manuals\872032-340-Manual-IOM.pdf,00000000,00000000,00000001), ref: 00421475
                • ShellExecuteA.SHELL32(00000000,open,Manuals\872121-Series-4000-Flow-Sensors-IOM.pdf,00000000,00000000,00000001), ref: 00421506
                • ShellExecuteA.SHELL32(00000000,open,Manuals\872034-SDI.pdf,00000000,00000000,00000001), ref: 00421523
                • ShellExecuteA.SHELL32(00000000,open,Manuals\872042-SDI-Series-Battery-Powered-Insert-IOM.pdf,00000000,00000000,00000001), ref: 00421540
                • ShellExecuteA.SHELL32(00000000,open,Manuals\880024-228PV-Wireless-Flow-Sensor.pdf,00000000,00000000,00000001), ref: 0042155D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ExecuteShell
                • String ID: $Error$Manuals\820035-340-Modbus.pdf$Manuals\872019-Model-310.pdf$Manuals\872024-Model-320.pdf$Manuals\872032-340-Manual-IOM.pdf$Manuals\872033-340N2-Manual.pdf$Manuals\872034-SDI.pdf$Manuals\872038-340LW-Manual.pdf$Manuals\872039-Series-330-IOM.pdf$Manuals\872042-SDI-Series-Battery-Powered-Insert-IOM.pdf$Manuals\872121-Series-4000-Flow-Sensors-IOM.pdf$Manuals\880024-228PV-Wireless-Flow-Sensor.pdf$Manuals\941700-0012-307340BN.pdf$open$open$open$open$open$open$open$open$open$open$open$open
                • API String ID: 587946157-2883035303
                • Opcode ID: 2ec51236700d8d4ce127b67920a2f3b84a73008fb5cb7d8cb376f3a87f8d4cdb
                • Instruction ID: 20f3fb647d8a2905978ebec79243e32d29e23d8dfb4be97ad2b17b1f6ba76b3c
                • Opcode Fuzzy Hash: 2ec51236700d8d4ce127b67920a2f3b84a73008fb5cb7d8cb376f3a87f8d4cdb
                • Instruction Fuzzy Hash: ED515C30BC4315BAE720AB909C07F5D7AA0BB58F45F704896FB067E2D0D6F826819B5C
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat
                • String ID: 'B"4$acre-ft/10$acre-ft/100$acre-ft/1000$ft3$ft3/hr$ft3/min$ft3/sec$gallons$gph$gpm$l/hr$l/min$l/sec$liters$m3/hr$m3/min$m3/sec
                • API String ID: 1765576173-3395884962
                • Opcode ID: 68c05d02ea7ecf888e9e21a8215d44a623a02059786351f0ae2fde98ff65425a
                • Instruction ID: 64f42d9f512a22b3e71d311573276bf802a0dbb0be1f3229351ff61cbc79c97c
                • Opcode Fuzzy Hash: 68c05d02ea7ecf888e9e21a8215d44a623a02059786351f0ae2fde98ff65425a
                • Instruction Fuzzy Hash: 22619D74A41208E7CB04EB41FD9ABAD7730BF94309F3505E9E84427346DA399B34D399
                APIs
                • _memset.LIBCMT ref: 00429AB1
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 00429AF8
                • _DebugHeapAllocator.LIBCPMTD ref: 00429B11
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 00429B20
                  • Part of subcall function 00429E30: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 00429EAF
                • _DebugHeapAllocator.LIBCPMTD ref: 00429B6F
                • _DebugHeapAllocator.LIBCPMTD ref: 00429B88
                • _DebugHeapAllocator.LIBCPMTD ref: 00429B97
                • _DebugHeapAllocator.LIBCPMTD ref: 00429C58
                • _DebugHeapAllocator.LIBCPMTD ref: 00429CB6
                • _DebugHeapAllocator.LIBCPMTD ref: 00429CCF
                • _DebugHeapAllocator.LIBCPMTD ref: 00429CDE
                • _DebugHeapAllocator.LIBCPMTD ref: 00429D3C
                • _DebugHeapAllocator.LIBCPMTD ref: 00429D55
                • _DebugHeapAllocator.LIBCPMTD ref: 00429D64
                • _DebugHeapAllocator.LIBCPMTD ref: 00429DC2
                • _DebugHeapAllocator.LIBCPMTD ref: 00429DDB
                • _DebugHeapAllocator.LIBCPMTD ref: 00429DEA
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep_memset
                • String ID: 'B"4$h=%0.6f$k=%0.6f$l=%0.6f$n=%0.6f$o=%0.6f$s$s=0000$s=0001$s=0002$s=0003$u=%0.4d
                • API String ID: 301905206-2014103602
                • Opcode ID: 9d41d203b1dc735831e4bfefa0a2e735145975b7aed71b37c0b9bf367e5fd9b5
                • Instruction ID: e1f99c7ceb29ed1f9ffdde2a58b5d36c4f6c7165b4484f490b1895ae2a21604c
                • Opcode Fuzzy Hash: 9d41d203b1dc735831e4bfefa0a2e735145975b7aed71b37c0b9bf367e5fd9b5
                • Instruction Fuzzy Hash: 3EC162B1E102189BCB04EFE5DD52BEEBBB5BF48304F10455EE019672C2DB786A44CB99
                APIs
                • _memset.LIBCMT ref: 0042A711
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A73B
                  • Part of subcall function 0042AA30: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 0042AAAF
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A78A
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A7A3
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A7B2
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A801
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A81A
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A829
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A878
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A891
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A8A0
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A8EF
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A908
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A917
                • _DebugHeapAllocator.LIBCPMTD ref: 0042A9F3
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep_memset
                • String ID: 'B"4$d=%0.4x$k=%0.6f$o=%0.6f$s$s=0000$s=0001$s=0002$s=0003$u=%0.4d$w=%0.6f$x=%0.6f
                • API String ID: 301905206-1083923688
                • Opcode ID: 0d375ac98bf90dea08e852623b86e1c024f98510062fa95bd1126faa9f9f2bf9
                • Instruction ID: bbd388b38b488739c6d689ad07e9f61cee9bf55e6f2d7abe8492fdc7e3b1139c
                • Opcode Fuzzy Hash: 0d375ac98bf90dea08e852623b86e1c024f98510062fa95bd1126faa9f9f2bf9
                • Instruction Fuzzy Hash: FFB15FB1E102189BCB04EFA5DD42BEEBBB4BF48704F10455EE4156B2C2DB786A44CB99
                APIs
                • _memset.LIBCMT ref: 00434371
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 004343B8
                • _DebugHeapAllocator.LIBCPMTD ref: 004343D1
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 004343E0
                  • Part of subcall function 00434680: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 004346FF
                • _DebugHeapAllocator.LIBCPMTD ref: 0043442F
                • _DebugHeapAllocator.LIBCPMTD ref: 00434448
                • _DebugHeapAllocator.LIBCPMTD ref: 00434457
                • _DebugHeapAllocator.LIBCPMTD ref: 004344A6
                • _DebugHeapAllocator.LIBCPMTD ref: 004344BF
                • _DebugHeapAllocator.LIBCPMTD ref: 004344CE
                • _DebugHeapAllocator.LIBCPMTD ref: 0043451D
                • _DebugHeapAllocator.LIBCPMTD ref: 00434536
                • _DebugHeapAllocator.LIBCPMTD ref: 00434545
                • _DebugHeapAllocator.LIBCPMTD ref: 00434594
                • _DebugHeapAllocator.LIBCPMTD ref: 004345AD
                • _DebugHeapAllocator.LIBCPMTD ref: 004345BC
                • _DebugHeapAllocator.LIBCPMTD ref: 0043461A
                • _DebugHeapAllocator.LIBCPMTD ref: 00434633
                • _DebugHeapAllocator.LIBCPMTD ref: 00434642
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep_memset
                • String ID: 'B"4$h=%0.6f$k=%0.6f$l=%0.6f$m=%0.6f$n=%0.6f$o=%0.6f
                • API String ID: 301905206-3495360255
                • Opcode ID: ac0a25ca95b0a7b3484ee45d2583b1dd2f9442d7f237dfabe82708cb5edd9a3e
                • Instruction ID: f8c0383663422b7e29bdd51ea29df6a4419bfd094f464a793d09e0c28dbcafe4
                • Opcode Fuzzy Hash: ac0a25ca95b0a7b3484ee45d2583b1dd2f9442d7f237dfabe82708cb5edd9a3e
                • Instruction Fuzzy Hash: C4B12CB1D002089BCB04EFE5DD92AEEBBB5BF48304F10456EE555772C1DB786A04CB99
                APIs
                • _memset.LIBCMT ref: 00437BCE
                • _DebugHeapAllocator.LIBCPMTD ref: 00437BF8
                  • Part of subcall function 00437E80: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 00437EFF
                  • Part of subcall function 00437E80: Sleep.KERNEL32(00000898), ref: 00437F0C
                • _DebugHeapAllocator.LIBCPMTD ref: 00437C2A
                • _DebugHeapAllocator.LIBCPMTD ref: 00437C5C
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 00437CAB
                • _DebugHeapAllocator.LIBCPMTD ref: 00437CC4
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 00437CD3
                • Sleep.KERNEL32(000003E8,00000000,?,004881E0,?,akA,0000000B,?,?,?,?,?,?,?,00000000), ref: 00437CE8
                • _DebugHeapAllocator.LIBCPMTD ref: 00437D2D
                • _DebugHeapAllocator.LIBCPMTD ref: 00437D46
                • _DebugHeapAllocator.LIBCPMTD ref: 00437D55
                • Sleep.KERNEL32(000003E8,00000000,?,004881F0,?,000000FF,0000000B), ref: 00437D6A
                • _DebugHeapAllocator.LIBCPMTD ref: 00437DBC
                • _DebugHeapAllocator.LIBCPMTD ref: 00437DD5
                • _DebugHeapAllocator.LIBCPMTD ref: 00437DE4
                • _DebugHeapAllocator.LIBCPMTD ref: 00437E3E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep$_memset
                • String ID: $d=%d$$g=%x$$k=%0.6f$$m=%d$$o=%0.6f$$w=%d$$x=%0.6f$'B"4$'B"4$akA
                • API String ID: 2744131051-355893517
                • Opcode ID: d336936f54d9c19d99168ab8750bf7bdc64f6b147bee2c17e65c41688a8f2417
                • Instruction ID: 67dd27d3fc0c50f9b80b03b6a03fb3f61a2ee42f50c5cd376e6314bdcbeef3f0
                • Opcode Fuzzy Hash: d336936f54d9c19d99168ab8750bf7bdc64f6b147bee2c17e65c41688a8f2417
                • Instruction Fuzzy Hash: 67A151B1D00208EBCB04EFE5D986AEEBBB5BF48704F10455EE515672C1DB786A04CB95
                APIs
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 004483E3: EnableWindow.USER32(?,00000478), ref: 004483F4
                  • Part of subcall function 00402960: SendMessageA.USER32(?,00000184,00000000,00000000), ref: 00402977
                • _memset.LIBCMT ref: 004012CB
                • _memset.LIBCMT ref: 00401312
                • _strncpy.LIBCMT ref: 0040132F
                  • Part of subcall function 00402930: SendMessageA.USER32(?,00000180,00000000,004013A8), ref: 00402949
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MessageSend_memset$EnableItemWindow_strncpy
                • String ID: %s = %f $%s = %f $'B"4$Comm Port Closed$Error Reading - Readback Halted!$Error Reading - Readback Halted!$Error Reading - Readback Halted!
                • API String ID: 3045651075-343534556
                • Opcode ID: 0e32c50ee70b2b23f5e47ee212cff6018877e9ad1d475aded74c8548bb285134
                • Instruction ID: da585851743080a2138b186bb47e01063a9838976bc5699ed6cc67c1f62bc363
                • Opcode Fuzzy Hash: 0e32c50ee70b2b23f5e47ee212cff6018877e9ad1d475aded74c8548bb285134
                • Instruction Fuzzy Hash: 8B127171900218ABDB14EB61CC96BEDB775AF48704F0042EEB1496B2D2DBB85F84CF59
                APIs
                  • Part of subcall function 0043A600: SelectObject.GDI32(00000000,?), ref: 0043A6E6
                  • Part of subcall function 0043A600: DeleteDC.GDI32(00000000), ref: 0043A6F6
                  • Part of subcall function 0043A600: DeleteObject.GDI32(?), ref: 0043A706
                  • Part of subcall function 0043A600: SelectObject.GDI32(00000000,?), ref: 0043A746
                  • Part of subcall function 0043A600: DeleteDC.GDI32(00000000), ref: 0043A756
                • GlobalLock.KERNEL32(?), ref: 0043A1AC
                • _memcmp.LIBCMT ref: 0043A1FA
                • _memcmp.LIBCMT ref: 0043A21E
                • _memcmp.LIBCMT ref: 0043A23E
                • GlobalUnlock.KERNEL32(?), ref: 0043A25F
                • CreateStreamOnHGlobal.OLE32(?,00000000,00000000), ref: 0043A26F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: DeleteGlobalObject_memcmp$Select$CreateLockStreamUnlock
                • String ID: 87a$89a$GIF
                • API String ID: 2601821543-3171888087
                • Opcode ID: 2db61d3839c93dd7a594ae83b1a9fd5b794901313b8877064655eec093796ee6
                • Instruction ID: 6a2d18253e69fb9ca578aea945fdad29be9da64431631b4717e008897316162d
                • Opcode Fuzzy Hash: 2db61d3839c93dd7a594ae83b1a9fd5b794901313b8877064655eec093796ee6
                • Instruction Fuzzy Hash: 64E11D75A00208DFDB04DF95C894FAEB7BABF8C304F188169E9059B391DB35AD82CB55
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat
                • String ID: 'B"4$'B"4$ft3/hr$ft3/min$ft3/sec$gph$gpm$l/hr$l/min$l/sec$m3/hr$m3/min$m3/sec
                • API String ID: 1765576173-4003768129
                • Opcode ID: 2e36875245819244780ac1fb68e8e6bf43c2f143a1ce1757b1eaccacb1dbe2d5
                • Instruction ID: cb935c638af78d985a9a89e037c49bcc3b8a413e2567688b94c013f712951243
                • Opcode Fuzzy Hash: 2e36875245819244780ac1fb68e8e6bf43c2f143a1ce1757b1eaccacb1dbe2d5
                • Instruction Fuzzy Hash: A5419E74A41208E7CB44EB45FD46B5D7730BF90309F2645E9E88436346DA36AB34D35D
                APIs
                • RegisterClipboardFormatA.USER32(Native), ref: 00460433
                • RegisterClipboardFormatA.USER32(OwnerLink), ref: 0046043C
                • RegisterClipboardFormatA.USER32(ObjectLink), ref: 00460446
                • RegisterClipboardFormatA.USER32(Embedded Object), ref: 00460450
                • RegisterClipboardFormatA.USER32(Embed Source), ref: 0046045A
                • RegisterClipboardFormatA.USER32(Link Source), ref: 00460464
                • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 0046046E
                • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 00460478
                • RegisterClipboardFormatA.USER32(FileName), ref: 00460482
                • RegisterClipboardFormatA.USER32(FileNameW), ref: 0046048C
                • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 00460496
                • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 004604A0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClipboardFormatRegister
                • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                • API String ID: 1228543026-2889995556
                • Opcode ID: 3f96584bdceb4dc27d28e886cf70b5bce143530acd68ec495e4a0846ab1ab0d8
                • Instruction ID: 1406f89f76e2584e48256d8a89c4293fbec34de6a700b9d3970c349b5bd4622d
                • Opcode Fuzzy Hash: 3f96584bdceb4dc27d28e886cf70b5bce143530acd68ec495e4a0846ab1ab0d8
                • Instruction Fuzzy Hash: 8D014C71E507597ACB20AFB69CCD90E7EA0FE45B603204E27A01887A41DBBCD451CFE8
                APIs
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C163
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C177
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C18B
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C19F
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C1B3
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C1C7
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C1DB
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C1EF
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C203
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C217
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C22E
                  • Part of subcall function 0044CD90: __EH_prolog3_catch.LIBCMT ref: 0044CD97
                  • Part of subcall function 0044CD90: _DebugHeapAllocator.LIBCPMTD ref: 0044CDDD
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 00404180: SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404197
                  • Part of subcall function 00448215: IsDlgButtonChecked.USER32(?,0000040C), ref: 00448226
                • _DebugHeapAllocator.LIBCPMTD ref: 0040E4BB
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 0040E4E7
                • _DebugHeapAllocator.LIBCPMTD ref: 0040E529
                • _DebugHeapAllocator.LIBCPMTD ref: 0040E541
                  • Part of subcall function 00433240: _DebugHeapAllocator.LIBCPMTD ref: 0043327F
                  • Part of subcall function 00433240: _DebugHeapAllocator.LIBCPMTD ref: 0043328E
                Strings
                • Totalizer Units Have Been Changed. If You Keep This Setting, Totals Will Be Reset. Do You Want To Continue?, xrefs: 0040E30E
                • Flow Filter Coeff was out of range and set to the default value of 5.Valid range is 1.0 to 10.0, xrefs: 0040E7CD
                • Unable To Communicate, Check Power & Cable, xrefs: 0040E92C
                • T1<T2, xrefs: 0040E4EE
                • Energy Filter Coeff was out of range and set to the default value of 1.Valid range is 1.0 to 10.0, xrefs: 0040E81D
                • T2<T1, xrefs: 0040E4D6
                • Totalizer Units Changed, xrefs: 0040E309
                • 'B"4, xrefs: 0040E2ED
                • Load Complete, xrefs: 0040E99F
                • Error, xrefs: 0040E927
                • Alert, xrefs: 0040E232
                • You have selected an energy unit that is incompatible with the 340LW.Please change the energy unit drop box to a unit other than MWh or MBTU., xrefs: 0040E237
                • Parameter Check, xrefs: 0040E1CC
                • Parameters have been loaded. Press OK to check that values are as expected, then press EXIT to return to the main screen., xrefs: 0040E9A4
                • Sending Parameters, xrefs: 0040E34F
                • absolute, xrefs: 0040E4AA
                • energy, xrefs: 0040E518
                • flow, xrefs: 0040E530
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$AllocatorDebugHeap$ButtonCheckedH_prolog3_catchItemMessageSend
                • String ID: 'B"4$Alert$Energy Filter Coeff was out of range and set to the default value of 1.Valid range is 1.0 to 10.0$Error$Flow Filter Coeff was out of range and set to the default value of 5.Valid range is 1.0 to 10.0$Load Complete$Parameter Check$Parameters have been loaded. Press OK to check that values are as expected, then press EXIT to return to the main screen.$Sending Parameters$T1<T2$T2<T1$Totalizer Units Changed$Totalizer Units Have Been Changed. If You Keep This Setting, Totals Will Be Reset. Do You Want To Continue?$Unable To Communicate, Check Power & Cable$You have selected an energy unit that is incompatible with the 340LW.Please change the energy unit drop box to a unit other than MWh or MBTU.$absolute$energy$flow
                • API String ID: 3691783554-1590637342
                • Opcode ID: a98d994f6fed51453d8ad668628a14b89e885c93c2339ba6c4e08a85fb52e49f
                • Instruction ID: 1c9245d159a78ade08cd6785b2ffdba35629660f4088cd41995e469e7c4ceb5b
                • Opcode Fuzzy Hash: a98d994f6fed51453d8ad668628a14b89e885c93c2339ba6c4e08a85fb52e49f
                • Instruction Fuzzy Hash: 0D224D70A402189BDB65EB11CD96BADB379AB81B04F1045EEE10D2B2D2CEB45FD1CF48
                APIs
                  • Part of subcall function 00440990: Sleep.KERNEL32(0000000A,00000003,?,00438471,34224227), ref: 00440999
                  • Part of subcall function 00440990: SetCommState.KERNEL32('B"4,'B"4,?,00438471,34224227), ref: 004409BB
                  • Part of subcall function 00440990: Sleep.KERNEL32(0000000A,?,00438471,34224227), ref: 004409C3
                  • Part of subcall function 00440990: SetCommState.KERNEL32('B"4,'B"4,?,00438471,34224227), ref: 004409E8
                • _memset.LIBCMT ref: 00438A68
                • _DebugHeapAllocator.LIBCPMTD ref: 00438A9E
                • _DebugHeapAllocator.LIBCPMTD ref: 00438B0E
                • _DebugHeapAllocator.LIBCPMTD ref: 00438B27
                • _DebugHeapAllocator.LIBCPMTD ref: 00438B36
                • _DebugHeapAllocator.LIBCPMTD ref: 00438BA6
                • _DebugHeapAllocator.LIBCPMTD ref: 00438BBF
                • _DebugHeapAllocator.LIBCPMTD ref: 00438BCE
                • _DebugHeapAllocator.LIBCPMTD ref: 00438C3B
                • _DebugHeapAllocator.LIBCPMTD ref: 00438C54
                • _DebugHeapAllocator.LIBCPMTD ref: 00438C63
                • _DebugHeapAllocator.LIBCPMTD ref: 00438CD3
                • _DebugHeapAllocator.LIBCPMTD ref: 00438CEC
                • _DebugHeapAllocator.LIBCPMTD ref: 00438CFB
                • _DebugHeapAllocator.LIBCPMTD ref: 00438D4A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$CommSleepState$_memset
                • String ID: 'B"4$@$D=%0.5d$K=%0.6f$O=%0.6f$U=%0.5d$W=%0.6f$X=%0.6f
                • API String ID: 428370648-3344161234
                • Opcode ID: f0c6d0aa749c9bd26ac83c1575d49af5eedee52972860e4e1e5a2e44eb9d6658
                • Instruction ID: eb2b43104542370b23a029882ab8346b9755fbf2bec0092a03c69bee3670bf6d
                • Opcode Fuzzy Hash: f0c6d0aa749c9bd26ac83c1575d49af5eedee52972860e4e1e5a2e44eb9d6658
                • Instruction Fuzzy Hash: 5BD15D71A10308DBCB04EFA4D991AEEBBB1FF48304F10455EF8556B2D2DB34AA54CB99
                APIs
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 00438003
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 00438017
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 0043802B
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 0043803F
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 00438053
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 00438067
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 0043807B
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 0043808F
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 004380A3
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 004380B7
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 004380CE
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 004380E5
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 004380FB
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 00438112
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 00438129
                  • Part of subcall function 00437FF0: _strcat.LIBCMT ref: 0043813F
                • SafeRWList.LIBCMTD ref: 0041A77B
                  • Part of subcall function 0044CD90: __EH_prolog3_catch.LIBCMT ref: 0044CD97
                  • Part of subcall function 0044CD90: _DebugHeapAllocator.LIBCPMTD ref: 0044CDDD
                  • Part of subcall function 004473B4: GetDlgItem.USER32(?,?), ref: 004473D8
                  • Part of subcall function 004473B4: GetWindowTextLengthA.USER32(00000000), ref: 004473E5
                  • Part of subcall function 004473B4: GetWindowTextA.USER32(00000000,00000000,00000000), ref: 004473F9
                  • Part of subcall function 00464572: __atof_l.LIBCMT ref: 0046457C
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 00404180: SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404197
                • SafeRWList.LIBCMTD ref: 0041AE09
                Strings
                • We recommend using Pulse Output values between 1 and 10,000.Press OK to continue with this value,or press Cancel to abort., xrefs: 0041AC64
                • Warning, xrefs: 0041A935
                • Parameter Check, xrefs: 0041A786
                • Error Communicating to Module, The Port Is Not Open, xrefs: 0041AE9B
                • Warning, xrefs: 0041A8FD
                • Comm Error, xrefs: 0041AEAF
                • Idle, xrefs: 0041ACEF
                • Sending Parameters, xrefs: 0041A9AA
                • Comm Error, xrefs: 0041AE96
                • Idle, xrefs: 0041AF32
                • Alert, xrefs: 0041AC5F
                • Error Communicating to Module, Not All Parameters Were Received, xrefs: 0041AEB4
                • Idle, xrefs: 0041A95B
                • This tee size has a minimum rate of 1 Gallon/PulseDo you want to continue anyway?, xrefs: 0041A8CA
                • This tee size has a minimum rate of 100 Gallons/PulseDo you want to continue anyway?, xrefs: 0041A93A
                • Warning, xrefs: 0041A8C5
                • This tee size has a minimum rate of 10 Gallons/PulseDo you want to continue anyway?, xrefs: 0041A902
                • Retrieving Parameters, xrefs: 0041AE38
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$ItemListSafeTextWindow$AllocatorDebugH_prolog3_catchHeapLengthMessageSend__atof_l
                • String ID: Alert$Comm Error$Comm Error$Error Communicating to Module, Not All Parameters Were Received$Error Communicating to Module, The Port Is Not Open$Idle$Idle$Idle$Parameter Check$Retrieving Parameters$Sending Parameters$This tee size has a minimum rate of 1 Gallon/PulseDo you want to continue anyway?$This tee size has a minimum rate of 10 Gallons/PulseDo you want to continue anyway?$This tee size has a minimum rate of 100 Gallons/PulseDo you want to continue anyway?$Warning$Warning$Warning$We recommend using Pulse Output values between 1 and 10,000.Press OK to continue with this value,or press Cancel to abort.
                • API String ID: 1953449734-2871202920
                • Opcode ID: ef0ef35215ac23653e9a44a0d81b7ba414aa4744dcdb207555c6c2e463fa018d
                • Instruction ID: 6a5f59b10e527836f446b3efa7a59d0101a4512cfb24b61b1421754cee46613b
                • Opcode Fuzzy Hash: ef0ef35215ac23653e9a44a0d81b7ba414aa4744dcdb207555c6c2e463fa018d
                • Instruction Fuzzy Hash: B8225E70A412189BDB25EB11DC66BEDB3B5AF44704F1082EEE1496B2C2DB785F81CF49
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                • String ID: P?<up=<u
                • API String ID: 4128688680-951417710
                • Opcode ID: a57d85babe6c014d41bc3e98f7cab77b91cc447f17fc97fd9daae3cb72572813
                • Instruction ID: a5ba1ef960ea41eb08ebf6582ac0f1a32161328b0967602982027d3fe1e256a5
                • Opcode Fuzzy Hash: a57d85babe6c014d41bc3e98f7cab77b91cc447f17fc97fd9daae3cb72572813
                • Instruction Fuzzy Hash: AAF18C71900209DFDF10DFA9D884AAFBBB4FF09304F14406AE855AB291E7389E56CF56
                APIs
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C163
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C177
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C18B
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C19F
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C1B3
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C1C7
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C1DB
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C1EF
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C203
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C217
                  • Part of subcall function 0042C150: _strcat.LIBCMT ref: 0042C22E
                • _DebugHeapAllocator.LIBCPMTD ref: 0041369D
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 004136AA
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 004136B7
                • _DebugHeapAllocator.LIBCPMTD ref: 004136C4
                  • Part of subcall function 0044CD90: __EH_prolog3_catch.LIBCMT ref: 0044CD97
                  • Part of subcall function 0044CD90: _DebugHeapAllocator.LIBCPMTD ref: 0044CDDD
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 004483E3: EnableWindow.USER32(?,00000478), ref: 004483F4
                  • Part of subcall function 004049D0: SendMessageA.USER32(?,00000401,00000000,?), ref: 00404A04
                  • Part of subcall function 00413F60: SendMessageA.USER32(?,00000404,00000487,00000000), ref: 00413F79
                  • Part of subcall function 0042FF60: _DebugHeapAllocator.LIBCPMTD ref: 0042FFB0
                  • Part of subcall function 0042FF60: _DebugHeapAllocator.LIBCPMTD ref: 0042FFC2
                Strings
                • Comm Error, xrefs: 00413A1F
                • %0.4f, xrefs: 004139CE
                • Error Communicating to Module, Check Serial and Power Cables, xrefs: 00413858
                • Calculating Temperature Corrections, xrefs: 004136F9
                • at the same temperature to zero them., xrefs: 004136A2
                • Error Communicating to Module, Check Serial and Power Cables, xrefs: 00413A24
                • %0.4f, xrefs: 00413992
                • %0.4f, xrefs: 00413AE6
                • Zero Temperature Sensors, xrefs: 004136CB
                • The two temperature probes must be held, xrefs: 00413695
                • Comm Error, xrefs: 00413853
                • This is considered an advanced function., xrefs: 004136AF
                • %0.4f, xrefs: 00413AB3
                • Do you want to continue?, xrefs: 004136BC
                • Idle, xrefs: 00413B80
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$AllocatorDebugHeap$MessageSend$EnableH_prolog3_catchItemWindow
                • String ID: %0.4f$%0.4f$%0.4f$%0.4f$Calculating Temperature Corrections$Comm Error$Comm Error$Do you want to continue?$Error Communicating to Module, Check Serial and Power Cables$Error Communicating to Module, Check Serial and Power Cables$Idle$The two temperature probes must be held$This is considered an advanced function.$Zero Temperature Sensors$at the same temperature to zero them.
                • API String ID: 2966182123-2742204104
                • Opcode ID: f306aad52b5361b6e3b97d584c7ab5ca6dd7821e114284b4703210c6c8dc604e
                • Instruction ID: 6163d4f85fa16c73a20a54956bd872c478712504140d92e5c27463cc926f84c9
                • Opcode Fuzzy Hash: f306aad52b5361b6e3b97d584c7ab5ca6dd7821e114284b4703210c6c8dc604e
                • Instruction Fuzzy Hash: 12E15E30A00518DBDB19EF65DD96BADB774AF44709F0400EEE1493A2A2CF791F99CB48
                APIs
                • SafeRWList.LIBCMTD ref: 00421D07
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB03
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB17
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB2B
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB3F
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB53
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB67
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB7B
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB8F
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABA3
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABB7
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABCE
                  • Part of subcall function 0044C6AB: __EH_prolog3.LIBCMT ref: 0044C6B2
                  • Part of subcall function 004260D0: SysFreeString.OLEAUT32(?), ref: 004260DD
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$FreeH_prolog3ListSafeString
                • String ID: %0.2f$<b>High Alarm Activated</b>$<b>Low Alarm Activated</b>$Comm Error$Comm Error$Comm Error$Communication Error, Check Cables & Try Again$Communication Error, Check Cables & Try Again$Communication Error, Check Cables & Try Again$FlowRate$FlowRateUnits$HighAlarmText$HighAlarmText$LowAlarmText$LowAlarmText$Ver$verlbtext$vertext
                • API String ID: 3599479111-3941353000
                • Opcode ID: c8006702e52ccc84be188a30278674f8de06f5d69b8b733a4a0f176472e6ee00
                • Instruction ID: f6e46a218a33ba6620e9f98924ce799ef74b53b9a0c2fdd7626f41424d33018c
                • Opcode Fuzzy Hash: c8006702e52ccc84be188a30278674f8de06f5d69b8b733a4a0f176472e6ee00
                • Instruction Fuzzy Hash: AFE16A7090016CDADB28EB10DD56BEDB774AF10308F9041EEA20A671D2DBB82F85DF59
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID: d=$f=$i=$k=$n=$o=$p$s$t=$u=$v$w=$x=$y=$z=$320$invalid
                • API String ID: 0-3966733159
                • Opcode ID: 8a31e8d2e403dc40696405baaae2f86ccdc492aec74fa4f198c2c20f4d3a5959
                • Instruction ID: bc5512a9a7752b9afb4e36d6d55e69e2799708d0be11e63b759b09136aa90e7f
                • Opcode Fuzzy Hash: 8a31e8d2e403dc40696405baaae2f86ccdc492aec74fa4f198c2c20f4d3a5959
                • Instruction Fuzzy Hash: AAF182F0A10228DBDB10DF50D890BED7774AB48304F8490DAEA496B282D7799F95CF5E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID: 4n20=$f=$h=$i=$k=$l=$n=$o=$p$s$t=$u=$v$z=$310$invalid
                • API String ID: 0-1911830530
                • Opcode ID: b5a45973a79b0956b658918f51a5bfe11ce65e5342f1f330a5b20ecd1c27dcb7
                • Instruction ID: 0d769a31a301942f1decf632157991778a2490451b4b72a0141cba35872b7c3a
                • Opcode Fuzzy Hash: b5a45973a79b0956b658918f51a5bfe11ce65e5342f1f330a5b20ecd1c27dcb7
                • Instruction Fuzzy Hash: EED186F1E002289BDB10EF51D891BED7774AF44308F84649EE2096B281D6789F89CF9D
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat
                • String ID: 'B"4$ft3/min$ft3/sec$gph$gpm$l/min$l/sec$m3/min$m3/sec
                • API String ID: 1765576173-44107844
                • Opcode ID: 48523cb19578745ed6021bb303156a9a5e7bb34d0483b180cd9a1713c2641005
                • Instruction ID: 610ad9462dba3b1d344848058049a4a828e22b0a2a23829f39ac1080bfa04541
                • Opcode Fuzzy Hash: 48523cb19578745ed6021bb303156a9a5e7bb34d0483b180cd9a1713c2641005
                • Instruction Fuzzy Hash: CE21AE78A01208E7CB44EB55FD86B5C7370BF94309F2604E9E84826346EB36AB34D79D
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat
                • String ID: 'B"4$ft3/min$ft3/sec$gph$gpm$l/min$l/sec$m3/min$m3/sec
                • API String ID: 1765576173-44107844
                • Opcode ID: 1a5926a4658019917c767aab1d81dc8d7479b21fd61d983f3a5aac93976e96b6
                • Instruction ID: 86dec77954f478045b1943c4bc832012f5749e55075868edaab319d8200c6133
                • Opcode Fuzzy Hash: 1a5926a4658019917c767aab1d81dc8d7479b21fd61d983f3a5aac93976e96b6
                • Instruction Fuzzy Hash: 5121D174E02208E7CB40FB41FD46A5C7330BF90309F6608E8E84827346EE35AB389399
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID: 20ma=$4ma=$f=$h=$i=$k=$l=$m=$n=$o=$t=$v$z=$invalid$model 4000
                • API String ID: 0-2405240398
                • Opcode ID: 3ff6282a26ef85dadb073e7a9350409a6b5c51afbf27dcf76a709143297a987d
                • Instruction ID: 193722bccb13ed51b612b9c8600d4bfec1d38b1916dd3e46eaf4979d1e9e34e9
                • Opcode Fuzzy Hash: 3ff6282a26ef85dadb073e7a9350409a6b5c51afbf27dcf76a709143297a987d
                • Instruction Fuzzy Hash: C8C170F19011189BDB10EF50C991BEEB775AF88314F50719EE2066B281D678AF85CF5C
                APIs
                • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,75C04A40,00442070,?,?,?,?,?,?,?,004442BD,00000000,00000002,00000028), ref: 00441F46
                • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00441F62
                • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00441F73
                • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00441F84
                • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00441F95
                • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00441FA6
                • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00441FB7
                • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 00441FC8
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressProc$HandleModule
                • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                • API String ID: 667068680-68207542
                • Opcode ID: 0eb79d78b4156cde0e7597d00955becc713e54e52065b28fe25e8d6826f3b8e9
                • Instruction ID: 610ac8d58922bf5761f2967587683544c7a8e81ce87e471c87599066b4de7df8
                • Opcode Fuzzy Hash: 0eb79d78b4156cde0e7597d00955becc713e54e52065b28fe25e8d6826f3b8e9
                • Instruction Fuzzy Hash: B5212172A153519FD710AFB5ACC497E7EE8B2AF704729483FD101D2660D77848869B0C
                APIs
                  • Part of subcall function 00413F90: SendMessageA.USER32(?,00000405,00000000,00000000), ref: 00413FA7
                  • Part of subcall function 00429EF0: _DebugHeapAllocator.LIBCPMTD ref: 00429F27
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FCA9
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FCC5
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FCD7
                  • Part of subcall function 00430500: Sleep.KERNEL32(0000000A,?,00000001,00000000), ref: 0043057F
                  • Part of subcall function 00430500: Sleep.KERNEL32(00000032), ref: 00430589
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FD3E
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FD5A
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FD6C
                • Sleep.KERNEL32(000003E8,?,?,0048783C,?,?,0000000A), ref: 0042FD87
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FD95
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FDA7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep$MessageSend
                • String ID: $1=%0.4f$2=%0.4f$T1=$T2=$invalid
                • API String ID: 2683350115-650562186
                • Opcode ID: d4ffa691ad82a6e162bb2a9fe8972cb7a94153e25fb12e02d79a123bd910516a
                • Instruction ID: 4ed8d9bcada4c82383ffebf9351c2192693b98010bc04089d42cbdfaf2d8c240
                • Opcode Fuzzy Hash: d4ffa691ad82a6e162bb2a9fe8972cb7a94153e25fb12e02d79a123bd910516a
                • Instruction Fuzzy Hash: 26914DB1D00218DBCB24EF54DD95BEDB7B4BB14308F1041AEE559672C1EB746A84CF98
                APIs
                  • Part of subcall function 00413F90: SendMessageA.USER32(?,00000405,00000000,00000000), ref: 00413FA7
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FFB0
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 0042FFC2
                  • Part of subcall function 00430500: Sleep.KERNEL32(0000000A,?,00000001,00000000), ref: 0043057F
                  • Part of subcall function 00430500: Sleep.KERNEL32(00000032), ref: 00430589
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep$MessageSend
                • String ID: $T1=$T2=$invalid$invalid$invalid
                • API String ID: 2683350115-362389388
                • Opcode ID: bcd85238750fe95f8afcf7225d49c6b2d29fa56287647ff0ab95f7c7aa580f02
                • Instruction ID: c033ba14e1e2fd76713c1496c1eb78187c77389d3ce7ed2fa10fde073088a5a1
                • Opcode Fuzzy Hash: bcd85238750fe95f8afcf7225d49c6b2d29fa56287647ff0ab95f7c7aa580f02
                • Instruction Fuzzy Hash: 9CD13AB090021DDBDB24EF51CC95BEDB774BB18314F1082AAE15A272D1DB785B85CF88
                APIs
                • _memset.LIBCMT ref: 004353DA
                • _DebugHeapAllocator.LIBCPMTD ref: 00435585
                • _DebugHeapAllocator.LIBCPMTD ref: 00435410
                  • Part of subcall function 00435610: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 0043568F
                • _DebugHeapAllocator.LIBCPMTD ref: 0043546B
                • _DebugHeapAllocator.LIBCPMTD ref: 004354C6
                • _DebugHeapAllocator.LIBCPMTD ref: 00435521
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep_memset
                • String ID: c=%0.8X$k=%0.8X$l=0$l=1$o=%0.8X$s=%0.8X
                • API String ID: 301905206-1886488304
                • Opcode ID: e6aa07c6d633e380742061706e460fc0351ef84476039431d6f5b4a2db22e8b8
                • Instruction ID: 7eebc1a5783f94b91ed2834f801cddba8458279b3197de6a539fb53b5834a7b4
                • Opcode Fuzzy Hash: e6aa07c6d633e380742061706e460fc0351ef84476039431d6f5b4a2db22e8b8
                • Instruction Fuzzy Hash: 44719071A00608EBCB04DF94D9929FEBBB5FF48314F14451AF909AB381E735EA41CB98
                APIs
                • _memset.LIBCMT ref: 00434D1A
                • _DebugHeapAllocator.LIBCPMTD ref: 00434EB3
                • _DebugHeapAllocator.LIBCPMTD ref: 00434D50
                  • Part of subcall function 00435610: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 0043568F
                • _DebugHeapAllocator.LIBCPMTD ref: 00434DAB
                • _DebugHeapAllocator.LIBCPMTD ref: 00434DFA
                • _DebugHeapAllocator.LIBCPMTD ref: 00434E4F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep_memset
                • String ID: l=0$l=1$s=%0.8X$u=%0.2X$w=%0.4X$x=%0.8X
                • API String ID: 301905206-3991999562
                • Opcode ID: 8a1e9eee748c81ffad1cc840773a766f8b831749246d0c74f2f1688c677588b1
                • Instruction ID: 9c661a56eddd843cb25aa7d5cec6378d2c477cb37df1ca0bfdd361df09233431
                • Opcode Fuzzy Hash: 8a1e9eee748c81ffad1cc840773a766f8b831749246d0c74f2f1688c677588b1
                • Instruction Fuzzy Hash: CD717F71910208ABCB04EF55D892EEEBB75FF88314F10465EF9056B3D1E739AA41CB98
                APIs
                • SafeRWList.LIBCMTD ref: 004243DB
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 00437083
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 00437097
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 004370AB
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 004370BF
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 004370D3
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 004370E7
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 004370FB
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 0043710F
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 00437123
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 00437139
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 00437150
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 00437167
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 0043717D
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 00437194
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 004371AB
                  • Part of subcall function 00437070: _strcat.LIBCMT ref: 004371C1
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$ListSafe
                • String ID: %0.2f$Comm Error$Communication Error, Check Cables & Try Again$FlowRate$FlowRateUnits$FlowTotal$FlowTotalUnits$Ver$_$verlbtext$vertext
                • API String ID: 88153947-4243142777
                • Opcode ID: b3c865d6ff61b2a25cb2ae548fa88e93ec70d4187334a2d9218cca9f05f1c2ac
                • Instruction ID: 3666501489f20056deaf48a0dc76d11dd57ce57ff60ed4e92954979b65766a2b
                • Opcode Fuzzy Hash: b3c865d6ff61b2a25cb2ae548fa88e93ec70d4187334a2d9218cca9f05f1c2ac
                • Instruction Fuzzy Hash: C1815B3090056CDADB28EB15DDA2BEEB771AF50308F5040EEA109672C2DB782F85DF58
                APIs
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                  • Part of subcall function 00403CD0: _DebugHeapAllocator.LIBCPMTD ref: 00403D07
                  • Part of subcall function 00413C10: _DebugHeapAllocator.LIBCPMTD ref: 00413C3D
                  • Part of subcall function 00413C10: _DebugHeapAllocator.LIBCPMTD ref: 00413C6E
                  • Part of subcall function 00413C10: _DebugHeapAllocator.LIBCPMTD ref: 00413C84
                  • Part of subcall function 00413C10: _DebugHeapAllocator.LIBCPMTD ref: 00413D1E
                • _DebugHeapAllocator.LIBCPMTD ref: 0041359D
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 004135AA
                  • Part of subcall function 00413EC0: _DebugHeapAllocator.LIBCPMTD ref: 00413ECE
                • _DebugHeapAllocator.LIBCPMTD ref: 004135B7
                • _DebugHeapAllocator.LIBCPMTD ref: 004135C4
                • _DebugHeapAllocator.LIBCPMTD ref: 004135D1
                  • Part of subcall function 00441BDB: __EH_prolog3_catch.LIBCMT ref: 00441BE2
                  • Part of subcall function 00441BDB: FindResourceA.KERNEL32(?,?,00000005), ref: 00441C15
                  • Part of subcall function 00441BDB: LoadResource.KERNEL32(?,00000000), ref: 00441C1D
                  • Part of subcall function 00441BDB: LockResource.KERNEL32(?,00000024,004070BD,34224227), ref: 00441C2E
                Strings
                • 4. The RS-485 port of the device must be connected to the PC using the A302-20 cable., xrefs: 004135C9
                • 'B"4, xrefs: 0041352E, 00413567, 0041357E
                • To run the RS-485 test:, xrefs: 00413595
                • 3. Address must be set to 1., xrefs: 004135BC
                • 341 RS-485 Test, xrefs: 0041354C
                • 2. Bit rate must be set to 9600., xrefs: 004135AF
                • 1. The device must be in Modbus mode., xrefs: 004135A2
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Resource$FindH_prolog3_catchLoadLock
                • String ID: 'B"4$1. The device must be in Modbus mode.$2. Bit rate must be set to 9600.$3. Address must be set to 1.$341 RS-485 Test$4. The RS-485 port of the device must be connected to the PC using the A302-20 cable.$To run the RS-485 test:
                • API String ID: 2805003363-1106300536
                • Opcode ID: a1bd30fed090238f0ae16043b3ad2b18f8586b530efef6e6449db94ac2b858f3
                • Instruction ID: 329ffd27dd9ff724fd47f35f37d7061bb1ea748633faa375770037eb85118add
                • Opcode Fuzzy Hash: a1bd30fed090238f0ae16043b3ad2b18f8586b530efef6e6449db94ac2b858f3
                • Instruction Fuzzy Hash: 7E315A70914218ABCB15EF65CD52BEEB778AB14705F5046AFE019631D1DF782B48CB88
                APIs
                • SafeRWList.LIBCMTD ref: 0041D8F6
                  • Part of subcall function 0044CD90: __EH_prolog3_catch.LIBCMT ref: 0044CD97
                  • Part of subcall function 0044CD90: _DebugHeapAllocator.LIBCPMTD ref: 0044CDDD
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 004483E3: EnableWindow.USER32(?,00000478), ref: 004483F4
                  • Part of subcall function 0044816A: GetDlgItemInt.USER32(?,00000000,00000400,0040B862), ref: 00448181
                  • Part of subcall function 004473B4: GetDlgItem.USER32(?,?), ref: 004473D8
                  • Part of subcall function 004473B4: GetWindowTextLengthA.USER32(00000000), ref: 004473E5
                  • Part of subcall function 004473B4: GetWindowTextA.USER32(00000000,00000000,00000000), ref: 004473F9
                  • Part of subcall function 00464572: __atof_l.LIBCMT ref: 0046457C
                  • Part of subcall function 00448215: IsDlgButtonChecked.USER32(?,0000040C), ref: 00448226
                  • Part of subcall function 00435380: _memset.LIBCMT ref: 004353DA
                  • Part of subcall function 00435380: _DebugHeapAllocator.LIBCPMTD ref: 00435410
                  • Part of subcall function 00435380: _DebugHeapAllocator.LIBCPMTD ref: 0043546B
                Strings
                • 'B"4, xrefs: 0041DB35
                • Sending Parameters, xrefs: 0041D901
                • Idle, xrefs: 0041DBE4
                • Comm Error, xrefs: 0041DB73
                • Retrieving Parameters, xrefs: 0041DB0E
                • Filter Coeff. Error, xrefs: 0041DA88
                • Error Communicating to Module, The Port Is Not Open, xrefs: 0041DB62
                • Comm Error, xrefs: 0041DB5D
                • Error Communicating to Module, Not All Parameters Were Received, xrefs: 0041DB78
                • Error In Filter Coefficient, Value Must Be Between 0.001 and 1.0, xrefs: 0041DA8D
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeapItemWindow$Text$ButtonCheckedEnableH_prolog3_catchLengthListSafe__atof_l_memset
                • String ID: 'B"4$Comm Error$Comm Error$Error Communicating to Module, Not All Parameters Were Received$Error Communicating to Module, The Port Is Not Open$Error In Filter Coefficient, Value Must Be Between 0.001 and 1.0$Filter Coeff. Error$Idle$Retrieving Parameters$Sending Parameters
                • API String ID: 3391584478-2511034040
                • Opcode ID: b33d1a0dbc7ab2e19e6bb0e7135f1741aa68bf9c453920500f3dd384ea99fd2b
                • Instruction ID: 35de080b3a0cbaaab48b5b596c6aa217c91a31befc4c6dbb73c58353eb7ce614
                • Opcode Fuzzy Hash: b33d1a0dbc7ab2e19e6bb0e7135f1741aa68bf9c453920500f3dd384ea99fd2b
                • Instruction Fuzzy Hash: 36A14F70E402189BEB14EFA9CC92BEDBB71BF80708F10456EE5057B2D2DE796945CB48
                APIs
                • PurgeComm.KERNEL32(?,0000000F), ref: 00440766
                  • Part of subcall function 00440A30: CloseHandle.KERNEL32(?,?,?,0041F7D8,34224227), ref: 00440A45
                • _sprintf.LIBCMT ref: 004405CD
                • _sprintf.LIBCMT ref: 004405EF
                  • Part of subcall function 0046440B: __output_l.LIBCMT ref: 00464460
                • Sleep.KERNEL32(000001F4), ref: 004405FC
                • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 00440615
                • SetCommTimeouts.KERNEL32(FFFFFFFF,FFFFFFDB), ref: 00440693
                • GetCommState.KERNEL32(?,FFFFFFF7), ref: 004406AE
                • BuildCommDCBA.KERNEL32(?,FFFFFFF7), ref: 004406ED
                • SetCommState.KERNEL32(?,FFFFFFF7,?,FFFFFFF7), ref: 00440704
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Comm$State_sprintf$BuildCloseCreateFileHandlePurgeSleepTimeouts__output_l
                • String ID: \\.\COM%d$baud=%d parity=%c data=%d stop=%d
                • API String ID: 2036488472-3679282071
                • Opcode ID: 0b59b24c2fdda3b2e5b5f919d58efced94c3beab146ccaa83ff007cecd598255
                • Instruction ID: e3e4d336557d27a5e8c7053ee506f8f26afba940523e2726947144263f46bb87
                • Opcode Fuzzy Hash: 0b59b24c2fdda3b2e5b5f919d58efced94c3beab146ccaa83ff007cecd598255
                • Instruction Fuzzy Hash: FF6191B4A002089FDB04DFA4D881AAEBBB4BF4C324F245259E515BB3D1D734E991CFA5
                APIs
                  • Part of subcall function 00440A30: CloseHandle.KERNEL32(?,?,?,0041F7D8,34224227), ref: 00440A45
                • _sprintf.LIBCMT ref: 004407E0
                • _sprintf.LIBCMT ref: 00440805
                  • Part of subcall function 0046440B: __output_l.LIBCMT ref: 00464460
                • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 00440820
                • SetCommTimeouts.KERNEL32(?,?), ref: 0044089E
                • GetCommState.KERNEL32(?,?), ref: 004408B9
                • BuildCommDCBA.KERNEL32(?,?), ref: 004408F8
                • SetCommState.KERNEL32(?,?,?,?), ref: 0044090F
                • PurgeComm.KERNEL32(?,0000000F,?,?), ref: 00440971
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Comm$State_sprintf$BuildCloseCreateFileHandlePurgeTimeouts__output_l
                • String ID: N$\\.\COM%d$baud=%d parity=%c data=%d stop=%d
                • API String ID: 408427903-2364965048
                • Opcode ID: c7d778b09f94a63c7ff8f69933ac93510b3715f4788d6918aa26aa4565d18bd3
                • Instruction ID: 5c9409eec9cef9ab1073b578208632dbfc8180dc09a5edf5b5161927d7e728c4
                • Opcode Fuzzy Hash: c7d778b09f94a63c7ff8f69933ac93510b3715f4788d6918aa26aa4565d18bd3
                • Instruction Fuzzy Hash: 686160B0A01208EFEB04DFA4D981AAEB7B6BF48314F204259F515AB391D734EE51CB59
                APIs
                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00498F68,0000000C,0046A377,00000000,00000000,?,00000078,00467B7D,0046774F,?,x'B"4,00441427,x'B"4), ref: 0046A24E
                • __crt_waiting_on_module_handle.LIBCMT ref: 0046A259
                  • Part of subcall function 0046842B: Sleep.KERNEL32(000003E8,?,?,0046A162,KERNEL32.DLL,?,00472467,?,00467749,00000078,?,x'B"4,00441427,x'B"4), ref: 00468437
                  • Part of subcall function 0046842B: GetModuleHandleW.KERNEL32(00000078,?,?,0046A162,KERNEL32.DLL,?,00472467,?,00467749,00000078,?,x'B"4,00441427,x'B"4), ref: 00468440
                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0046A282
                • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0046A292
                • __lock.LIBCMT ref: 0046A2B4
                • InterlockedIncrement.KERNEL32(?), ref: 0046A2C1
                • __lock.LIBCMT ref: 0046A2D5
                • ___addlocaleref.LIBCMT ref: 0046A2F3
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                • API String ID: 1028249917-2843748187
                • Opcode ID: f8ff2b9567d310120a4c626d36bf7455a5ed4bb7fcaa16ddc722ab1c450155b1
                • Instruction ID: d6b369809b578fc4b5d4dd34ad175ee0cb223ab1921b9d8b6048b53de5b71311
                • Opcode Fuzzy Hash: f8ff2b9567d310120a4c626d36bf7455a5ed4bb7fcaa16ddc722ab1c450155b1
                • Instruction Fuzzy Hash: 4811C371944701DED710EF2AD801B4ABBE0AF04318F10497FE499A3391EB7899448F5E
                APIs
                • FindResourceA.KERNEL32(00000000,?,?), ref: 0043AB87
                • LoadResource.KERNEL32(00000000,00000000), ref: 0043ABA0
                • SizeofResource.KERNEL32(00000000,00000000), ref: 0043ABC0
                • GlobalAlloc.KERNEL32(00000022,?), ref: 0043ABCF
                • FreeResource.KERNEL32(00000000), ref: 0043ABE2
                • GlobalLock.KERNEL32(00000000), ref: 0043ABF3
                • LockResource.KERNEL32(00000000), ref: 0043AC00
                • GlobalFree.KERNEL32(00000000), ref: 0043AC19
                • FreeResource.KERNEL32(00000000), ref: 0043AC23
                • FreeResource.KERNEL32(00000000), ref: 0043AC45
                • GlobalUnlock.KERNEL32(00000000), ref: 0043AC4F
                • GlobalFree.KERNEL32(00000000), ref: 0043AC6C
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Resource$FreeGlobal$Lock$AllocFindLoadSizeofUnlock
                • String ID:
                • API String ID: 3545571320-0
                • Opcode ID: 8424c15e79d9203c0a3a27a0742ec8e05957ff7b34a569cd228ee3a8efbf1092
                • Instruction ID: 2b27b82f664e26113df1302d607f8ec84f449f9397a28e33aa4926a9779f6f46
                • Opcode Fuzzy Hash: 8424c15e79d9203c0a3a27a0742ec8e05957ff7b34a569cd228ee3a8efbf1092
                • Instruction Fuzzy Hash: 893100B5D00209EFCB04EFE5D849AAFB7B9BF4C301F105A69E506E7251D7389980CB69
                APIs
                • SafeRWList.LIBCMTD ref: 00421777
                  • Part of subcall function 004293F0: _strcat.LIBCMT ref: 00429403
                  • Part of subcall function 004293F0: _strcat.LIBCMT ref: 00429417
                  • Part of subcall function 004293F0: _strcat.LIBCMT ref: 0042942B
                  • Part of subcall function 004293F0: _strcat.LIBCMT ref: 0042943F
                  • Part of subcall function 004293F0: _strcat.LIBCMT ref: 00429453
                  • Part of subcall function 004293F0: _strcat.LIBCMT ref: 00429467
                  • Part of subcall function 004293F0: _strcat.LIBCMT ref: 0042947B
                  • Part of subcall function 004293F0: _strcat.LIBCMT ref: 0042948F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$ListSafe
                • String ID: %0.2f$%0.4x$Comm Error$Communication Error, Check Cables & Try Again$FlowRate$FlowRateUnits$Ver$verlbtext$vertext
                • API String ID: 88153947-2867105825
                • Opcode ID: f8445e4836a6fd9f7d243ff7ddb30325688508e6c7f06dd874c45c51e53bb729
                • Instruction ID: 962e2be288f7f91a5f6ae4d94b17ed674e5cdae23c34ae713b5c5bd539227b7b
                • Opcode Fuzzy Hash: f8445e4836a6fd9f7d243ff7ddb30325688508e6c7f06dd874c45c51e53bb729
                • Instruction Fuzzy Hash: A281283090116CDBDB14EB64DD96BEEB771AF11308F6040EEA10967292DB782F85CF99
                APIs
                • SafeRWList.LIBCMTD ref: 004239FA
                  • Part of subcall function 00433D90: _strcat.LIBCMT ref: 00433DA3
                  • Part of subcall function 00433D90: _strcat.LIBCMT ref: 00433DB7
                  • Part of subcall function 00433D90: _strcat.LIBCMT ref: 00433DCB
                  • Part of subcall function 00433D90: _strcat.LIBCMT ref: 00433DDF
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$ListSafe
                • String ID: %0.2f$Comm Error$Communication Error, Check Cables & Try Again$FlowRate$FlowRateUnits$G$Ver$verlbtext$vertext
                • API String ID: 88153947-1851351231
                • Opcode ID: dc21b616f05bb1020746d8487bb4647a58c504122bb128d311f12544fd403b8c
                • Instruction ID: f91e81b78dff8b5db6715d46d96bb8ee830c71e89093f68627efc986dde7534d
                • Opcode Fuzzy Hash: dc21b616f05bb1020746d8487bb4647a58c504122bb128d311f12544fd403b8c
                • Instruction Fuzzy Hash: 4581087090116CDAEB28EB64DD92BEDB770AF15308F5045EEA10967281DB782F84CF59
                APIs
                • SafeRWList.LIBCMTD ref: 00421A38
                  • Part of subcall function 00429F70: _strcat.LIBCMT ref: 00429F83
                  • Part of subcall function 00429F70: _strcat.LIBCMT ref: 00429F97
                  • Part of subcall function 00429F70: _strcat.LIBCMT ref: 00429FAB
                  • Part of subcall function 00429F70: _strcat.LIBCMT ref: 00429FBF
                  • Part of subcall function 00429F70: _strcat.LIBCMT ref: 00429FD3
                  • Part of subcall function 00429F70: _strcat.LIBCMT ref: 00429FE7
                  • Part of subcall function 00429F70: _strcat.LIBCMT ref: 00429FFB
                  • Part of subcall function 00429F70: _strcat.LIBCMT ref: 0042A00F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$ListSafe
                • String ID: %0.2f$%0.4x$Comm Error$Communication Error, Check Cables & Try Again$FlowRate$FlowRateUnits$Ver$verlbtext$vertext
                • API String ID: 88153947-2867105825
                • Opcode ID: 1ce5c54c4550e2785478e9e55452063874a39144a25f7629a8389edf08e3ac14
                • Instruction ID: 56af6e70783e25d97114e56f5cc87ab00b330dc0987c68e23d6baa6e4d649790
                • Opcode Fuzzy Hash: 1ce5c54c4550e2785478e9e55452063874a39144a25f7629a8389edf08e3ac14
                • Instruction Fuzzy Hash: 2A814B3090126CDBDB18EB24DD95BEEB770AF15308F9081EE910967291DB782E85CF99
                APIs
                • GetModuleHandleA.KERNEL32(KERNEL32), ref: 0044D415
                • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 0044D432
                • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 0044D43F
                • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 0044D44C
                • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 0044D459
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressProc$HandleModule
                • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                • API String ID: 667068680-3617302793
                • Opcode ID: 255f87ac980fa2c0d795cd92c0e09901c103bc1c4f43bd5861f017d55121c1f9
                • Instruction ID: 980f1a54cf5db2c4d30af1fcb758029ac59be1ff41194b77c2518603a9565574
                • Opcode Fuzzy Hash: 255f87ac980fa2c0d795cd92c0e09901c103bc1c4f43bd5861f017d55121c1f9
                • Instruction Fuzzy Hash: 5B115671D05210ABEB34AFFAAC8581FFFE8A6967A0714457FE208D3220DA785844DB5D
                APIs
                • GetModuleHandleA.KERNEL32(KERNEL32,004497B6), ref: 004496AA
                • GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 004496CB
                • GetProcAddress.KERNEL32(ReleaseActCtx), ref: 004496DD
                • GetProcAddress.KERNEL32(ActivateActCtx), ref: 004496EF
                • GetProcAddress.KERNEL32(DeactivateActCtx), ref: 00449701
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressProc$Exception@8HandleModuleThrow
                • String ID: ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
                • API String ID: 2144170044-2424895508
                • Opcode ID: b82d100d65e2ca4703a5dc7a6fadbb1d1bcee5b2510ffa85c816d002f0c8f585
                • Instruction ID: 384a9c3e3628078a0de021afd21992e5d77d912507ee04f03dedd004e3b736d2
                • Opcode Fuzzy Hash: b82d100d65e2ca4703a5dc7a6fadbb1d1bcee5b2510ffa85c816d002f0c8f585
                • Instruction Fuzzy Hash: 85F07AB4964714FADB196BB5AC4961A3E64B70A720F240777E60492261DF784841DF8C
                APIs
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB03
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB17
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB2B
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB3F
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB53
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB67
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB7B
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB8F
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABA3
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABB7
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABCE
                • SafeRWList.LIBCMTD ref: 00405326
                  • Part of subcall function 00405700: LoadBitmapA.USER32(00000000,?), ref: 00405723
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$BitmapListLoadSafe
                • String ID: %0.0f$%0.0f$%0.0f$%0.0f$%0.2f$'B"4$YES$YES
                • API String ID: 3922484042-834744783
                • Opcode ID: dc828638b86934c12d546a21040b498f7d4b57b317325edf32ab2db2eb17c0a7
                • Instruction ID: 323e39c96211d7eaa6469f511ad1b9ccd837271e2eb08b5ff23e422b9352c253
                • Opcode Fuzzy Hash: dc828638b86934c12d546a21040b498f7d4b57b317325edf32ab2db2eb17c0a7
                • Instruction Fuzzy Hash: 99A15F70A40218EBEB24EB21DD92BEDB771AB44704F5081EEA5097B2D2DE781F44CF58
                APIs
                • SafeRWList.LIBCMTD ref: 0041CA29
                  • Part of subcall function 0044CD90: __EH_prolog3_catch.LIBCMT ref: 0044CD97
                  • Part of subcall function 0044CD90: _DebugHeapAllocator.LIBCPMTD ref: 0044CDDD
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 004483E3: EnableWindow.USER32(?,00000478), ref: 004483F4
                  • Part of subcall function 0044816A: GetDlgItemInt.USER32(?,00000000,00000400,0040B862), ref: 00448181
                  • Part of subcall function 004473B4: GetDlgItem.USER32(?,?), ref: 004473D8
                  • Part of subcall function 004473B4: GetWindowTextLengthA.USER32(00000000), ref: 004473E5
                  • Part of subcall function 004473B4: GetWindowTextA.USER32(00000000,00000000,00000000), ref: 004473F9
                  • Part of subcall function 00464572: __atof_l.LIBCMT ref: 0046457C
                  • Part of subcall function 00404180: SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404197
                  • Part of subcall function 00448215: IsDlgButtonChecked.USER32(?,0000040C), ref: 00448226
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ItemWindow$Text$AllocatorButtonCheckedDebugEnableH_prolog3_catchHeapLengthListMessageSafeSend__atof_l
                • String ID: 'B"4$Comm Error$Comm Error$Error Communicating to Module, Not All Parameters Were Received$Error Communicating to Module, The Port Is Not Open$Idle$Retrieving Parameters$Sending Parameters
                • API String ID: 399133096-1490950849
                • Opcode ID: 9b4fd561e1fc6c63a8c2caa5ae9291563f1fcb5c9069e864800dbe818e636535
                • Instruction ID: 818685f2625cb6b65774072fa7b966a25b2b0b1e0aac95d5fbd723809776d012
                • Opcode Fuzzy Hash: 9b4fd561e1fc6c63a8c2caa5ae9291563f1fcb5c9069e864800dbe818e636535
                • Instruction Fuzzy Hash: 23A15470A402199BEB24EB65CD92BDDB771BF44704F1081AEE249BB2C2DE795E41CF48
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat
                • String ID: 'B"4$gph$gpm$l/min$l/sec
                • API String ID: 1765576173-2557525584
                • Opcode ID: 929b27b624848de541fee7b115164f131be6de25b591ddfbd74f4bde16ea1083
                • Instruction ID: a59a786713e01d153604be565e24937f964fec141da365a117513f2ed862336f
                • Opcode Fuzzy Hash: 929b27b624848de541fee7b115164f131be6de25b591ddfbd74f4bde16ea1083
                • Instruction Fuzzy Hash: BD019A78A01208E7CB04FB85FD8695CB735BB94349B300889E84427346EA36EF249399
                APIs
                • ___set_flsgetvalue.LIBCMT ref: 004670F1
                  • Part of subcall function 0046A1AE: TlsGetValue.KERNEL32(00000078,0046A33A,?,00000078,00467B7D,0046774F,?,x'B"4,00441427,x'B"4,?,?,004028BC,x'B"4,?,0040102C), ref: 0046A1B7
                  • Part of subcall function 0046A1AE: __decode_pointer.LIBCMT ref: 0046A1C9
                  • Part of subcall function 0046A1AE: TlsSetValue.KERNEL32(00000000,00000078,00467B7D,0046774F,?,x'B"4,00441427,x'B"4,?,?,004028BC,x'B"4,?,0040102C,00000078,34224227), ref: 0046A1D8
                • ___fls_getvalue@4.LIBCMT ref: 004670FC
                  • Part of subcall function 0046A18E: TlsGetValue.KERNEL32(?,?,00467101,00000000), ref: 0046A19C
                • ___fls_setvalue@8.LIBCMT ref: 0046710F
                  • Part of subcall function 0046A1E2: __decode_pointer.LIBCMT ref: 0046A1F3
                • GetLastError.KERNEL32(00000000,?,00000000), ref: 00467118
                • ExitThread.KERNEL32 ref: 0046711F
                • GetCurrentThreadId.KERNEL32 ref: 00467125
                • __freefls@4.LIBCMT ref: 00467145
                • __IsNonwritableInCurrentImage.LIBCMT ref: 00467158
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                • String ID: ~(D
                • API String ID: 1925773019-2378348395
                • Opcode ID: 896209e4a7778b8874c89cc4cdc038314f449a4bbf9a74304fb1eb970058f7dd
                • Instruction ID: 3c373e7041df3d256b6dadcd5e74c10d9e18ff6af319587235f873b05ec098ea
                • Opcode Fuzzy Hash: 896209e4a7778b8874c89cc4cdc038314f449a4bbf9a74304fb1eb970058f7dd
                • Instruction Fuzzy Hash: 610175301446409BD7046F66D84988A37599F46349B20856FE50497352FA38DC81CF6F
                APIs
                  • Part of subcall function 00448607: SetWindowPos.USER32(?,000000FF,?,?,00000000,00444387,?,?,00444387,00000000,?,?,000000FF,000000FF,00000015), ref: 0044862F
                • GetDC.USER32(00000000), ref: 0043BE88
                • CreateCompatibleDC.GDI32(00000000), ref: 0043BEA2
                • ReleaseDC.USER32(00000000,00000000), ref: 0043BEC8
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CompatibleCreateReleaseWindow
                • String ID:
                • API String ID: 4157512321-0
                • Opcode ID: 62fbee62e2ae05e18cb8776ae480d2ec4c8fd39dab656ccc6970b3a9255606e8
                • Instruction ID: 777047f3159b652f577142b0f3a7970c50da6852ce0a31d2c763b10ec6aea30b
                • Opcode Fuzzy Hash: 62fbee62e2ae05e18cb8776ae480d2ec4c8fd39dab656ccc6970b3a9255606e8
                • Instruction Fuzzy Hash: 6D41CBB5A00209EFDB04DFA4C845FAEBBB5FB4C314F104668E6099B341D775A981CFA5
                APIs
                • __EH_prolog3.LIBCMT ref: 0044C17C
                • VariantInit.OLEAUT32(00000000), ref: 0044C1AC
                • VariantInit.OLEAUT32(?), ref: 0044C1B2
                • VariantClear.OLEAUT32(?), ref: 0044C1FB
                • VariantClear.OLEAUT32(?), ref: 0044C201
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                • VariantClear.OLEAUT32(?), ref: 0044C30F
                • VariantClear.OLEAUT32(?), ref: 0044C315
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Variant$Clear$Init$AllocatorDebugException@8H_prolog3HeapThrow
                • String ID: p=<u
                • API String ID: 3895694678-894760207
                • Opcode ID: a90e9c7c1c163000c7e1e0c2cbe99ee9cf864a60de557e6b6b1adbf4ca71e5cb
                • Instruction ID: a0d8756cc31374aa17caab80a5c0ff48cc312ac84d83d52a045b772e07ddb59b
                • Opcode Fuzzy Hash: a90e9c7c1c163000c7e1e0c2cbe99ee9cf864a60de557e6b6b1adbf4ca71e5cb
                • Instruction Fuzzy Hash: C7614971D0124ADFDF00DFE4C8C49AEBBB5BF49314B2884AAE905EB250C7789D45CB55
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 0043F4E4
                  • Part of subcall function 0043EDE0: RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00000001,?), ref: 0043EE04
                • _DebugHeapAllocator.LIBCPMTD ref: 0043F51C
                • RegOpenKeyExA.ADVAPI32(00000001,00000000,00000000,00020019,?,?,34224227), ref: 0043F577
                • _DebugHeapAllocator.LIBCPMTD ref: 0043F597
                • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000001,?,000000FF,?,34224227), ref: 0043F5EC
                • RegCloseKey.ADVAPI32(?,?,34224227), ref: 0043F610
                • _DebugHeapAllocator.LIBCPMTD ref: 0043F623
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Open$CloseQueryValue
                • String ID: 'B"4
                • API String ID: 3922135804-3921257376
                • Opcode ID: 68829b91096a1ad50324e215601ddacee5a6152fab4843b47c9204a912804c23
                • Instruction ID: 14aaf4af3a9e41c6595cc17ec34ac72169d3c6e0607a4a2f49428bb0becea107
                • Opcode Fuzzy Hash: 68829b91096a1ad50324e215601ddacee5a6152fab4843b47c9204a912804c23
                • Instruction Fuzzy Hash: 746128B0900218DBCB14DF65C955BEEB7B4BF08304F1082AAE559A72D0DB786A85CF98
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strncmp
                • String ID: 19200$38400$76800$9600
                • API String ID: 909875538-3534658293
                • Opcode ID: 271bbfa53d82d542a4692bb94616f5123e7cd656fa4fb81608fbafd88062e5a2
                • Instruction ID: 8b511ec1620e567eb32590c622ddafbbf304e17e70665ad376b1aa8304466136
                • Opcode Fuzzy Hash: 271bbfa53d82d542a4692bb94616f5123e7cd656fa4fb81608fbafd88062e5a2
                • Instruction Fuzzy Hash: 873166B0B4020CFBD724DB51CD57B9EB3B5AB18305F2045AAA6056B3C1EA78DB458F8D
                APIs
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                • _sprintf.LIBCMT ref: 004197D0
                  • Part of subcall function 004041E0: SendMessageA.USER32(?,0000014A,00000453,?), ref: 004041FB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ItemMessageSend_sprintf
                • String ID: 19200$38400$76800$9600$ASCII$RTU$c
                • API String ID: 58168591-2584352330
                • Opcode ID: d13f5fb12163f038bdd0379341fdeff60c6bd47d0ee5ab88861afb977aa4a177
                • Instruction ID: adba8dabd8ea70792b02a7bd0511c3c16d3fa0dedb1c8b4e89c8039b3b106380
                • Opcode Fuzzy Hash: d13f5fb12163f038bdd0379341fdeff60c6bd47d0ee5ab88861afb977aa4a177
                • Instruction Fuzzy Hash: 19311CB4A502199BDB04EF96DC53BBEB771AF94B04F00042EF6117B2D1DAB52E40C788
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _sprintf$_strcat$__output_l
                • String ID: %0.2X$%0.2X$:%0.2X%0.2X
                • API String ID: 215340125-808475368
                • Opcode ID: e73e5b335820600cf0e80edd65d210a2b4fd01427e4a69741651f6832bca1bff
                • Instruction ID: 88864b69fd0d7b5147b0725010bbc2a0587e4f397f274b5d96c1e0416cb675fb
                • Opcode Fuzzy Hash: e73e5b335820600cf0e80edd65d210a2b4fd01427e4a69741651f6832bca1bff
                • Instruction Fuzzy Hash: 5431F0B1D1426D9BCB00DFA5DC51FEEB7B8AF59304F0081DEB44892242EA389B04CFA5
                APIs
                • GetStockObject.GDI32(00000011), ref: 00451E6D
                • GetStockObject.GDI32(0000000D), ref: 00451E75
                • GetObjectA.GDI32(00000000,0000003C,?), ref: 00451E82
                • GetDC.USER32(00000000), ref: 00451E91
                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00451EA5
                • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 00451EB1
                • ReleaseDC.USER32(00000000,00000000), ref: 00451EBD
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Object$Stock$CapsDeviceRelease
                • String ID: System
                • API String ID: 46613423-3470857405
                • Opcode ID: 7fc707173b5b04845973fe7ed85f8dac94c835af125533cfa32aa55519cf5ece
                • Instruction ID: a3a7e63d743fa9e32dfd59054ea71cdd1284ca9d3710d5c574add511389786e9
                • Opcode Fuzzy Hash: 7fc707173b5b04845973fe7ed85f8dac94c835af125533cfa32aa55519cf5ece
                • Instruction Fuzzy Hash: AC110871600258ABEB109BA2DC46FAF77B8EF18746F00016AFE05A7191DB749D45CB78
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 0041892E
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 00418941
                • _DebugHeapAllocator.LIBCPMTD ref: 004189AD
                • _DebugHeapAllocator.LIBCPMTD ref: 004189C0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap
                • String ID: a direction$a direction$b direction$b direction
                • API String ID: 571936431-1711247751
                • Opcode ID: 9b522752d7a441d307ada28f6aa2fe9d65e75eaea61324e409fd41bf6e02f400
                • Instruction ID: d889f299d83481352e177603b1dc60a29c7f2148753bea5d8553c0ea5b2b6607
                • Opcode Fuzzy Hash: 9b522752d7a441d307ada28f6aa2fe9d65e75eaea61324e409fd41bf6e02f400
                • Instruction Fuzzy Hash: 45213D30A00108EBCB84EB94D6A5BBCB7B1BF44304F7441E9D4852738ACB755FA0E748
                APIs
                • LoadLibraryA.KERNEL32(?), ref: 00477BF1
                • GetLastError.KERNEL32 ref: 00477BFD
                • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 00477C30
                • InterlockedExchange.KERNEL32(?,00000000), ref: 00477C42
                • LocalAlloc.KERNEL32(00000040,00000008), ref: 00477C56
                • FreeLibrary.KERNEL32(00000000), ref: 00477C73
                • GetProcAddress.KERNEL32(?,?), ref: 00477CC8
                • GetLastError.KERNEL32(?,?), ref: 00477CD4
                • RaiseException.KERNEL32(C06D007F,00000000,00000001,?,?,?), ref: 00477D06
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ErrorExceptionLastLibraryRaise$AddressAllocExchangeFreeInterlockedLoadLocalProc
                • String ID:
                • API String ID: 991255547-0
                • Opcode ID: 7d833d726fb497d7674810096c58a8ccf0b0771c4d711037351831573888fcd0
                • Instruction ID: 6d57c381daca855b1236f9e31ad775457dddedd3b607bb85950537cff8759c43
                • Opcode Fuzzy Hash: 7d833d726fb497d7674810096c58a8ccf0b0771c4d711037351831573888fcd0
                • Instruction Fuzzy Hash: D4516D706402059FEB22CFA5D984AEE7BB8EF58340F54806AE609D7390EB74DD44CB69
                APIs
                • GetKeyState.USER32(00000001), ref: 0045C4E6
                • GetCursorPos.USER32(?), ref: 0045C505
                • ScreenToClient.USER32(?,?), ref: 0045C512
                • GetCapture.USER32 ref: 0045C568
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                • ClientToScreen.USER32(?,?), ref: 0045C5AF
                • WindowFromPoint.USER32(?,?), ref: 0045C5BB
                • IsChild.USER32(?,00000000), ref: 0045C5D0
                • KillTimer.USER32(?,0000E001), ref: 0045C60D
                • KillTimer.USER32(?,0000E000), ref: 0045C629
                  • Part of subcall function 00446EF7: GetForegroundWindow.USER32 ref: 00446F0B
                  • Part of subcall function 00446EF7: GetLastActivePopup.USER32(?), ref: 00446F1C
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClientKillScreenTimerWindow$ActiveCaptureChildCursorException@8ForegroundFromLastPointPopupStateThrow
                • String ID:
                • API String ID: 4177878703-0
                • Opcode ID: 8d42e19787cf1112c62a9de593231b6fb4ae7d93ba6e5cc40f20404831aaa26a
                • Instruction ID: aa17e8d4b1c5fff854d3ca384b798927b7e1bbc97071592ec0628f412f8ef8f8
                • Opcode Fuzzy Hash: 8d42e19787cf1112c62a9de593231b6fb4ae7d93ba6e5cc40f20404831aaa26a
                • Instruction Fuzzy Hash: BF41B931600319EFDB209BB6CD84A6E77B5BF44715F10066AE851D72A2EB34ED45CB48
                APIs
                • __EH_prolog3_catch.LIBCMT ref: 00452313
                • EnterCriticalSection.KERNEL32(00401046,00000010,004525CF,?,00000000,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452324
                • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525,?,?,?,004010A8), ref: 00452342
                • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452376
                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 004523E2
                • _memset.LIBCMT ref: 00452401
                • TlsSetValue.KERNEL32(?,00000000,00000000), ref: 00452412
                • LeaveCriticalSection.KERNEL32(00401046,?,00000000,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525,?,?,?,004010A8), ref: 00452433
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                • String ID:
                • API String ID: 1891723912-0
                • Opcode ID: b7951bd18eb6092dd047cd53cf703773e4f9c02106aee8369328987e80226b1d
                • Instruction ID: 2950dc9a28abd10bb6cb71ac070d79ad815c2fad0fa8507a2a7fc0708ce4dab5
                • Opcode Fuzzy Hash: b7951bd18eb6092dd047cd53cf703773e4f9c02106aee8369328987e80226b1d
                • Instruction Fuzzy Hash: 4231B270400605AFDB20EF21D985C5A77A4FF06315B20C52FFD5697661CB78AD94CF98
                APIs
                  • Part of subcall function 00433D90: _strcat.LIBCMT ref: 00433DA3
                  • Part of subcall function 00433D90: _strcat.LIBCMT ref: 00433DB7
                  • Part of subcall function 00433D90: _strcat.LIBCMT ref: 00433DCB
                  • Part of subcall function 00433D90: _strcat.LIBCMT ref: 00433DDF
                  • Part of subcall function 0044D15B: __EH_prolog3.LIBCMT ref: 0044D162
                  • Part of subcall function 0044D15B: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 0044D197
                  • Part of subcall function 00408D10: GetClientRect.USER32(?,0049C1FC), ref: 00408D22
                  • Part of subcall function 00444BC9: BeginDeferWindowPos.USER32(00000008), ref: 00444C16
                  • Part of subcall function 00444BC9: GetTopWindow.USER32(?), ref: 00444C28
                  • Part of subcall function 00444BC9: CopyRect.USER32(000080E8,00000000), ref: 00444C8B
                  • Part of subcall function 0044CD90: __EH_prolog3_catch.LIBCMT ref: 0044CD97
                  • Part of subcall function 0044CD90: _DebugHeapAllocator.LIBCPMTD ref: 0044CDDD
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 004041E0: SendMessageA.USER32(?,0000014A,00000453,?), ref: 004041FB
                  • Part of subcall function 004041B0: SendMessageA.USER32(?,0000014E,00000453,00000000), ref: 004041C9
                • _sprintf.LIBCMT ref: 00414DEC
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$MessageSend$RectWindow$AllocatorBeginClientCopyDebugDeferH_prolog3H_prolog3_catchHeapItem_sprintf
                • String ID: 400-XXX$401-XXX$402-XXX$410-XXX$411-XXX$Idle
                • API String ID: 639664676-3465624875
                • Opcode ID: 60c73cd838a26753515cb36d5e498bda91267844c2ce75095428005d938ceff2
                • Instruction ID: 0f598efdfac4da08e6a867073df5947017957bfa256515d4af27950b220581e0
                • Opcode Fuzzy Hash: 60c73cd838a26753515cb36d5e498bda91267844c2ce75095428005d938ceff2
                • Instruction Fuzzy Hash: 43713270B402189BEB24EB65DC53FAD7371BF55704F4041AEA2497B2C2CEB82E85CB59
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _sprintf$_memset_strcat
                • String ID: %0.2X$%0.2X$>
                • API String ID: 256563259-2726781862
                • Opcode ID: 054a20b8058be86316f7024641b422cd60b5d01829a193a96250715d9e5457a7
                • Instruction ID: 2007a8871cc8b7a2d5540b73975caa0c4668f7ed4af50242f0673bca1758388b
                • Opcode Fuzzy Hash: 054a20b8058be86316f7024641b422cd60b5d01829a193a96250715d9e5457a7
                • Instruction Fuzzy Hash: 4751DFB190025C9BCB28CF54CC52BEDB7B4AF49304F0082DEE64967281DB785B94CF98
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _memset$_strlen
                • String ID: $$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
                • API String ID: 1975251954-2846204049
                • Opcode ID: 1ca05db7bf2dea3b98525f869b2f5e8900196da292fafb534b8da3f27e993dc2
                • Instruction ID: 58bb73cadb830924f1095c5fa1e8dea39fcd2d320c92cf1e2c9688b9c31f17e8
                • Opcode Fuzzy Hash: 1ca05db7bf2dea3b98525f869b2f5e8900196da292fafb534b8da3f27e993dc2
                • Instruction Fuzzy Hash: 5D4182B5D05218DBCB20DF15DC897DAB7B4AB18304F2082EAE80DA7281D7795F84CF55
                APIs
                • GlobalLock.KERNEL32(?), ref: 0044D7F9
                • lstrcmpA.KERNEL32(?,?,?,?,?,?,?,00445EF5,?), ref: 0044D805
                • OpenPrinterA.WINSPOOL.DRV(?,?,00000000,?,?,?,?,?,00445EF5,?), ref: 0044D817
                • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000,?,?,?,?,?,00445EF5,?), ref: 0044D837
                • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 0044D83F
                • GlobalLock.KERNEL32(00000000), ref: 0044D849
                • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002,?,?,?,?,?,00445EF5,?), ref: 0044D856
                • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002,?,?,?,?,?,00445EF5,?), ref: 0044D86E
                  • Part of subcall function 0045197E: GlobalFlags.KERNEL32(?), ref: 0045198D
                  • Part of subcall function 0045197E: GlobalUnlock.KERNEL32(?), ref: 0045199F
                  • Part of subcall function 0045197E: GlobalFree.KERNEL32(?), ref: 004519AA
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                • String ID:
                • API String ID: 168474834-0
                • Opcode ID: fc1610f1070d33d582ba6c3e168eb1ff92352ea25aaa7492f314f522248d45a8
                • Instruction ID: fbb2a4702cc0e5028cc577e50b11267b45cc0e3c75034b0fa34a96ea63ead8d8
                • Opcode Fuzzy Hash: fc1610f1070d33d582ba6c3e168eb1ff92352ea25aaa7492f314f522248d45a8
                • Instruction Fuzzy Hash: 3211CEB1900500BBDB226BB6CC49DBF7AADEF89704704056EFA18D2121D739C940E729
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID: 'B"4
                • API String ID: 0-3921257376
                • Opcode ID: 7b48e9a922584100817b0a63e06e06cc46ee2cbd419a05a9233ce4dbb7054787
                • Instruction ID: 59a21e77bf9b4218bbc7f5544d89b3a5498bb6ba7948250e4cc2031bb619821c
                • Opcode Fuzzy Hash: 7b48e9a922584100817b0a63e06e06cc46ee2cbd419a05a9233ce4dbb7054787
                • Instruction Fuzzy Hash: 05B1F775A0031DDFCB08DF99D895AAEB7B6FF88304F108519E819AB391DB34AD11CB94
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: FreeString$InitVariant
                • String ID: p=<u
                • API String ID: 3189464208-894760207
                • Opcode ID: 8fe44047b62310e73c3a10fc093daea776350209e17d41c2c988c184d5206a19
                • Instruction ID: 2a8d9d5feea55eab8ae2eb2ca1837e63afc0271e4262470008059a99b9cb7130
                • Opcode Fuzzy Hash: 8fe44047b62310e73c3a10fc093daea776350209e17d41c2c988c184d5206a19
                • Instruction Fuzzy Hash: B4914B75A402099FDB14DFA5C8C896EB7B6FF88305B18846DE406DB350CB39ED81CB15
                APIs
                • __EH_prolog3_GS.LIBCMT ref: 0044FBCC
                • MapDialogRect.USER32(?,?), ref: 0044FC5D
                • SysAllocStringLen.OLEAUT32(?,?), ref: 0044FC7C
                • CLSIDFromString.OLE32(?,00000004), ref: 0044FD6A
                  • Part of subcall function 00441404: _malloc.LIBCMT ref: 00441422
                • CLSIDFromProgID.OLE32(?,00000004), ref: 0044FD72
                • SetWindowPos.USER32(?,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,00000004,00000000,?,?,00000000,?,00000000), ref: 0044FE1A
                • SysFreeString.OLEAUT32(00000000), ref: 0044FE6C
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: String$From$AllocDialogFreeH_prolog3_ProgRectWindow_malloc
                • String ID:
                • API String ID: 2980224915-0
                • Opcode ID: 4f9fd1a12e1f317a60520facdaf02409d10449d479309b647e1853555784f75a
                • Instruction ID: 47e7b0c12f2a30380a6403a2c92479b32e38e7d6dfe2807d9d66ba5500173ff1
                • Opcode Fuzzy Hash: 4f9fd1a12e1f317a60520facdaf02409d10449d479309b647e1853555784f75a
                • Instruction Fuzzy Hash: F2A116B1D002199FDB14DFA9C984AEEBBF4FF08304F20416AE859A7351E774A984CB59
                APIs
                • SafeRWList.LIBCMTD ref: 00425014
                • Sleep.KERNEL32(00000064,00000001,Are you sure you want to clear the current totals?,Warning,00000004,34224227), ref: 004253D1
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ListSafeSleep
                • String ID: Are you sure you want to clear the current totals?$Comm Error$Warning
                • API String ID: 3939174734-3989402819
                • Opcode ID: 54ec348a4cbaca4448a96f22b3ade93dc2d4cd7033c29ae58e174cdd048fb2f3
                • Instruction ID: a1b86c8e6a303f49166e74d2e1e90b91abc0ead8816c5d754b8acbb4c91a1d13
                • Opcode Fuzzy Hash: 54ec348a4cbaca4448a96f22b3ade93dc2d4cd7033c29ae58e174cdd048fb2f3
                • Instruction Fuzzy Hash: F7B1F4709026298BEB64DF19DC51BEEB7B1AF45309F5091EE910D67282DF385E84CF88
                APIs
                  • Part of subcall function 0043B9C0: SetEvent.KERNEL32(000000C0), ref: 0043B9EB
                  • Part of subcall function 0043B9C0: WaitForSingleObject.KERNEL32(C181DC4D,00001388), ref: 0043BA0C
                  • Part of subcall function 0043B9C0: CloseHandle.KERNEL32(C181DC4D), ref: 0043BA1C
                  • Part of subcall function 0043B9C0: ResetEvent.KERNEL32(000000C0), ref: 0043BA39
                • SelectObject.GDI32(00000000,?), ref: 0043A6E6
                • DeleteDC.GDI32(00000000), ref: 0043A6F6
                • DeleteObject.GDI32(?), ref: 0043A706
                • SelectObject.GDI32(00000000,?), ref: 0043A746
                • DeleteDC.GDI32(00000000), ref: 0043A756
                • DeleteObject.GDI32(?), ref: 0043A766
                • SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 0043A795
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Object$Delete$EventSelect$CloseHandleRectResetSingleWait
                • String ID:
                • API String ID: 3139893621-0
                • Opcode ID: 619808b481a62e4d9aa3f72b8e200b6ce672274af78e37ef72d639193f8b3d5b
                • Instruction ID: 052c8841a7cb68b2afeb7aa33018e7dcd4f3525c69e04fe88a9b13d86c4dd212
                • Opcode Fuzzy Hash: 619808b481a62e4d9aa3f72b8e200b6ce672274af78e37ef72d639193f8b3d5b
                • Instruction Fuzzy Hash: FA61A174A002089FDB04DF94C598BEEB7F5BB4C304F2442A9E5096B392CB76AD45CFA5
                APIs
                • __EH_prolog3.LIBCMT ref: 0045A759
                • _memset.LIBCMT ref: 0045A7C5
                  • Part of subcall function 00453E92: _memset.LIBCMT ref: 00453E9E
                • VariantClear.OLEAUT32(?), ref: 0045A805
                • SysFreeString.OLEAUT32(00000000), ref: 0045A886
                • SysFreeString.OLEAUT32(00000000), ref: 0045A895
                • SysFreeString.OLEAUT32(00000000), ref: 0045A8A4
                • VariantClear.OLEAUT32(00000000), ref: 0045A8B9
                  • Part of subcall function 0045A213: __EH_prolog3_GS.LIBCMT ref: 0045A21D
                  • Part of subcall function 0045A213: VariantClear.OLEAUT32(?), ref: 0045A282
                  • Part of subcall function 00453E6E: VariantCopy.OLEAUT32(?,?), ref: 00453E7F
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Variant$ClearFreeString$_memset$CopyH_prolog3H_prolog3_
                • String ID:
                • API String ID: 3746181197-0
                • Opcode ID: 8e35e4946fcefc9f401716f47352a8312f12b77f76b85590b8a6986ffdec0271
                • Instruction ID: 6f2314d28e0b359a4fa46e8fa986b0c0f316bf448de9c95b394d3cfd5a8aeb89
                • Opcode Fuzzy Hash: 8e35e4946fcefc9f401716f47352a8312f12b77f76b85590b8a6986ffdec0271
                • Instruction Fuzzy Hash: 80512B71D00209DFDB10DFA5C889BDEBBF4BF08305F10466AE415E7292D778A949CB65
                APIs
                • GlobalLock.KERNEL32(?), ref: 00451D1D
                • lstrlenA.KERNEL32(?), ref: 00451D68
                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 00451D82
                • _wcslen.LIBCMT ref: 00451DA6
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ByteCharGlobalLockMultiWide_wcslenlstrlen
                • String ID: System
                • API String ID: 4253822919-3470857405
                • Opcode ID: 2d9e309268fce835a23d862c52ae801c160fe9f852859e8a0ee2364fdeba1a96
                • Instruction ID: 854b8e7d33be7025a64d10d85921d11f83ae385039b4e912af93f270652229d4
                • Opcode Fuzzy Hash: 2d9e309268fce835a23d862c52ae801c160fe9f852859e8a0ee2364fdeba1a96
                • Instruction Fuzzy Hash: 6D4106719001159FCB14DFA4C885BAEF7B9FF04305F14862AE816EB296E738AD89CB54
                APIs
                • _memset.LIBCMT ref: 004449D6
                • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 004449FF
                • GetWindowLongA.USER32(?,000000FC), ref: 00444A11
                • GetWindowLongA.USER32(?,000000FC), ref: 00444A22
                • SetWindowLongA.USER32(?,000000FC,?), ref: 00444A3E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: LongWindow$MessageSend_memset
                • String ID: ,
                • API String ID: 2997958587-3772416878
                • Opcode ID: 66250cc122ee68a603d0c433949aa2750ed19e51c3a11b92ccd9bc5735a6ba7c
                • Instruction ID: 3a091d9c70f755e7b0c034fc99b4f6edf4040c710244ab4af833da885d312dcd
                • Opcode Fuzzy Hash: 66250cc122ee68a603d0c433949aa2750ed19e51c3a11b92ccd9bc5735a6ba7c
                • Instruction Fuzzy Hash: 7431C3706007119FEB20EFB9C885B6FB7E8BF88314B15062EE54597791EB79E800CB58
                APIs
                • __EH_prolog3_GS.LIBCMT ref: 0044EBB5
                • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 0044EC9B
                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0044ECB8
                • RegCloseKey.ADVAPI32(?), ref: 0044ECD8
                • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 0044ECF3
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseEnumH_prolog3_OpenQueryValue
                • String ID: Software\
                • API String ID: 1666054129-964853688
                • Opcode ID: 0e3e1caf30724c9ce2f6f28d3593cdc5c6a19a913469a35c2af612bfed500a57
                • Instruction ID: 17ee51ed91eddfdea9d5bc357ead9283569279ff79a3ff72b72c72268cc9823c
                • Opcode Fuzzy Hash: 0e3e1caf30724c9ce2f6f28d3593cdc5c6a19a913469a35c2af612bfed500a57
                • Instruction Fuzzy Hash: 5941B2309001289BDB21EB62CC45EDEB3B9FF49314F1006EAF145E2191DB789A91CF59
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$_strlen
                • String ID: 00000000$aaaaaaaa
                • API String ID: 1754461053-805725235
                • Opcode ID: a0b3a7c4c8c5a1f5d63ec435080ba83cd2a02c5ea39d252e332601f7d167814c
                • Instruction ID: fe606c033c3258a74c48d97a6b8dd1c35d1bb6a34fbe8dcb7f37c1b9d65e6112
                • Opcode Fuzzy Hash: a0b3a7c4c8c5a1f5d63ec435080ba83cd2a02c5ea39d252e332601f7d167814c
                • Instruction Fuzzy Hash: D831C174908288ABCF00CB54D8917AEBFB16F56319F18C18AE8455B342D7BDEF84C75A
                APIs
                • __EH_prolog3_catch_GS.LIBCMT ref: 0044EA37
                • RegOpenKeyA.ADVAPI32(?,?,?), ref: 0044EAC5
                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0044EAE8
                  • Part of subcall function 0044E9D8: __EH_prolog3.LIBCMT ref: 0044E9DF
                  • Part of subcall function 0044E9D8: _DebugHeapAllocator.LIBCPMTD ref: 0044E9F6
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugEnumH_prolog3H_prolog3_catch_HeapOpen
                • String ID: Software\Classes\
                • API String ID: 751309350-1121929649
                • Opcode ID: 6aba83d741b5fb4b64e110b80558820d6a4dedba588c5ae4d71816ae9a5307bc
                • Instruction ID: 50c0d1c8f1de4dd6cab06b46343f683719d1e28dfd810b6a8aa8ad74f1519ac8
                • Opcode Fuzzy Hash: 6aba83d741b5fb4b64e110b80558820d6a4dedba588c5ae4d71816ae9a5307bc
                • Instruction Fuzzy Hash: 60318E31C001689BEB22EB65CD44BEDB7B4FF18314F0002EAE99973292D6785E94DF95
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 00411455
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 00411482
                • _DebugHeapAllocator.LIBCPMTD ref: 0041150F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap
                • String ID: 340 BN/MB Energy Meter$absolute$volume
                • API String ID: 571936431-3165780595
                • Opcode ID: c9a10075c6430fd263aa75787b29d9f1a36dbb79b8504703d2b671bc0823e029
                • Instruction ID: a4712e841c253f76d64a0f7cb58486a7e0b04f7cf9861e0175f4903966b1733b
                • Opcode Fuzzy Hash: c9a10075c6430fd263aa75787b29d9f1a36dbb79b8504703d2b671bc0823e029
                • Instruction Fuzzy Hash: 7D41FB34A00148EBCB04DB84D299BECB7B1BB48344F7441F9C4882B39ACB765F65E748
                APIs
                • GetCapture.USER32 ref: 0045D436
                • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 0045D451
                • GetFocus.USER32 ref: 0045D466
                • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 0045D474
                • GetLastActivePopup.USER32(?), ref: 0045D49D
                • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 0045D4AA
                  • Part of subcall function 00445E18: GetWindowLongA.USER32(?,000000F0), ref: 00445E3E
                  • Part of subcall function 00445E18: GetParent.USER32(?), ref: 00445E4C
                • SendMessageA.USER32(?,00000111,0000E147,00000000), ref: 0045D4D0
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MessageSend$ActiveCaptureFocusLastLongParentPopupWindow
                • String ID:
                • API String ID: 3338174999-0
                • Opcode ID: e53d5ca7528463756a398d0ec584d6374f73241426bcb32399d1724c0c306980
                • Instruction ID: e6e0532a2f22dac23579d37ebe8bbe4f0032481f324f3460b3533f79d2830be0
                • Opcode Fuzzy Hash: e53d5ca7528463756a398d0ec584d6374f73241426bcb32399d1724c0c306980
                • Instruction Fuzzy Hash: 351186B1D00109FFEF20BBA2CD85C6F7E78EF45349B2040BBF901A2122D7355E559A68
                APIs
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                • _sprintf.LIBCMT ref: 0041A040
                  • Part of subcall function 004041E0: SendMessageA.USER32(?,0000014A,00000453,?), ref: 004041FB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ItemMessageSend_sprintf
                • String ID: 19200$38400$76800$9600$c
                • API String ID: 58168591-496729783
                • Opcode ID: 15a31bc567fb657c459ec13d12854e03e844e5fe3b1c3da98a5962304a9b44d8
                • Instruction ID: eb87c3474eff99088bec8d0f3ba054de0ab75778f54e089752e3ad6bd77a16d6
                • Opcode Fuzzy Hash: 15a31bc567fb657c459ec13d12854e03e844e5fe3b1c3da98a5962304a9b44d8
                • Instruction Fuzzy Hash: F9214174A402099BDB04FF95DC53BBEBB71AB54B04F10042EE6157B2D2CEB52E40C789
                APIs
                • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 0044F079
                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 0044F09C
                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 0044F0B8
                • RegCloseKey.ADVAPI32(?), ref: 0044F0C8
                • RegCloseKey.ADVAPI32(?), ref: 0044F0D2
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseCreate$Open
                • String ID: software
                • API String ID: 1740278721-2010147023
                • Opcode ID: 01d096c33131407e82e30cdae4bfd1f6ed612742c0c5add7efc6d9d8ebbf8a50
                • Instruction ID: a5ea05fa79d90a106f12a1d1b69ffef57e8245b2f6a503086a134c4f10ad7980
                • Opcode Fuzzy Hash: 01d096c33131407e82e30cdae4bfd1f6ed612742c0c5add7efc6d9d8ebbf8a50
                • Instruction Fuzzy Hash: 2211C872D00158BB9B21DBDACD88CDFBFBDEFC9710B1000AAE604A2121D7719A44DB65
                APIs
                • GetMonitorInfoA.USER32(00000002,00000000), ref: 004420E7
                • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 00442110
                • GetSystemMetrics.USER32(00000000), ref: 00442128
                • GetSystemMetrics.USER32(00000001), ref: 0044212F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: System$InfoMetrics$MonitorParameters
                • String ID: B$DISPLAY
                • API String ID: 1842416757-3316187204
                • Opcode ID: 8731948d00e14f0f4a8016c5aa4d12962c6e7021ed6c07e049a568d25b4f1922
                • Instruction ID: 44ce2a69c6ac25ba09c89fd16c4bc18a4bfa01f2f40cb8997acca5eb89c1d19d
                • Opcode Fuzzy Hash: 8731948d00e14f0f4a8016c5aa4d12962c6e7021ed6c07e049a568d25b4f1922
                • Instruction Fuzzy Hash: D811C471600324ABEB119F659D84A5FBBA8EF09B40F448066FE05AA146D2F5CE42CBD5
                APIs
                • GetParent.USER32(?), ref: 00442AB3
                • GetWindowRect.USER32(?,00000000), ref: 00442ACE
                • ScreenToClient.USER32(?,?), ref: 00442AE1
                • ScreenToClient.USER32(?,?), ref: 00442AEA
                • EqualRect.USER32(?,?), ref: 00442AF4
                • DeferWindowPos.USER32(?,?,00000000,?,00000000,?,?,00000014), ref: 00442B1C
                • SetWindowPos.USER32(?,00000000,?,00000000,?,?,00000014), ref: 00442B26
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$ClientRectScreen$DeferEqualParent
                • String ID:
                • API String ID: 443303494-0
                • Opcode ID: 004f2602465f49d8ceadecd56ecafcab737f45138c308b0835f1a017e2819a5a
                • Instruction ID: bd6310a4db86d56a6002da48eb83d2db6662d7904f6a312fa1cb7e880079724f
                • Opcode Fuzzy Hash: 004f2602465f49d8ceadecd56ecafcab737f45138c308b0835f1a017e2819a5a
                • Instruction Fuzzy Hash: 54118F7650021ABFE7118FA5DC48DABB7BDFF88710B14852ABD19D3214E770B940CB64
                APIs
                • LeaveCriticalSection.KERNEL32(?), ref: 004523B4
                • __CxxThrowException@8.LIBCMT ref: 004523BE
                  • Part of subcall function 004652A1: KiUserExceptionDispatcher.NTDLL(000000AC,00000000,00401046,00000000,000000AC,00000000,00000000,?,00401046,00000000), ref: 004652E3
                • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4), ref: 004523D5
                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 004523E2
                  • Part of subcall function 00449471: __CxxThrowException@8.LIBCMT ref: 00449487
                • _memset.LIBCMT ref: 00452401
                • TlsSetValue.KERNEL32(?,00000000,00000000), ref: 00452412
                • LeaveCriticalSection.KERNEL32(00401046,?,00000000,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525,?,?,?,004010A8), ref: 00452433
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CriticalLeaveSection$Exception@8Throw$AllocDispatcherExceptionLocalUserValue_memset
                • String ID:
                • API String ID: 814762356-0
                • Opcode ID: a244f839cbfc035a99a120c1e6d0f7e1294513529d9acc9f13c40e1acfa46f8b
                • Instruction ID: 36b2a7fd7acc1f409b2da5bcb062d7342c116b6775e08b8644b1128c7f118fbc
                • Opcode Fuzzy Hash: a244f839cbfc035a99a120c1e6d0f7e1294513529d9acc9f13c40e1acfa46f8b
                • Instruction Fuzzy Hash: 4211A570100605AFD710AF65DC86C2BBBB9FF05315B50C52EF95A92622CB34ED54CF58
                APIs
                • GetSysColor.USER32(0000000F), ref: 004530BE
                • GetSysColor.USER32(00000010), ref: 004530C5
                • GetSysColor.USER32(00000014), ref: 004530CC
                • GetSysColor.USER32(00000012), ref: 004530D3
                • GetSysColor.USER32(00000006), ref: 004530DA
                • GetSysColorBrush.USER32(0000000F), ref: 004530E7
                • GetSysColorBrush.USER32(00000006), ref: 004530EE
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Color$Brush
                • String ID:
                • API String ID: 2798902688-0
                • Opcode ID: 2f52ea9b900a8dd178302493e5c034e4883fea9c7f9310b0039ef9fd08bbc0e0
                • Instruction ID: 5a34257265e6309f8be1d214d542e463d4bd916f2ec7e9c38f1a6113b3f87aee
                • Opcode Fuzzy Hash: 2f52ea9b900a8dd178302493e5c034e4883fea9c7f9310b0039ef9fd08bbc0e0
                • Instruction Fuzzy Hash: 49F0FE719407485BD730BBB35D09B47BAD5EFC4B10F02092AD2458B990E6B6E441DF44
                APIs
                • __EH_prolog3_GS.LIBCMT ref: 0045A21D
                • VariantClear.OLEAUT32(?), ref: 0045A282
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                • VariantClear.OLEAUT32(?), ref: 0045A4C0
                • VariantClear.OLEAUT32(?), ref: 0045A532
                • VariantClear.OLEAUT32(?), ref: 0045A745
                  • Part of subcall function 00453E6E: VariantCopy.OLEAUT32(?,?), ref: 00453E7F
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                  • Part of subcall function 0045433C: __EH_prolog3.LIBCMT ref: 00454346
                  • Part of subcall function 0045433C: lstrlenA.KERNEL32(?,00000224,0044AF69,?,00000008,?,?,00000048,0044BFE7,?,00000000,00000000,00000000,00000000,00000000,00000066), ref: 00454366
                  • Part of subcall function 0045433C: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 0045436E
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Variant$Clear$AllocAllocatorByteCopyDebugException@8H_prolog3H_prolog3_HeapStringThrowlstrlen
                • String ID:
                • API String ID: 1412249591-0
                • Opcode ID: b83b62a4753b1c5b11a39cc34defd3f7e4193968bbe2dfb2946812317a05aa9e
                • Instruction ID: 5c2e10a0bd046ffbcdea9d6ab299d6f0ac90803e130e59a333ec9f13c3125fbe
                • Opcode Fuzzy Hash: b83b62a4753b1c5b11a39cc34defd3f7e4193968bbe2dfb2946812317a05aa9e
                • Instruction Fuzzy Hash: 19F14F3180010CAACF15DFD5D885AEDBB79AF08306F14819BFC45A7292DF385A9CDB26
                APIs
                • __EH_prolog3_catch_GS.LIBCMT ref: 004618FC
                • lstrlenA.KERNEL32(00000000,000000FF,00000050,0045D719,00000000,00000001,?,?,000000FF,?,?,?,?,?,?,00000034), ref: 0046192E
                  • Part of subcall function 004262B0: _memcpy_s.LIBCMT ref: 004262C3
                • _memset.LIBCMT ref: 004619FE
                • VariantClear.OLEAUT32(?), ref: 00461AD8
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                • String ID:
                • API String ID: 4021759052-0
                • Opcode ID: fe447d4e1641cfe5b0179eb85893e5ffdabf080d814e3d6392bc691843385d0c
                • Instruction ID: 03f8013d81cb99d887b48d86f360fb7ab051b4b46db99d7481d2ccae70eea378
                • Opcode Fuzzy Hash: fe447d4e1641cfe5b0179eb85893e5ffdabf080d814e3d6392bc691843385d0c
                • Instruction Fuzzy Hash: 9EA1C371C0064ADBCF10DFA9C8456AEBBB1FF04314F28415BE414B7261E739AD46DBAA
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 00413C3D
                • _DebugHeapAllocator.LIBCPMTD ref: 00413C6E
                • _DebugHeapAllocator.LIBCPMTD ref: 00413C84
                • _DebugHeapAllocator.LIBCPMTD ref: 00413D1E
                • _DebugHeapAllocator.LIBCPMTD ref: 00413D88
                • _DebugHeapAllocator.LIBCPMTD ref: 00413DFE
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap
                • String ID:
                • API String ID: 571936431-0
                • Opcode ID: e717c76a3c1a9338ae78a2bc3cce0cf5b8bb58d7eb7751d83116ec48869ca618
                • Instruction ID: 9ccda8f11d40823d223b1c3229b4ce8f1fb2a45594950fa322ec0e05d57d6daa
                • Opcode Fuzzy Hash: e717c76a3c1a9338ae78a2bc3cce0cf5b8bb58d7eb7751d83116ec48869ca618
                • Instruction Fuzzy Hash: 87A13B78604259DFCB04CF44D494BEEBB71FF88304F1586E8E8985B386CB31A9A5CB95
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: FreeTaskctype$ClearH_prolog3Variant
                • String ID:
                • API String ID: 151822039-0
                • Opcode ID: 0f27b7139db1c29099dc2f684fab07fc66da4a240cdba2c505cecd864da09873
                • Instruction ID: 76c4605de62aa0a83f790ca548ad88db76cab4a76254b1c498529d4d92897d23
                • Opcode Fuzzy Hash: 0f27b7139db1c29099dc2f684fab07fc66da4a240cdba2c505cecd864da09873
                • Instruction Fuzzy Hash: D9714831600702CFCB20DFA5C9C482AB7F5BF4870A714496EE946DB662CB79EC88CB55
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 00403E7E
                • _DebugHeapAllocator.LIBCPMTD ref: 00403EA8
                • _DebugHeapAllocator.LIBCPMTD ref: 00403EBA
                • _DebugHeapAllocator.LIBCPMTD ref: 00403F50
                • _DebugHeapAllocator.LIBCPMTD ref: 00403FB6
                • _DebugHeapAllocator.LIBCPMTD ref: 00404028
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap
                • String ID:
                • API String ID: 571936431-0
                • Opcode ID: 00265aa1a1726ee4de439d33a1541669f240eb7a454a9b185c385d21bd85cdf6
                • Instruction ID: e289be148ecd1de081c46e730da1fc0d7c8843b43ceb53fe12d0432ffa42898f
                • Opcode Fuzzy Hash: 00265aa1a1726ee4de439d33a1541669f240eb7a454a9b185c385d21bd85cdf6
                • Instruction Fuzzy Hash: D991BD38604548EFCB04DF44D194AD9BBB1FF88344F2582E8E8895B346CB31EEA5DB95
                APIs
                • VariantClear.OLEAUT32(?), ref: 00457444
                • _memset.LIBCMT ref: 00457476
                • _memset.LIBCMT ref: 00457482
                • SysFreeString.OLEAUT32(?), ref: 004574C4
                • SysFreeString.OLEAUT32(?), ref: 004574CE
                • SysFreeString.OLEAUT32(?), ref: 004574D8
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: FreeString$_memset$ClearException@8ThrowVariant
                • String ID:
                • API String ID: 764647935-0
                • Opcode ID: fe51e54ecb12189df6e44c61ad39392b54bd09b485c268ff2310bfcaf1ab94a8
                • Instruction ID: 9611748972b6b69e74fcfdfa131c4d4ad22620066b793155501c8351398f57d9
                • Opcode Fuzzy Hash: fe51e54ecb12189df6e44c61ad39392b54bd09b485c268ff2310bfcaf1ab94a8
                • Instruction Fuzzy Hash: 73417C70D11228FFCB11DFA1D8849DEFB78BF09715F14812BF815A6252D7389A48CBA9
                APIs
                • _memset.LIBCMT ref: 00461D04
                • SysAllocString.OLEAUT32(00000000), ref: 00461D61
                • SysAllocString.OLEAUT32(00000000), ref: 00461D8B
                  • Part of subcall function 0044935D: __EH_prolog3.LIBCMT ref: 00449364
                • SysAllocString.OLEAUT32(00000000), ref: 00461DE0
                • SysAllocString.OLEAUT32(00000000), ref: 00461E0F
                • SysAllocString.OLEAUT32(00000000), ref: 00461E44
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocString$H_prolog3_memset
                • String ID:
                • API String ID: 842698744-0
                • Opcode ID: ab93924d4fc89b9d5c4bfa4f7a2ce4ddf89267d7d68838309c6017021fd9779a
                • Instruction ID: 9ec10ba73300bfbea542675bc7e54896502b6535ea20db92d8f249318e38d459
                • Opcode Fuzzy Hash: ab93924d4fc89b9d5c4bfa4f7a2ce4ddf89267d7d68838309c6017021fd9779a
                • Instruction Fuzzy Hash: 564172709002049FCB20EF35CC91B9AB7B4AF15318F0445AEE955972E2DBB8AD94CF55
                APIs
                • _strcat.LIBCMT ref: 0043FE14
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 0043FE40
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Open_strcat
                • String ID:
                • API String ID: 4290510252-0
                • Opcode ID: 4cb228e1a6ebd55793bbf48ddf0ccdf9b6c4816c6a2145374de03daccc88257b
                • Instruction ID: eb3970b97dd2aebd94ab43021206fe1add32a327ec1744613ba1a34956c9ad3c
                • Opcode Fuzzy Hash: 4cb228e1a6ebd55793bbf48ddf0ccdf9b6c4816c6a2145374de03daccc88257b
                • Instruction Fuzzy Hash: FE3160B090011CABCB14EF51D896BDE7374AF18304F0041AEE509A6291DB78AF84CF99
                APIs
                • ___set_flsgetvalue.LIBCMT ref: 0046719F
                • __calloc_crt.LIBCMT ref: 004671AB
                • __getptd.LIBCMT ref: 004671B8
                • CreateThread.KERNEL32(?,?,004670EB,00000000,?,?), ref: 004671EF
                • GetLastError.KERNEL32(?,?,?,?,?,0043A870,00000000,00000000,0043B1A0,?,00000004,?), ref: 004671F9
                • __dosmaperr.LIBCMT ref: 00467211
                  • Part of subcall function 00467B78: __getptd_noexit.LIBCMT ref: 00467B78
                  • Part of subcall function 00467355: __decode_pointer.LIBCMT ref: 00467360
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                • String ID:
                • API String ID: 1803633139-0
                • Opcode ID: 4cd5daf1ae8d8f0cdda46347df13e44dfd3c39f0af70b9e67c6d3ec684cf3fef
                • Instruction ID: cfb3e9b7afdf2c9369e5bbc8ceb8556cfe4790bad69dfaa92a55e641b29c79c2
                • Opcode Fuzzy Hash: 4cd5daf1ae8d8f0cdda46347df13e44dfd3c39f0af70b9e67c6d3ec684cf3fef
                • Instruction Fuzzy Hash: 2F112272004205AFDB10AFA5CC4289F77A4FF0532CB20046FF51192252FB399E518A6B
                APIs
                • __CreateFrameInfo.LIBCMT ref: 00469767
                  • Part of subcall function 004636DB: __getptd.LIBCMT ref: 004636E9
                  • Part of subcall function 004636DB: __getptd.LIBCMT ref: 004636F7
                • __getptd.LIBCMT ref: 00469771
                  • Part of subcall function 0046A39C: __getptd_noexit.LIBCMT ref: 0046A39F
                  • Part of subcall function 0046A39C: __amsg_exit.LIBCMT ref: 0046A3AC
                • __getptd.LIBCMT ref: 0046977F
                • __getptd.LIBCMT ref: 0046978D
                • __getptd.LIBCMT ref: 00469798
                • _CallCatchBlock2.LIBCMT ref: 004697BE
                  • Part of subcall function 00463780: __CallSettingFrame@12.LIBCMT ref: 004637CC
                  • Part of subcall function 00469865: __getptd.LIBCMT ref: 00469874
                  • Part of subcall function 00469865: __getptd.LIBCMT ref: 00469882
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                • String ID:
                • API String ID: 1602911419-0
                • Opcode ID: 1221248ed1bdbfdd612db988df6e86c11eb01d3d3cce41b17cd70f820d1c56c5
                • Instruction ID: c2592d39f6c1ba38e67e792e092d0ac38757be3657dc9275e59fe15d3634cadc
                • Opcode Fuzzy Hash: 1221248ed1bdbfdd612db988df6e86c11eb01d3d3cce41b17cd70f820d1c56c5
                • Instruction Fuzzy Hash: D811F6B1D00209DFDB01EFA5C446AAD7BB0FF04319F10846AF814A7252EB389A559F5A
                APIs
                • ClientToScreen.USER32(?,?), ref: 00451AC0
                • GetDlgCtrlID.USER32(00000000), ref: 00451AD4
                • GetWindowLongA.USER32(00000000,000000F0), ref: 00451AE4
                • GetWindowRect.USER32(00000000,?), ref: 00451AF6
                • PtInRect.USER32(?,?,?), ref: 00451B06
                • GetWindow.USER32(?,00000005), ref: 00451B13
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$Rect$ClientCtrlLongScreen
                • String ID:
                • API String ID: 1315500227-0
                • Opcode ID: c08a076710e4b03c58cddd5564d193a4484be68284df62dc66d6cb7564e5c0c5
                • Instruction ID: 1e4769f597f42bb12b51e5c05a9d200b560c01622fbfad7adb30600908bae3e4
                • Opcode Fuzzy Hash: c08a076710e4b03c58cddd5564d193a4484be68284df62dc66d6cb7564e5c0c5
                • Instruction Fuzzy Hash: 8A018F32100119BBDB215B95DC08FAF3B2CEF48355F014622FD15D61A1F734E9598B98
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Task$AllocFreeH_prolog3__memset
                • String ID:
                • API String ID: 3303116700-3916222277
                • Opcode ID: 53d3d5df41e563e96bbc36cd159ebccef9f8dc1e895a5425cb68e14633b47adb
                • Instruction ID: c7a47af906409688d1ed4a58b72bee2bcb617163308939024a0344d5749a15db
                • Opcode Fuzzy Hash: 53d3d5df41e563e96bbc36cd159ebccef9f8dc1e895a5425cb68e14633b47adb
                • Instruction Fuzzy Hash: 58C17A70A00604DFDB20DFA9C884AAEB7B5BF88705F24495EE406EB392DB75AC45CF14
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _memset
                • String ID: @$@$AfxFrameOrView90s$AfxMDIFrame90s
                • API String ID: 2102423945-455206835
                • Opcode ID: 60773b6a7c8849c54cb1f66cf3b5c037f7517d62148b0ff4fe72bc0de2000ee7
                • Instruction ID: ed8381327f60e326cde1f0d628b386e4549702b5aed31a8c6e3354852829d0e2
                • Opcode Fuzzy Hash: 60773b6a7c8849c54cb1f66cf3b5c037f7517d62148b0ff4fe72bc0de2000ee7
                • Instruction Fuzzy Hash: BF912671D04209BBEB50DFA4C585BDFBFF8AF48344F24816AF908E6181E7789A45C768
                APIs
                • _strcat.LIBCMT ref: 0043921C
                • _sprintf.LIBCMT ref: 0043936C
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap_sprintf_strcat
                • String ID: %04X$%04X
                • API String ID: 642423276-1309643405
                • Opcode ID: 2837cf3bbd0c03a732f4bed22942a3ec2d3a596fa1256b72b6e985bc9305a1c8
                • Instruction ID: b52c4ba8bcf83e4076334a131e3b5ca91ac3e61219e3428ac1e2f51de4eccbd8
                • Opcode Fuzzy Hash: 2837cf3bbd0c03a732f4bed22942a3ec2d3a596fa1256b72b6e985bc9305a1c8
                • Instruction Fuzzy Hash: B361E4F1C04158A6CF04EFA1EC919BE7B75AF59304F48481FF852911C2E6BC9A15C7A5
                APIs
                • _memset.LIBCMT ref: 0042911B
                  • Part of subcall function 00428B10: _sprintf.LIBCMT ref: 00428B3F
                  • Part of subcall function 00428B10: _sprintf.LIBCMT ref: 00428B84
                  • Part of subcall function 00428B10: _strcat.LIBCMT ref: 00428B9E
                  • Part of subcall function 00428B10: _sprintf.LIBCMT ref: 00428BD4
                  • Part of subcall function 00428B10: _strcat.LIBCMT ref: 00428BEC
                • _memset.LIBCMT ref: 00429050
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _sprintf$_memset_strcat
                • String ID: !5@$,$]
                • API String ID: 256563259-47671299
                • Opcode ID: 467549b9792054e6058f3165e95a7dd0bd2bbf77365cb29d36caaf77da73739a
                • Instruction ID: 3ec60f26b5578ad6129d0b69aa7ea0ddf0aa303e631ee73ad703b0846ef2f0e1
                • Opcode Fuzzy Hash: 467549b9792054e6058f3165e95a7dd0bd2bbf77365cb29d36caaf77da73739a
                • Instruction Fuzzy Hash: 82717C70E04259EBDB04DFD9D851BFEBBB1BF48308F108089E541AB382D7795A45CBA9
                APIs
                • __EH_prolog3_GS.LIBCMT ref: 0044AA25
                • VariantInit.OLEAUT32(?), ref: 0044AAF4
                • DispCallFunc.OLEAUT32(?,00000000,?,00000000,?,?,00000000,?), ref: 0044AB1C
                • VariantClear.OLEAUT32(?), ref: 0044AB28
                  • Part of subcall function 00449061: _malloc.LIBCMT ref: 00449074
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Variant$CallClearDispFuncH_prolog3_Init_malloc
                • String ID: p=<u
                • API String ID: 3652649663-894760207
                • Opcode ID: 01e3dff8118030ae6bdfa2630ca5af73fd74d6f963a68f20fded778cb50f880f
                • Instruction ID: 6923951bb1f72a0b864b966631d07e4b158ed5fc7c14334f6fb41ffdf77e6e0b
                • Opcode Fuzzy Hash: 01e3dff8118030ae6bdfa2630ca5af73fd74d6f963a68f20fded778cb50f880f
                • Instruction Fuzzy Hash: 5531DE72400616DAEB10DBA4C941ABFB3A8EF04745F14441FF952F7240E738DE56CBAA
                APIs
                • GetMenuCheckMarkDimensions.USER32 ref: 00447F4F
                • _memset.LIBCMT ref: 00447FC7
                • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 0044802A
                • LoadBitmapA.USER32(00000000,00007FE3), ref: 00448042
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                • String ID:
                • API String ID: 4271682439-3916222277
                • Opcode ID: a705dee44e6004645bf63757607b658837c20497c5614ab8713e1f938127fb7b
                • Instruction ID: 89455f1c3bbf607bf039cade645a7a69149d2ea71dfee5daf92993c068f7b1b2
                • Opcode Fuzzy Hash: a705dee44e6004645bf63757607b658837c20497c5614ab8713e1f938127fb7b
                • Instruction Fuzzy Hash: 98314771A042199BFB20CF29CC85BA97BB4FB44300F4541BBE548EB281DB788E898B54
                APIs
                • __EH_prolog3_GS.LIBCMT ref: 0045BBD2
                • GetObjectA.GDI32(?,0000003C,?), ref: 0045BC25
                • GetDeviceCaps.GDI32(?,0000005A), ref: 0045BC97
                • OleCreateFontIndirect.OLEAUT32(00000020,0048E874), ref: 0045BCC4
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                • String ID:
                • API String ID: 2429671754-3916222277
                • Opcode ID: 7cb88758f8290e0cc8939719fabe21caf4de70195d4a5030a389ba66a8566b75
                • Instruction ID: a7feaa88ac41cd42dd33097f4a955578505d093f68675674b765e729e986625c
                • Opcode Fuzzy Hash: 7cb88758f8290e0cc8939719fabe21caf4de70195d4a5030a389ba66a8566b75
                • Instruction Fuzzy Hash: BA418074D002489EDB10DFE6C985ADDBBB0FF18304F10412FE859AB292E7785A48CF59
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 00433477
                  • Part of subcall function 00433050: _sprintf.LIBCMT ref: 004330BD
                  • Part of subcall function 00433050: _strcat.LIBCMT ref: 004330D5
                  • Part of subcall function 00433050: _sprintf.LIBCMT ref: 00433147
                  • Part of subcall function 00433050: _memset.LIBCMT ref: 00433192
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _sprintf$AllocatorDebugHeap_memset_strcat
                • String ID: #E@$'B"4$EF0D2%0.4X$Unable To Set Address
                • API String ID: 680977032-536319441
                • Opcode ID: e9085f83ffc8fda95a908db367f27263fcc20cb43d0d07997735bb2f663129c1
                • Instruction ID: e760681eeba0207de8936b75d94c7365c85ec65df05e821dcd179afc3cb4ce42
                • Opcode Fuzzy Hash: e9085f83ffc8fda95a908db367f27263fcc20cb43d0d07997735bb2f663129c1
                • Instruction Fuzzy Hash: DD21B570D0424CAACB15EFA4C952BEEBBB4AB19314F20416EF551772C1D6785B04CBA9
                APIs
                • LoadResource.KERNEL32(00000000,@A,@A,?,004140E6,00000000), ref: 004141BE
                • LockResource.KERNEL32(00000000), ref: 004141D8
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Resource$LoadLock
                • String ID: @A$@A
                • API String ID: 1037334470-2649864049
                • Opcode ID: 9651bd1d1994220022ecf60322682174db1c3021f2dff7eeb4d696d9779f9d83
                • Instruction ID: a46f710952c0f88c48d871ca1662d242d009b510da0018254c141872a37309f9
                • Opcode Fuzzy Hash: 9651bd1d1994220022ecf60322682174db1c3021f2dff7eeb4d696d9779f9d83
                • Instruction Fuzzy Hash: AA21B974E00109EFCF04DFA4C584AEEB7B5BB88344F2089A9E816AB204D734AFC1DB55
                APIs
                • RegOpenKeyExA.ADVAPI32(00000002,00000000,00000000,00020006,'B"4,Software\DataIndustrial\,?,00000001), ref: 0043FFDE
                • RegSetValueExA.ADVAPI32('B"4,00000000,00000000,00000003,00000001,00000004,?,00000001), ref: 00440013
                • RegFlushKey.ADVAPI32('B"4,?,00000001), ref: 00440031
                • RegCloseKey.ADVAPI32('B"4,?,00000001), ref: 0044003B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID: 'B"4
                • API String ID: 2510291871-3921257376
                • Opcode ID: e1c3e1fc1480248240580da580a458f13d9a9481445cceeefc2cfff2102a9183
                • Instruction ID: 4c65d5fa4c75592212e5b2dde58bd3e3e8f24af230005fe8534540bc385f461b
                • Opcode Fuzzy Hash: e1c3e1fc1480248240580da580a458f13d9a9481445cceeefc2cfff2102a9183
                • Instruction Fuzzy Hash: 07116374A00208EBDB14DF94D945FAEB7B8BF04300F108169E505AB280CB75EF45DBA5
                APIs
                • SysStringLen.OLEAUT32(00000000), ref: 004534FE
                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0046172C,?,00000018,00461A6A,?,?,?), ref: 00453517
                • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 0045351E
                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,0046172C,?,00000018,00461A6A,?,?,?), ref: 0045353D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Byte$CharMultiStringWide$Alloc
                • String ID: P?<up=<u
                • API String ID: 3384502665-951417710
                • Opcode ID: 1b77749753b2e5215f3daf325f7096661109835dd3cfb7947f81aedfba6ea371
                • Instruction ID: 46c916c645b1131f098c700ecbab0db379f73d8a24cf4b5b7662441b7dd096e3
                • Opcode Fuzzy Hash: 1b77749753b2e5215f3daf325f7096661109835dd3cfb7947f81aedfba6ea371
                • Instruction Fuzzy Hash: F0F08C75502128BF9B221FA2DC48CEFBE6CEF8A3E57104026FD0992210D2304E41DAF4
                APIs
                • Sleep.KERNEL32(0000000A,00000003,?,00438471,34224227), ref: 00440999
                • SetCommState.KERNEL32('B"4,'B"4,?,00438471,34224227), ref: 004409BB
                • Sleep.KERNEL32(0000000A,?,00438471,34224227), ref: 004409C3
                • SetCommState.KERNEL32('B"4,'B"4,?,00438471,34224227), ref: 004409E8
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CommSleepState
                • String ID: 'B"4
                • API String ID: 4009662234-3921257376
                • Opcode ID: 32ccebb9606f19f463747ed6996e877d7f2097795d2b3d0db3490cc80473b88a
                • Instruction ID: df91c084735d15c2f3d2837639194602a9cb7c1d3815bbb5736991e8ceec7b4e
                • Opcode Fuzzy Hash: 32ccebb9606f19f463747ed6996e877d7f2097795d2b3d0db3490cc80473b88a
                • Instruction Fuzzy Hash: 4501E874A00204EFD708CFA8DA85A59B7B9FB49311B2006D8F91997391C730AE409B55
                APIs
                • __EH_prolog3.LIBCMT ref: 00477A69
                • std::bad_exception::bad_exception.LIBCMT ref: 00477A86
                  • Part of subcall function 004779DB: std::runtime_error::runtime_error.LIBCPMTD ref: 004779E6
                • __CxxThrowException@8.LIBCMT ref: 00477A94
                  • Part of subcall function 004652A1: KiUserExceptionDispatcher.NTDLL(000000AC,00000000,00401046,00000000,000000AC,00000000,00000000,?,00401046,00000000), ref: 004652E3
                • std::runtime_error::runtime_error.LIBCPMTD ref: 00477AA5
                  • Part of subcall function 0043D770: std::exception::exception.LIBCMT ref: 0043D79D
                Strings
                • invalid string position, xrefs: 00477A6E
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: std::runtime_error::runtime_error$DispatcherExceptionException@8H_prolog3ThrowUserstd::bad_exception::bad_exceptionstd::exception::exception
                • String ID: invalid string position
                • API String ID: 237274152-1799206989
                • Opcode ID: c55b7798b92d7ab5358c290618f06dc21a6175ac5f0f62c1be902d080715c0f4
                • Instruction ID: 8bdb5f38932b1a34e1d6db57dad3426f4701a39d09add446044a6021d34fb2a0
                • Opcode Fuzzy Hash: c55b7798b92d7ab5358c290618f06dc21a6175ac5f0f62c1be902d080715c0f4
                • Instruction Fuzzy Hash: 13F065729002186BCB10FBD2C841EDEBB7CAF14765F54482FB704A7141DBB99914C7AD
                APIs
                • __getptd.LIBCMT ref: 004694A8
                  • Part of subcall function 0046A39C: __getptd_noexit.LIBCMT ref: 0046A39F
                  • Part of subcall function 0046A39C: __amsg_exit.LIBCMT ref: 0046A3AC
                • __getptd.LIBCMT ref: 004694B9
                • __getptd.LIBCMT ref: 004694C7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __getptd$__amsg_exit__getptd_noexit
                • String ID: MOC$csm
                • API String ID: 803148776-1389381023
                • Opcode ID: a605b4a34cc7aba31f775f88fa413fc401c3f43c29a714661b2496d2673289a7
                • Instruction ID: 7c42ba0f1b4d4b08c56e08eeb48492e64089ffee3d49b5c284288f52ab811ee7
                • Opcode Fuzzy Hash: a605b4a34cc7aba31f775f88fa413fc401c3f43c29a714661b2496d2673289a7
                • Instruction Fuzzy Hash: 4DE04F351146049FD710EB65C446B6A3398FB58319F1900A7E80CDB722FB7CFCA5994B
                APIs
                • __IsNonwritableInCurrentImage.LIBCMT ref: 00467080
                  • Part of subcall function 004717F0: __FindPESection.LIBCMT ref: 0047184B
                • __getptd_noexit.LIBCMT ref: 00467090
                • __freeptd.LIBCMT ref: 0046709A
                • ExitThread.KERNEL32 ref: 004670A3
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                • String ID: ~(D
                • API String ID: 3182216644-2378348395
                • Opcode ID: 950923acdd5b94fa30161208094f068fec9f19aa5a6481d972e1b681bd89b088
                • Instruction ID: ae4f5b6f8e48a559ce31108a185d82eb336ea8180636c7afa0e272e6449e19e8
                • Opcode Fuzzy Hash: 950923acdd5b94fa30161208094f068fec9f19aa5a6481d972e1b681bd89b088
                • Instruction Fuzzy Hash: F4D0123441CA069AD6243B76FC5F71E3658AB40799F54042AB504D81A2FF78E8D1D63F
                APIs
                • ___libm_error_support.LIBCMT ref: 00464B35
                  • Part of subcall function 0046F1E7: __decode_pointer.LIBCMT ref: 0046F223
                • __ctrlfp.LIBCMT ref: 0046F4C0
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ___libm_error_support__ctrlfp__decode_pointer
                • String ID:
                • API String ID: 1769108671-0
                • Opcode ID: 40647578c275f92b053a159c128502b690bf29025e929dc0f0d175d4bc536132
                • Instruction ID: 258f301d52890eb4e8aa506d0792a6a9a8c9c5dcafbc8b970ebbe2ded2ede7ed
                • Opcode Fuzzy Hash: 40647578c275f92b053a159c128502b690bf29025e929dc0f0d175d4bc536132
                • Instruction Fuzzy Hash: 5C514A71808605A5DF116B29F8462AE7BA4FF84350F10CB6FF8C851192FF389958C31B
                APIs
                • __EH_prolog3.LIBCMT ref: 0045BD08
                • SendMessageA.USER32(?,00000138,?,?), ref: 0045BD84
                • GetBkColor.GDI32(?), ref: 0045BD8D
                • GetTextColor.GDI32(?), ref: 0045BD99
                • GetThreadLocale.KERNEL32(0000F1C0,00000014), ref: 0045BE2F
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Color$H_prolog3LocaleMessageSendTextThread
                • String ID:
                • API String ID: 187318432-0
                • Opcode ID: bb8ebfc02d7da07848e2ceb52a9a7ab560bf7e568cb481ed02f946d4c4c735a2
                • Instruction ID: ce56e39956b8a274437b702accc0665b131ee4e106bb2af858475e43981b7012
                • Opcode Fuzzy Hash: bb8ebfc02d7da07848e2ceb52a9a7ab560bf7e568cb481ed02f946d4c4c735a2
                • Instruction Fuzzy Hash: 3C419331500745DFCB14DF74C855AA973B0FF08315F14891EF9569B2E2D778A849CB89
                APIs
                • GlobalAlloc.KERNEL32(00000022,?,?,00000020,00000000,34224227), ref: 0043AA11
                  • Part of subcall function 00451280: __EH_prolog3_catch_GS.LIBCMT ref: 0045128A
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocGlobalH_prolog3_catch_
                • String ID:
                • API String ID: 2390357414-0
                • Opcode ID: aff466ebb67eb30f3cc8f029160691128dd37ea6f1db12073327868d2836acb6
                • Instruction ID: 0ea67d1bb2cac0ec1125bc570fddf0e0fa05c5b63c528dd741f277560c70cc41
                • Opcode Fuzzy Hash: aff466ebb67eb30f3cc8f029160691128dd37ea6f1db12073327868d2836acb6
                • Instruction Fuzzy Hash: BA410A71D00208EFCB04EFE5D985BEEB7B4FF08314F20825AE511A7291D7786A49DB99
                APIs
                • lstrlenW.KERNEL32(00000000,?), ref: 004263C1
                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042640E
                • GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 00426420
                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00426441
                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00426482
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ByteCharMultiWide$ErrorLastlstrlen
                • String ID:
                • API String ID: 3322701435-0
                • Opcode ID: 0e9f4bc482e39fbd60b20404129b3360a88358f24d0b0aa093167673c7e62588
                • Instruction ID: bfcd7f105cbe859b3ba8a4a94324c4cb5ba7c046820981a1d8ac50aba89edcb8
                • Opcode Fuzzy Hash: 0e9f4bc482e39fbd60b20404129b3360a88358f24d0b0aa093167673c7e62588
                • Instruction Fuzzy Hash: 5F313EB5A40218BFDB00DF98DC86FAF77B9FB48704F108558F919AB381D675A940CB98
                APIs
                • __EH_prolog3.LIBCMT ref: 004454A5
                • GetTopWindow.USER32(?), ref: 004454CA
                • GetDlgCtrlID.USER32(00000000), ref: 004454D9
                • SendMessageA.USER32(?,00000087,00000000,00000000), ref: 00445532
                • GetWindow.USER32(00000000,00000002), ref: 00445572
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$CtrlH_prolog3MessageSend
                • String ID:
                • API String ID: 849854284-0
                • Opcode ID: 714e3fc35a201028d008842848e5d0e056dd99bf74804be057da8c9ed005b18e
                • Instruction ID: ec16a19d8a8b61b289e050c9202f1a71190ed6a68c5f707a0d26a4f7259feb7e
                • Opcode Fuzzy Hash: 714e3fc35a201028d008842848e5d0e056dd99bf74804be057da8c9ed005b18e
                • Instruction Fuzzy Hash: A821B471800508BBEF21EBA5DC859FEB675EF44714F14421BF459E3255EB384E41CB58
                APIs
                • GetMapMode.GDI32(?,?,?,?,?,?,00456111,?,00000000,0000001C,00456A80), ref: 0045E8B7
                • GetDeviceCaps.GDI32(?,00000058), ref: 0045E8F1
                • GetDeviceCaps.GDI32(?,0000005A), ref: 0045E8FA
                  • Part of subcall function 004506C0: MulDiv.KERNEL32(?,00000000,00000000), ref: 00450702
                  • Part of subcall function 004506C0: MulDiv.KERNEL32(?,00000000,00000000), ref: 0045071F
                • MulDiv.KERNEL32(?,000009EC,00000060), ref: 0045E91E
                • MulDiv.KERNEL32(00000000,000009EC,?), ref: 0045E929
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CapsDevice$Mode
                • String ID:
                • API String ID: 696222070-0
                • Opcode ID: b62e47bff58c37333e9ec05aecacef1331f39384bd61fe9ce14d44110877a9bb
                • Instruction ID: 5a692d68a864da2f2e1c247564c5fae5959a6ab3a31ec03cf8cc4c87c3e76aff
                • Opcode Fuzzy Hash: b62e47bff58c37333e9ec05aecacef1331f39384bd61fe9ce14d44110877a9bb
                • Instruction Fuzzy Hash: 37115535600204AFDB216F56CC44C1EBBE9EF88311B11002AFE8557331C770AD41DF54
                APIs
                • GetMapMode.GDI32(?,00000000,?,?,?,?,00456155,?), ref: 0045E947
                • GetDeviceCaps.GDI32(?,00000058), ref: 0045E981
                • GetDeviceCaps.GDI32(?,0000005A), ref: 0045E98A
                  • Part of subcall function 00450655: MulDiv.KERNEL32(?,00000000,00000000), ref: 00450697
                  • Part of subcall function 00450655: MulDiv.KERNEL32(?,00000000,00000000), ref: 004506B4
                • MulDiv.KERNEL32(?,00000060,000009EC), ref: 0045E9AE
                • MulDiv.KERNEL32(00000000,?,000009EC), ref: 0045E9B9
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CapsDevice$Mode
                • String ID:
                • API String ID: 696222070-0
                • Opcode ID: b0be30a8d708399d1fbe4aa771ade66aabd38a666cebac80847e1225d9d3be94
                • Instruction ID: 0d9a9560088ab368dc90d90d97ca92731ef154bcabd79781d1cd107f4cc88491
                • Opcode Fuzzy Hash: b0be30a8d708399d1fbe4aa771ade66aabd38a666cebac80847e1225d9d3be94
                • Instruction Fuzzy Hash: 5E110275600204AFDB219F16CC44C1EBBE9EF89751B11442AFE8557371C770ED458F54
                APIs
                • lstrlenA.KERNEL32(?,?,?), ref: 004518EB
                • _memset.LIBCMT ref: 00451908
                • GetWindowTextA.USER32(00000000,00000000,00000100), ref: 00451922
                • lstrcmpA.KERNEL32(00000000,?,?,?), ref: 00451934
                • SetWindowTextA.USER32(00000000,?), ref: 00451940
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                • String ID:
                • API String ID: 289641511-0
                • Opcode ID: 1c19c55d5a38a52b7a9455c909f45118606fe9d3f80575472e0b0e0ff55094b4
                • Instruction ID: 7ba4056915fb91faa47469c5f901d40e5d340e5d2735b93502afc047a91388a8
                • Opcode Fuzzy Hash: 1c19c55d5a38a52b7a9455c909f45118606fe9d3f80575472e0b0e0ff55094b4
                • Instruction Fuzzy Hash: D201D6F2600118A7D720AFA5DD84FDF77ACEB58351F0001B6FA05D7252DA749E88CB68
                APIs
                • __getptd.LIBCMT ref: 0046D789
                  • Part of subcall function 0046A39C: __getptd_noexit.LIBCMT ref: 0046A39F
                  • Part of subcall function 0046A39C: __amsg_exit.LIBCMT ref: 0046A3AC
                • __amsg_exit.LIBCMT ref: 0046D7A9
                • __lock.LIBCMT ref: 0046D7B9
                • InterlockedDecrement.KERNEL32(?), ref: 0046D7D6
                • InterlockedIncrement.KERNEL32(02521660), ref: 0046D801
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                • String ID:
                • API String ID: 4271482742-0
                • Opcode ID: e1e1443a8bdb3709790893178aea433581e7d61ceb47e67a91babd5be778ee4d
                • Instruction ID: 8ee99afdff7b3b531ed69a31eefb0b73ca864e01e78b4a9b5e040759ef343d4f
                • Opcode Fuzzy Hash: e1e1443a8bdb3709790893178aea433581e7d61ceb47e67a91babd5be778ee4d
                • Instruction Fuzzy Hash: 68015B31E00611ABDB21AB66D84675AB760BB04719F04456BE81467790EB2C6941CBDF
                APIs
                • __lock.LIBCMT ref: 00464E29
                  • Part of subcall function 0046F85D: __mtinitlocknum.LIBCMT ref: 0046F873
                  • Part of subcall function 0046F85D: __amsg_exit.LIBCMT ref: 0046F87F
                  • Part of subcall function 0046F85D: EnterCriticalSection.KERNEL32(0040101D,0040101D,?,004703D5,00000004,004990D8,0000000C,0046F5DB,00000078,0040102C,00000000,00000000,00000000,?,0046A34E,00000001), ref: 0046F887
                • ___sbh_find_block.LIBCMT ref: 00464E34
                • ___sbh_free_block.LIBCMT ref: 00464E43
                • HeapFree.KERNEL32(00000000,00000078,00498D20,0000000C,0046F83E,00000000,004990B8,0000000C,0046F878,00000078,0040101D,?,004703D5,00000004,004990D8,0000000C), ref: 00464E73
                • GetLastError.KERNEL32(?,004703D5,00000004,004990D8,0000000C,0046F5DB,00000078,0040102C,00000000,00000000,00000000,?,0046A34E,00000001,00000214), ref: 00464E84
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                • String ID:
                • API String ID: 2714421763-0
                • Opcode ID: a1f0fabd2b5efe0b7f58e8efdad3efd74c78c39295dc3852b6e7fe82437a1ae8
                • Instruction ID: 3b7ea283b7e2d488caeec84a9a883b5590c9a9c7f9259a33789099b9c9422cd2
                • Opcode Fuzzy Hash: a1f0fabd2b5efe0b7f58e8efdad3efd74c78c39295dc3852b6e7fe82437a1ae8
                • Instruction Fuzzy Hash: 0C018F71904311AAEF206BB2EC0AB5E3B64AF45768F10057FF408A71D1FB3D99408A5F
                APIs
                • TlsFree.KERNEL32(?,?,?,00452678), ref: 0045263A
                • GlobalHandle.KERNEL32(?), ref: 00452648
                • GlobalUnlock.KERNEL32(00000000), ref: 00452651
                • GlobalFree.KERNEL32(00000000), ref: 00452658
                • DeleteCriticalSection.KERNEL32(?,?,?,00452678), ref: 00452662
                  • Part of subcall function 0045245C: EnterCriticalSection.KERNEL32(?), ref: 004524BB
                  • Part of subcall function 0045245C: LeaveCriticalSection.KERNEL32(?), ref: 004524CB
                  • Part of subcall function 0045245C: LocalFree.KERNEL32(?), ref: 004524D4
                  • Part of subcall function 0045245C: TlsSetValue.KERNEL32(?,00000000), ref: 004524E6
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                • String ID:
                • API String ID: 1549993015-0
                • Opcode ID: 97c288111af79df9388fb22ef2a6dc5698f87728c8cc247db560a0df0e44ec2d
                • Instruction ID: 016a2542a45b61353e96cc751077d07e95a678735dea29d7a3c491355685b045
                • Opcode Fuzzy Hash: 97c288111af79df9388fb22ef2a6dc5698f87728c8cc247db560a0df0e44ec2d
                • Instruction Fuzzy Hash: A3F0B4322001005BC7205B2AAD48E1B36A9EF8A72231506AAF859D32A2CF74DC4B876C
                APIs
                  • Part of subcall function 004686E1: _doexit.LIBCMT ref: 004686ED
                • ___set_flsgetvalue.LIBCMT ref: 004670F1
                  • Part of subcall function 0046A1AE: TlsGetValue.KERNEL32(00000078,0046A33A,?,00000078,00467B7D,0046774F,?,x'B"4,00441427,x'B"4,?,?,004028BC,x'B"4,?,0040102C), ref: 0046A1B7
                  • Part of subcall function 0046A1AE: __decode_pointer.LIBCMT ref: 0046A1C9
                  • Part of subcall function 0046A1AE: TlsSetValue.KERNEL32(00000000,00000078,00467B7D,0046774F,?,x'B"4,00441427,x'B"4,?,?,004028BC,x'B"4,?,0040102C,00000078,34224227), ref: 0046A1D8
                • ___fls_getvalue@4.LIBCMT ref: 004670FC
                  • Part of subcall function 0046A18E: TlsGetValue.KERNEL32(?,?,00467101,00000000), ref: 0046A19C
                • ___fls_setvalue@8.LIBCMT ref: 0046710F
                  • Part of subcall function 0046A1E2: __decode_pointer.LIBCMT ref: 0046A1F3
                • GetLastError.KERNEL32(00000000,?,00000000), ref: 00467118
                • ExitThread.KERNEL32 ref: 0046711F
                • GetCurrentThreadId.KERNEL32 ref: 00467125
                • __freefls@4.LIBCMT ref: 00467145
                • __IsNonwritableInCurrentImage.LIBCMT ref: 00467158
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                • String ID:
                • API String ID: 132634196-0
                • Opcode ID: 315146cb0bf65e01d1a82a91bee2affba0442addaaf970f62b231e00358cdbd2
                • Instruction ID: cfb3d1006aa828753fab7ffe80bf966b043edf3bfe17dd6c2d2cd74b2dc28b72
                • Opcode Fuzzy Hash: 315146cb0bf65e01d1a82a91bee2affba0442addaaf970f62b231e00358cdbd2
                • Instruction Fuzzy Hash: A7E01A31844615679F0037B38C0A8CF361D9E16349F10055ABA20A3102FA2C99A14AAF
                APIs
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB03
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB17
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB2B
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB3F
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB53
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB67
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB7B
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042AB8F
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABA3
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABB7
                  • Part of subcall function 0042AAF0: _strcat.LIBCMT ref: 0042ABCE
                • SafeRWList.LIBCMTD ref: 00404CA6
                  • Part of subcall function 00405700: LoadBitmapA.USER32(00000000,?), ref: 00405723
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strcat$BitmapListLoadSafe
                • String ID: %0.0f$%0.0f$%0.2f
                • API String ID: 3922484042-1063181134
                • Opcode ID: 188c32a4041e3dbd60fb17ffaffa4020473dd63ae83f92d59cce7111be9d2bb4
                • Instruction ID: 3807c42b7cd7196817849efa8963e7099d4024e76d513c32d0fb4fc3d7ccf22f
                • Opcode Fuzzy Hash: 188c32a4041e3dbd60fb17ffaffa4020473dd63ae83f92d59cce7111be9d2bb4
                • Instruction Fuzzy Hash: 93F14170A402289BEB24EB11CC66BEDB771AF41704F5041EEA2497B2D2DE781F85CF59
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CtrlFocus
                • String ID: %0.6f$V
                • API String ID: 1223567573-2425903621
                • Opcode ID: 88c5fdec30074034ecc387379e1e22393c9bbd37ace8396a61d34604746ec4d7
                • Instruction ID: 459d93cfa5df061fde8fda73ffc4dd88d441be0b51f598d03cf79dce94b2af96
                • Opcode Fuzzy Hash: 88c5fdec30074034ecc387379e1e22393c9bbd37ace8396a61d34604746ec4d7
                • Instruction Fuzzy Hash: 32A16B71E00108EFDB14DFA5D894AEDB7B1BF48305F20816EE5196B252DB39AE81CF48
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus
                • String ID: %0.6f$>
                • API String ID: 2734777837-3555832687
                • Opcode ID: 4d76beb3bb3b1479cf91f26954a7a6244b73a9206182580353c624a701b54103
                • Instruction ID: b1ba770274a106606e0451a44ce2af73de4794def586af1863834b8aa6c8c665
                • Opcode Fuzzy Hash: 4d76beb3bb3b1479cf91f26954a7a6244b73a9206182580353c624a701b54103
                • Instruction Fuzzy Hash: 0F914B70D00208EBDB14DFA5D98199EBBB5BF44305F20812EE5596B292EF38AD85CF48
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus
                • String ID: %0.6f$>
                • API String ID: 2734777837-3555832687
                • Opcode ID: fef29e6f1a149bf2c0427eeee689c65f234b6f3fdc2131b9e725390a94e1c58f
                • Instruction ID: 98bc1ce66a603a901f31153f4091af6f7808cad3a7eea824b2e8388a19330bc8
                • Opcode Fuzzy Hash: fef29e6f1a149bf2c0427eeee689c65f234b6f3fdc2131b9e725390a94e1c58f
                • Instruction Fuzzy Hash: 51915F71D00208DFDB14DFA5D880ADDBBB6BF48305F20812EE5196B252DB39AE81CF58
                APIs
                • EnumPortsA.WINSPOOL.DRV(00000000,00000001,00000000,00000000,00000000,00000000), ref: 00427036
                • EnumPortsA.WINSPOOL.DRV(00000000,00000001,?,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00427067
                • _strlen.LIBCMT ref: 0042709F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: EnumPorts$_strlen
                • String ID: COM
                • API String ID: 2944935944-4061234284
                • Opcode ID: 56252ddd72a976743433584a9dc0f1c61d4078f01f01b80591e532b0d22d4b4c
                • Instruction ID: a78aec901b756a6cf7a5963414ef65ac1c0f5176ab73e7b861cbbf8da4b7509e
                • Opcode Fuzzy Hash: 56252ddd72a976743433584a9dc0f1c61d4078f01f01b80591e532b0d22d4b4c
                • Instruction Fuzzy Hash: 4F314DB0E00219ABDF04DF95D882BFEB7B5AF48304F50401AE505BB381D739AA54CFA9
                APIs
                  • Part of subcall function 00441BDB: __EH_prolog3_catch.LIBCMT ref: 00441BE2
                  • Part of subcall function 00441BDB: FindResourceA.KERNEL32(?,?,00000005), ref: 00441C15
                  • Part of subcall function 00441BDB: LoadResource.KERNEL32(?,00000000), ref: 00441C1D
                  • Part of subcall function 00441BDB: LockResource.KERNEL32(?,00000024,004070BD,34224227), ref: 00441C2E
                • std::bad_exception::~bad_exception.LIBCMTD ref: 00424B85
                  • Part of subcall function 0044C6AB: __EH_prolog3.LIBCMT ref: 0044C6B2
                  • Part of subcall function 004260D0: SysFreeString.OLEAUT32(?), ref: 004260DD
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Resource$FindFreeH_prolog3H_prolog3_catchLoadLockStringstd::bad_exception::~bad_exception
                • String ID: 'B"4$N2Address$Target N2 Addr is %d (<a href="#" id="ButtonChangeN2Address">Change</a>)&nbsp;&nbsp; <a href="#" id="ButtonN2AdvancedSettings"> N2 Advanced Settings</a>
                • API String ID: 3877251721-3572533329
                • Opcode ID: 54d39fb809ebdd0c77e4becb08e3a211b860bafcebd1a2dd8cafe2d514aefa3d
                • Instruction ID: 1124bc20949d36206e7221e947b23241af0361b604fe6c15a38a0ed6fb89ed7c
                • Opcode Fuzzy Hash: 54d39fb809ebdd0c77e4becb08e3a211b860bafcebd1a2dd8cafe2d514aefa3d
                • Instruction Fuzzy Hash: 62318F70D00268DFDB14DB60DD52BEEBB74EB11318F1041EAE4096B682DB782B84CFA5
                APIs
                  • Part of subcall function 00440990: Sleep.KERNEL32(0000000A,00000003,?,00438471,34224227), ref: 00440999
                  • Part of subcall function 00440990: SetCommState.KERNEL32('B"4,'B"4,?,00438471,34224227), ref: 004409BB
                  • Part of subcall function 00440990: Sleep.KERNEL32(0000000A,?,00438471,34224227), ref: 004409C3
                  • Part of subcall function 00440990: SetCommState.KERNEL32('B"4,'B"4,?,00438471,34224227), ref: 004409E8
                  • Part of subcall function 00413FC0: _DebugHeapAllocator.LIBCPMTD ref: 00414015
                  • Part of subcall function 00438E40: Sleep.KERNEL32(000001F4,000000FF,00000001,34224227,000000FF), ref: 00438E9D
                  • Part of subcall function 00438E40: Sleep.KERNEL32(00000032,000000FF,00000001,00000000), ref: 00438F4D
                • _memset.LIBCMT ref: 004383AD
                • _strncpy.LIBCMT ref: 004383D9
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Sleep$CommState$AllocatorDebugHeap_memset_strncpy
                • String ID: >$350WSv
                • API String ID: 3055410610-994709992
                • Opcode ID: 90ee9c5875b3d377ee74e34e68db9120287a0f9dee8f955f0baf3ced1a9ac85d
                • Instruction ID: ad075a360a31e515e1ed2dc126a37891c54f89ff67c8fe89c9a480a698446fcf
                • Opcode Fuzzy Hash: 90ee9c5875b3d377ee74e34e68db9120287a0f9dee8f955f0baf3ced1a9ac85d
                • Instruction Fuzzy Hash: 853145F1A002189BC754DF55DC42B9DB7B0BB58304F4041DDF609A7282DB359A95CF9D
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020019,?,34224227), ref: 0043F995
                • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000003,?,0000003C), ref: 0043F9D5
                • RegCloseKey.ADVAPI32(?), ref: 0043F9EA
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseOpenQueryValue
                • String ID: <
                • API String ID: 3677997916-4251816714
                • Opcode ID: 8b79cffb182d96ef2934bc8d409573aea475aa5753d7df60df76025cb8d2ebca
                • Instruction ID: f3f51389bf617c8c7771dcc0673ca987731546ac747469b7f91097c075a9928f
                • Opcode Fuzzy Hash: 8b79cffb182d96ef2934bc8d409573aea475aa5753d7df60df76025cb8d2ebca
                • Instruction Fuzzy Hash: 15312071D00208EFDB04DF95C955BEEB7B9FF08714F10822AE519AB2C0DB786A45CB94
                APIs
                • _memset.LIBCMT ref: 004016AB
                • _memset.LIBCMT ref: 004016F2
                • _strncpy.LIBCMT ref: 0040170F
                • _memset.LIBCMT ref: 004017A8
                • _memset.LIBCMT ref: 00401834
                • _DebugHeapAllocator.LIBCPMTD ref: 004018C1
                • Sleep.KERNEL32(00000064,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000100,00000004), ref: 004018EE
                  • Part of subcall function 00402930: SendMessageA.USER32(?,00000180,00000000,004013A8), ref: 00402949
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 004483E3: EnableWindow.USER32(?,00000478), ref: 004483F4
                Strings
                • Error Reading - Readback Halted!, xrefs: 00401720
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _memset$AllocatorDebugEnableHeapItemMessageSendSleepWindow_strncpy
                • String ID: Error Reading - Readback Halted!
                • API String ID: 2025228377-132749742
                • Opcode ID: 06f623165e084434d2b8ab83ddb300711fe5e1b5af70a4c0934ef81b4b729b90
                • Instruction ID: 9bfd5a0ccdff2cdd2f8ad659a68b51ebd5a106becdb4e59eb73e36c3525b6ed8
                • Opcode Fuzzy Hash: 06f623165e084434d2b8ab83ddb300711fe5e1b5af70a4c0934ef81b4b729b90
                • Instruction Fuzzy Hash: E63152B1A00218ABDB24EB61DC56BEDB371AF48704F0042DEB249662D2DE795A84CF49
                APIs
                • _memset.LIBCMT ref: 00401409
                • _memset.LIBCMT ref: 00401450
                • _strncpy.LIBCMT ref: 0040146D
                • _memset.LIBCMT ref: 00401500
                • _memset.LIBCMT ref: 00401587
                • _DebugHeapAllocator.LIBCPMTD ref: 00401614
                • Sleep.KERNEL32(00000064,00000000,'B"4,?,?,?,?,?,?,?,?,?,?,00000100,00000004), ref: 00401641
                  • Part of subcall function 00402930: SendMessageA.USER32(?,00000180,00000000,004013A8), ref: 00402949
                  • Part of subcall function 00448140: GetDlgItem.USER32(00441920,?), ref: 00448151
                  • Part of subcall function 004483E3: EnableWindow.USER32(?,00000478), ref: 004483F4
                • _memset.LIBCMT ref: 004016AB
                • _memset.LIBCMT ref: 004016F2
                • _strncpy.LIBCMT ref: 0040170F
                Strings
                • Error Reading - Readback Halted!, xrefs: 0040147E
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _memset$_strncpy$AllocatorDebugEnableHeapItemMessageSendSleepWindow
                • String ID: Error Reading - Readback Halted!
                • API String ID: 772255215-132749742
                • Opcode ID: 625e4602a5e0a6b2233a3b494a1d622da2ec9e896a21dc68fb7918916fc99dbc
                • Instruction ID: bc5c46f0ccc5b53e6637e453e28bd36a27c5ea9d4afb19a7af4daaeb73e8099c
                • Opcode Fuzzy Hash: 625e4602a5e0a6b2233a3b494a1d622da2ec9e896a21dc68fb7918916fc99dbc
                • Instruction Fuzzy Hash: 9C2141B1A00218ABDB14EB51DC56BEDB371AF48704F0042DEB2492A2D2DBB95E84CF49
                APIs
                  • Part of subcall function 00441BDB: __EH_prolog3_catch.LIBCMT ref: 00441BE2
                  • Part of subcall function 00441BDB: FindResourceA.KERNEL32(?,?,00000005), ref: 00441C15
                  • Part of subcall function 00441BDB: LoadResource.KERNEL32(?,00000000), ref: 00441C1D
                  • Part of subcall function 00441BDB: LockResource.KERNEL32(?,00000024,004070BD,34224227), ref: 00441C2E
                • std::bad_exception::~bad_exception.LIBCMTD ref: 00424B85
                  • Part of subcall function 0044C6AB: __EH_prolog3.LIBCMT ref: 0044C6B2
                  • Part of subcall function 004260D0: SysFreeString.OLEAUT32(?), ref: 004260DD
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Resource$FindFreeH_prolog3H_prolog3_catchLoadLockStringstd::bad_exception::~bad_exception
                • String ID: 'B"4$N2Address$Target N2 Addr is %d (<a href="#" id="ButtonChangeN2Address">Change</a>)&nbsp;&nbsp; <a href="#" id="ButtonN2AdvancedSettings"> N2 Advanced Settings</a>
                • API String ID: 3877251721-3572533329
                • Opcode ID: 9f15743aa2c4875e65ce4fad49361946aa4ef87bda65929ccb3b99e0f50d61eb
                • Instruction ID: 30a3e391e91000bff3b9bce3f0a7c2301ae903ff69902de1e8d0ffcb1b6d0b44
                • Opcode Fuzzy Hash: 9f15743aa2c4875e65ce4fad49361946aa4ef87bda65929ccb3b99e0f50d61eb
                • Instruction Fuzzy Hash: 69316F70D00168DBDB14EB60DD52BEDBB74AB11308F5081EAE40D67682DB792F44CFA4
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _strncmp
                • String ID: ASCII$RTU
                • API String ID: 909875538-2040530475
                • Opcode ID: d812ab69abaf1d00387d6362cee1c419206bfec15fdc6b49ca489e7a6ba00f70
                • Instruction ID: c2debb16332c58afff7249c5bfa722732433a62689a84993ccdb3967980d219f
                • Opcode Fuzzy Hash: d812ab69abaf1d00387d6362cee1c419206bfec15fdc6b49ca489e7a6ba00f70
                • Instruction Fuzzy Hash: 6B2154F4A0020CEBD710DF55CC92B9EB3B5AB48709F1085EAE6056B281D7799F45CF89
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _memset$_strcat
                • String ID:
                • API String ID: 3890841777-3916222277
                • Opcode ID: faabc16d64e09a05c2dea458042d8d4906e07d554c98f260904bbe273d323f16
                • Instruction ID: dc11bd50ea4dd567d4e92ac5467883ee7ddcbfbce56ed24b62159428946017c8
                • Opcode Fuzzy Hash: faabc16d64e09a05c2dea458042d8d4906e07d554c98f260904bbe273d323f16
                • Instruction Fuzzy Hash: 941160B5D0021CABC714EF51DC42FDAB378AB68304F0045AAB64967281EEB46BC4CF99
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 00428408
                  • Part of subcall function 004284A0: __mbstowcs_l.LIBCMTD ref: 004284CE
                  • Part of subcall function 004284A0: __mbstowcs_l.LIBCMTD ref: 004284E9
                • _DebugHeapAllocator.LIBCPMTD ref: 0042844A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap__mbstowcs_l
                • String ID: 'B"4$'B"4
                • API String ID: 926563806-1347724834
                • Opcode ID: b975d7df5251b861e5b62de3eed4565614a577f5715de75949eb74aa6c14ab9c
                • Instruction ID: 17e928eee90def8fc962ae8545ad653da16681e99e28d87ee26c5236cc8cc93b
                • Opcode Fuzzy Hash: b975d7df5251b861e5b62de3eed4565614a577f5715de75949eb74aa6c14ab9c
                • Instruction Fuzzy Hash: 6F1121B1A00109ABCB04EF95DD51BAF77B8FB44714F50462EF826A72C1DF34AA04CB98
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 0040EE45
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 0040EE72
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap
                • String ID: absolute$energy
                • API String ID: 571936431-2123794115
                • Opcode ID: 72609f16b034ca5d2253d50c5fcffb23f83a7c71bfb65cf8cd8c6904140968f2
                • Instruction ID: 38e01a9a6b312b6bf991f2faee531d6bb61aadf12c8d33231c9321ca3f8c626f
                • Opcode Fuzzy Hash: 72609f16b034ca5d2253d50c5fcffb23f83a7c71bfb65cf8cd8c6904140968f2
                • Instruction Fuzzy Hash: 1421EA30A00608EBCB44DB84D695BEDB775BF48344F7441F8D4883B39ACA365EA5E748
                APIs
                • SysStringLen.OLEAUT32(?), ref: 0045355B
                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00453574
                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0045358D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ByteCharMultiWide$String
                • String ID: P?<up=<u
                • API String ID: 1441863543-951417710
                • Opcode ID: a573c4a0e16f33980d93f45060c1ca0d5fbe832058e1735e3848c7e40addd712
                • Instruction ID: 8c192795bec943376cbe457f1cc8a43126e7a40a848100960026f3112350fb55
                • Opcode Fuzzy Hash: a573c4a0e16f33980d93f45060c1ca0d5fbe832058e1735e3848c7e40addd712
                • Instruction Fuzzy Hash: A2F0F476102228BB9B216B629C48CEFBF6DEE8A2A47108026FD0956111DA349E41CAF4
                APIs
                  • Part of subcall function 0045271F: EnterCriticalSection.KERNEL32(004A0FB0,?,?,?,?,00452046,00000010,00000008,0044A048,00449FEB,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452759
                  • Part of subcall function 0045271F: InitializeCriticalSection.KERNEL32(-004A0E18,?,?,?,?,00452046,00000010,00000008,0044A048,00449FEB,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 0045276B
                  • Part of subcall function 0045271F: LeaveCriticalSection.KERNEL32(004A0FB0,?,?,?,?,00452046,00000010,00000008,0044A048,00449FEB,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452778
                  • Part of subcall function 0045271F: EnterCriticalSection.KERNEL32(-004A0E18,?,?,?,?,00452046,00000010,00000008,0044A048,00449FEB,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452788
                  • Part of subcall function 0045202B: __EH_prolog3_catch.LIBCMT ref: 00452032
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 00445CC6
                • FreeLibrary.KERNEL32(?), ref: 00445CD6
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                • String ID: HtmlHelpA$hhctrl.ocx
                • API String ID: 3274081130-63838506
                • Opcode ID: 17053291f0fc61d012ff5a6e497f84c9ac986e8bbf0dc92f5a7fb981d45daa5b
                • Instruction ID: 2e8518bf9eabbd275c76804f0aabdece834a23178779a81b9260d4dff6cfeb7e
                • Opcode Fuzzy Hash: 17053291f0fc61d012ff5a6e497f84c9ac986e8bbf0dc92f5a7fb981d45daa5b
                • Instruction Fuzzy Hash: 32012631100B02ABEF213FA2CD86B5B3BA4AF04721F10882FF91A95193CB78C810971D
                APIs
                • ___BuildCatchObject.LIBCMT ref: 00469AFF
                  • Part of subcall function 00469A5A: ___BuildCatchObjectHelper.LIBCMT ref: 00469A90
                • _UnwindNestedFrames.LIBCMT ref: 00469B16
                • ___FrameUnwindToState.LIBCMT ref: 00469B24
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                • String ID: csm
                • API String ID: 2163707966-1018135373
                • Opcode ID: c8a9549cd0a77dfc4bf863bc610066bbc331d21abffcd6e6f18e8c56f12b46f4
                • Instruction ID: 00232a7b4312c036171517d98f36c66383313d8f7fb2626bd09c2f839bdf071d
                • Opcode Fuzzy Hash: c8a9549cd0a77dfc4bf863bc610066bbc331d21abffcd6e6f18e8c56f12b46f4
                • Instruction Fuzzy Hash: FC012831000149BBDF125F52DC45EAA7F6AFF04354F004016BD0815121EBBAADA1DBAA
                APIs
                • GetModuleHandleA.KERNEL32(?), ref: 00452ACB
                • GetProcAddress.KERNEL32(00000000,AfxmReleaseManagedReferences), ref: 00452ADB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressHandleModuleProc
                • String ID: AfxmReleaseManagedReferences$mfcm90.dll
                • API String ID: 1646373207-1752160237
                • Opcode ID: 2a493ea6c65ff03ea1982048faf376608396990b41272614639d3355e42f1ff1
                • Instruction ID: fdcde949bd6f2a1646190be79250aae1245c1fcf8fed812ca1188d7c9b784b79
                • Opcode Fuzzy Hash: 2a493ea6c65ff03ea1982048faf376608396990b41272614639d3355e42f1ff1
                • Instruction Fuzzy Hash: 95F08271600309AB8B00EFBA9C459AFB7ACFF9D311700487BB915E7252DA74D90487E8
                APIs
                • GetModuleHandleA.KERNEL32(KERNEL32,00463A59), ref: 0046B6E7
                • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0046B6F7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressHandleModuleProc
                • String ID: IsProcessorFeaturePresent$KERNEL32
                • API String ID: 1646373207-3105848591
                • Opcode ID: 7c5f81eb98a103caf30af77857b4916df3dec17942a6a6fbfe72c483c0391881
                • Instruction ID: 692a3ef17617a2513ec292bcb6129a7c64900aab8848532007809b61a3527035
                • Opcode Fuzzy Hash: 7c5f81eb98a103caf30af77857b4916df3dec17942a6a6fbfe72c483c0391881
                • Instruction Fuzzy Hash: 28F01D30A00A0992DF006BB1BC4A26F7AB8FBC4742F9105A1D296E0194DF7484B5839A
                APIs
                • __EH_prolog3.LIBCMT ref: 0045EDEC
                  • Part of subcall function 00441404: _malloc.LIBCMT ref: 00441422
                • __CxxThrowException@8.LIBCMT ref: 0045EE25
                  • Part of subcall function 0045158A: __EH_prolog3.LIBCMT ref: 00451591
                  • Part of subcall function 0045158A: _DebugHeapAllocator.LIBCPMTD ref: 004515C5
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: H_prolog3$AllocatorDebugException@8HeapThrow_malloc
                • String ID: 'B"4$'B"4
                • API String ID: 1785623389-1347724834
                • Opcode ID: c9481a208b8306895a0c20cd7ad0b5dc362e2a2643cc5182eb8de3914f104ee1
                • Instruction ID: d4e72fbdb02b69899db69d5a85ec5d24aa9b7731511a42170f5b753ea80a5857
                • Opcode Fuzzy Hash: c9481a208b8306895a0c20cd7ad0b5dc362e2a2643cc5182eb8de3914f104ee1
                • Instruction Fuzzy Hash: 99F0443150020DBBCF05AFA5C806A9E3F65BF04355F14842EB9189A1A2DB398A549B54
                APIs
                • _fabs.LIBCMT ref: 00433AB9
                  • Part of subcall function 0046478C: __ctrlfp.LIBCMT ref: 004647A5
                  • Part of subcall function 0046478C: __except1.LIBCMT ref: 004647F0
                • _fabs.LIBCMT ref: 00433AE4
                • _fabs.LIBCMT ref: 00433B5D
                  • Part of subcall function 0046478C: __ctrlfp.LIBCMT ref: 0046480D
                • _fabs.LIBCMT ref: 00433B8E
                  • Part of subcall function 0046478C: __ctrlfp.LIBCMT ref: 0046481B
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _fabs$__ctrlfp$__except1
                • String ID:
                • API String ID: 2681160250-0
                • Opcode ID: a7d1dbb7497cd53b3e6064ef69343de579442684bbff290ab4ef5e37e3cdc6e4
                • Instruction ID: cf3b1f9e67a339db6b7956122c4906515f15dbf1c7c2dd48f09f75feab6c91d9
                • Opcode Fuzzy Hash: a7d1dbb7497cd53b3e6064ef69343de579442684bbff290ab4ef5e37e3cdc6e4
                • Instruction Fuzzy Hash: 6AB14030200104EBDB18CF14D494BA97B62BF89756F54C1AAECD84F386D738DA96CB55
                APIs
                • IsWindowVisible.USER32(?), ref: 00459915
                • GetDesktopWindow.USER32 ref: 00459925
                • GetWindowRect.USER32(?,?), ref: 0045993E
                • GetWindowRect.USER32(?,?), ref: 0045994A
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$Rect$DesktopException@8ThrowVisible
                • String ID:
                • API String ID: 719863476-0
                • Opcode ID: 12b13e89cce9f7f2473be1a272ba30823549cd196ee3604e65cac7a773d20318
                • Instruction ID: 47a31b03e77056ad4bef61714c3ddf5e8d8d4e03c8b5a1a10559909146536484
                • Opcode Fuzzy Hash: 12b13e89cce9f7f2473be1a272ba30823549cd196ee3604e65cac7a773d20318
                • Instruction Fuzzy Hash: 8D51E8B5A0020AEFCB00EFE9C985CAEB7B9FF48705B14485DE906E7251DA35AD44CB24
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da72f23acb61ce20279c40864aa1a5734e5e06cbf5003312ea42bda1b7a8e92e
                • Instruction ID: a5d7645b91700d2bdafd2d36e1efe12f53f8ab59844035ba667281e070e6f83e
                • Opcode Fuzzy Hash: da72f23acb61ce20279c40864aa1a5734e5e06cbf5003312ea42bda1b7a8e92e
                • Instruction Fuzzy Hash: 72514CB1A00219EFDB10DFA5C880A6ABBB4FF08355F10816BEE45AB352D734DD44CB94
                APIs
                • _memset.LIBCMT ref: 0045F0E3
                  • Part of subcall function 004480C1: __cftof.LIBCMT ref: 004480D2
                • GetFileTime.KERNEL32(?,?,?,?), ref: 0045F11A
                • GetFileSizeEx.KERNEL32(?,?), ref: 0045F132
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: File$SizeTime__cftof_memset
                • String ID:
                • API String ID: 2749391713-0
                • Opcode ID: a15b347888a7ed075fe039a1f3c149f1415231bd28c9767d9822a51998eedc49
                • Instruction ID: abe02ae6edfb39699d95c831c398823b1b9bf6ad273d7a230743fc1d323637c3
                • Opcode Fuzzy Hash: a15b347888a7ed075fe039a1f3c149f1415231bd28c9767d9822a51998eedc49
                • Instruction Fuzzy Hash: 64514D71500605DFCB20DF65C941DABB7F8FF08321B148A2EE9A6D3691E734E948CB69
                APIs
                • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00448821
                • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00448886
                • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004488CB
                • SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 004488F4
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MessageSend
                • String ID:
                • API String ID: 3850602802-0
                • Opcode ID: ae9570647e65b1034ec68b089713cc76af72c486d3e43b9da546ff14bd1e6e27
                • Instruction ID: e18557a186cc09cdf29cb9b9e7395e2951ac3e501c9e9655d52a612866bc9b96
                • Opcode Fuzzy Hash: ae9570647e65b1034ec68b089713cc76af72c486d3e43b9da546ff14bd1e6e27
                • Instruction Fuzzy Hash: 6A319E30940219BBEB25EF55C881EAF7BA9EF45394F50806FF9059B212DE38DD40DB98
                APIs
                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00475780
                • __isleadbyte_l.LIBCMT ref: 004757B4
                • MultiByteToWideChar.KERNEL32(00000080,00000009,0046407B,?,00000000,00000000,?,?,?,?,0046407B,00000000,?), ref: 004757E5
                • MultiByteToWideChar.KERNEL32(00000080,00000009,0046407B,00000001,00000000,00000000,?,?,?,?,0046407B,00000000,?), ref: 00475853
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                • String ID:
                • API String ID: 3058430110-0
                • Opcode ID: f24c58c5df856a6314e41ba859820eac09b8c894dc8973596072e07c4c4ed9bb
                • Instruction ID: 990eca7366638088619b7b2b22de0e918342ee43e4da6e5a7c6897080f5d208c
                • Opcode Fuzzy Hash: f24c58c5df856a6314e41ba859820eac09b8c894dc8973596072e07c4c4ed9bb
                • Instruction Fuzzy Hash: 2531DF30A00645EFDB24DF64C884AEE3BA5EF01310F15C9AAF4698F2A1E374DD40CB59
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __msize_malloc
                • String ID:
                • API String ID: 1288803200-0
                • Opcode ID: c7ef6356b460a01f74b6a5034816a9ab1fded20ea7146a9a121d17600ec5e91d
                • Instruction ID: 27ba87944cebc8d01ef2fa061a5528695e5752772ca8efb9396ae9023cc90861
                • Opcode Fuzzy Hash: c7ef6356b460a01f74b6a5034816a9ab1fded20ea7146a9a121d17600ec5e91d
                • Instruction Fuzzy Hash: D621D9321006019FCB29AF35D58165B77A1BF02716710852FEC188B297DB78DD55DBCC
                APIs
                • VariantClear.OLEAUT32(?), ref: 004541E3
                • SafeArrayCreate.OLEAUT32(?,?,00000000), ref: 004541EE
                • SafeArrayGetElemsize.OLEAUT32(00000000), ref: 0045420D
                  • Part of subcall function 00449471: __CxxThrowException@8.LIBCMT ref: 00449487
                • SafeArrayGetElemsize.OLEAUT32(?), ref: 00454265
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ArraySafe$Elemsize$ClearCreateException@8ThrowVariant
                • String ID:
                • API String ID: 430961931-0
                • Opcode ID: f39915e308377033f7fe124de2051fd88a3027545b2ed558bd23189b9080e2ab
                • Instruction ID: f0061044b2553da074b2c435732addc4f5fbd093fbbef7bd3c5b4a0038495177
                • Opcode Fuzzy Hash: f39915e308377033f7fe124de2051fd88a3027545b2ed558bd23189b9080e2ab
                • Instruction Fuzzy Hash: 78214932500214ABDB209F96DC04AAF77BDEFC53AAF04416FFC1847212D7789D85CA69
                APIs
                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,34224227), ref: 00425FC8
                • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00425FEC
                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?), ref: 00426011
                • SysFreeString.OLEAUT32(00000000), ref: 00426026
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ByteCharMultiStringWide$AllocFree
                • String ID:
                • API String ID: 447844807-0
                • Opcode ID: 490591fca93c6ab7cf5a0827a28f4962ff4b6452f117eaafcc391f4b972050c4
                • Instruction ID: a623855393678367a6a77f8ad196303124eb010c32ba3a377b13326fd1f4242d
                • Opcode Fuzzy Hash: 490591fca93c6ab7cf5a0827a28f4962ff4b6452f117eaafcc391f4b972050c4
                • Instruction Fuzzy Hash: D3310C71E00208EFDB04DFA9D985BDEBBB5FB48324F108619F915A7280D7396944CF58
                APIs
                  • Part of subcall function 004404F0: GetObjectA.GDI32(00000000,0000003C,?), ref: 00440504
                • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00020006,?,?,34224227), ref: 00440223
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,0000003C), ref: 0044025F
                • RegFlushKey.ADVAPI32(?), ref: 0044027D
                • RegCloseKey.ADVAPI32(?), ref: 00440287
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushObjectOpenValue
                • String ID:
                • API String ID: 1049847542-0
                • Opcode ID: 1a6476763d5ad29373b9d15dd201a04d855554822cdd4e84ff4711c23159ffca
                • Instruction ID: 5fff2a94735c3f95d78f1f864c927e8771d3f9f56826105520ff2dcc93adadf7
                • Opcode Fuzzy Hash: 1a6476763d5ad29373b9d15dd201a04d855554822cdd4e84ff4711c23159ffca
                • Instruction Fuzzy Hash: D03150B0A00258DFDB14DFD4C999BAEB7B9FB08710F10426DE515AB2C0DB78AE44CB94
                APIs
                • GetTopWindow.USER32(?), ref: 0045DA10
                  • Part of subcall function 004485EB: GetWindow.USER32(?,?), ref: 004485F7
                • GetParent.USER32(?), ref: 0045D998
                • GetWindowLongA.USER32(?,000000EC), ref: 0045D9D2
                • IsWindowVisible.USER32(?), ref: 0045D9EB
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$LongParentVisible
                • String ID:
                • API String ID: 506644340-0
                • Opcode ID: d050b20faf5f4d9b34fab25e2a2bb019756c75c207c841cdfa03908e37637313
                • Instruction ID: eb5dc1e81bccf9cb393029a0be2043d9868205a8afdc55e9bd777ef4bface45b
                • Opcode Fuzzy Hash: d050b20faf5f4d9b34fab25e2a2bb019756c75c207c841cdfa03908e37637313
                • Instruction Fuzzy Hash: F311B772B046107BEB326B668C05B6F7659AF84B96F05012AFC45A7253EA28DC0583DC
                APIs
                • CharNextA.USER32(?), ref: 0045AC1F
                  • Part of subcall function 0046906D: __ismbcspace_l.LIBCMT ref: 00469077
                • CharNextA.USER32(00000000), ref: 0045AC3C
                • __wcstoi64.LIBCMT ref: 0045AC67
                • __wcstoui64.LIBCMT ref: 0045AC6E
                  • Part of subcall function 00468224: strtoxl.LIBCMT ref: 00468246
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CharNext$__ismbcspace_l__wcstoi64__wcstoui64strtoxl
                • String ID:
                • API String ID: 1826523842-0
                • Opcode ID: 46f2a1244bec4120df3ed0faa37010be5290a439c5174c0feccc2ba4e44312b6
                • Instruction ID: 5744f030161b072786e9adaa998355d7017854d364a0f1d8d552c98a5ce5caa5
                • Opcode Fuzzy Hash: 46f2a1244bec4120df3ed0faa37010be5290a439c5174c0feccc2ba4e44312b6
                • Instruction Fuzzy Hash: B52127715002056BC731AB768C41BABB7E89F19346F14026BF980D7242EB78DD958B6F
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ArrayDestroyFreeSafeTask
                • String ID:
                • API String ID: 3253174383-0
                • Opcode ID: 79b5931eab92dccdc155eb03fdcb981c8d8073a5a6cae57fa49bdd1f1ef9465a
                • Instruction ID: 3dd30e3eeed2f7cee5a67fbcbab54fa7836c454eea8b8c06b23ad470802d416c
                • Opcode Fuzzy Hash: 79b5931eab92dccdc155eb03fdcb981c8d8073a5a6cae57fa49bdd1f1ef9465a
                • Instruction Fuzzy Hash: 9211633010120A9BEB244F65C888B6A7768EF04B53B18056EFC45EB252CF3ADC46CE58
                APIs
                • RegCreateKeyExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,000F003F,00000000,?,00000000,34224227), ref: 0043EB3B
                • RegFlushKey.ADVAPI32(?), ref: 0043EB6D
                • RegCloseKey.ADVAPI32(?), ref: 0043EB77
                • _DebugHeapAllocator.LIBCPMTD ref: 0043EB87
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorCloseCreateDebugFlushHeap
                • String ID:
                • API String ID: 2969613702-0
                • Opcode ID: 012f9e35fb76c664f0f7761605cf2e82aa60ab19936fc8fe3184d969b2b51e69
                • Instruction ID: 28be066cd838f5a6ab31b6bf392053988ccd9eec81c08a65604a93965dd9d8f0
                • Opcode Fuzzy Hash: 012f9e35fb76c664f0f7761605cf2e82aa60ab19936fc8fe3184d969b2b51e69
                • Instruction Fuzzy Hash: E82130B1A00209EBDB14DF95CD45BEEB7B8FB08714F104269F515A72C0DB78A945CBA8
                APIs
                • __EH_prolog3.LIBCMT ref: 00448E9F
                  • Part of subcall function 00441404: _malloc.LIBCMT ref: 00441422
                • __CxxThrowException@8.LIBCMT ref: 00448ED5
                • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,8007000E,00000000,00000000,00000000,?,8007000E,00496914,00000004,0040287C,8007000E), ref: 00448F00
                  • Part of subcall function 004480C1: __cftof.LIBCMT ref: 004480D2
                • LocalFree.KERNEL32(8007000E,8007000E), ref: 00448F29
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow__cftof_malloc
                • String ID:
                • API String ID: 1808948168-0
                • Opcode ID: 563c9665a620caef3c6ac07eb6ec512f519d19737422b72450b18d1d225f7284
                • Instruction ID: e522b15511c22024e6bd097aeb210d19c956de337e810ae84eebe69222f9cece
                • Opcode Fuzzy Hash: 563c9665a620caef3c6ac07eb6ec512f519d19737422b72450b18d1d225f7284
                • Instruction Fuzzy Hash: 1111A771504249AFEB00DFA4CC41DAE3BA9EB08354F24857EF529CB291DB35CD50CB18
                APIs
                • FindResourceA.KERNEL32(?,00000000,00000005), ref: 00441967
                • LoadResource.KERNEL32(?,00000000), ref: 0044196F
                • LockResource.KERNEL32(00000000), ref: 00441981
                • FreeResource.KERNEL32(00000000), ref: 004419CF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Resource$FindFreeLoadLock
                • String ID:
                • API String ID: 1078018258-0
                • Opcode ID: c89d03847242c1dfbb22c70dec157ca934d1dd28a3c05d060a25452ba2952f9c
                • Instruction ID: 5c84573c0e8a2cd837bf1293b2d0ee65c195fbd941ad7928d6814a1ebc09324e
                • Opcode Fuzzy Hash: c89d03847242c1dfbb22c70dec157ca934d1dd28a3c05d060a25452ba2952f9c
                • Instruction Fuzzy Hash: F81104B5100750EFE7248F56C858AB7B3B8FF44315F10816AE886537A0E378ED80D7A4
                APIs
                • __EH_prolog3.LIBCMT ref: 0044DDB8
                  • Part of subcall function 0044E611: __EH_prolog3.LIBCMT ref: 0044E618
                • __strdup.LIBCMT ref: 0044DDDA
                • GetCurrentThread.KERNEL32 ref: 0044DE07
                • GetCurrentThreadId.KERNEL32 ref: 0044DE10
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CurrentH_prolog3Thread$__strdup
                • String ID:
                • API String ID: 4206445780-0
                • Opcode ID: 5ac000d8bb77c2836a872ed0c7c01e31bd2658ae8599d9276679df639718a8f3
                • Instruction ID: bb5df094088d72810470b30934ae87dfd6b8a43bb43771952d23004a648980c9
                • Opcode Fuzzy Hash: 5ac000d8bb77c2836a872ed0c7c01e31bd2658ae8599d9276679df639718a8f3
                • Instruction Fuzzy Hash: E8216DB0801B40CFE7219F7A854564AFBE8BFA4704F10895FD19AC7A22DBB9A441DF49
                APIs
                • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00446791
                • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 004467BC
                • GetCapture.USER32 ref: 004467CE
                • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 004467DD
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MessageSend$Capture
                • String ID:
                • API String ID: 1665607226-0
                • Opcode ID: a3ff0c039471542cea543b0ee52b84d34fb195420ebf586a8eb2cdc5a35d2f08
                • Instruction ID: f7263b290a8d53cc2b6b492acea85974f6ae364d5c9ae3edee84953cf4c78216
                • Opcode Fuzzy Hash: a3ff0c039471542cea543b0ee52b84d34fb195420ebf586a8eb2cdc5a35d2f08
                • Instruction Fuzzy Hash: A60184313406547BEF302B639CCDF9B3E7AEBCAF54F150079B6049A1A7C9A58C40D664
                APIs
                • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 0044F15F
                • RegCloseKey.ADVAPI32(00000000), ref: 0044F168
                • swprintf.LIBCMT ref: 0044F185
                • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 0044F196
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClosePrivateProfileStringValueWriteswprintf
                • String ID:
                • API String ID: 22681860-0
                • Opcode ID: 9a473c861e859781fa155397416a32367aa8ede838dceb7dfdc41e8899bd8e8e
                • Instruction ID: 99f630bcaae2a2fa44a739870b5abfd750d9623df5fe2218a201802c0908abf1
                • Opcode Fuzzy Hash: 9a473c861e859781fa155397416a32367aa8ede838dceb7dfdc41e8899bd8e8e
                • Instruction Fuzzy Hash: 2201C472500209BBEB10AF65CC41FBF77ACAF48714F11042AFA05E7151DA78ED0587A9
                APIs
                • FindResourceA.KERNEL32(?,?,000000F0), ref: 0044F6D9
                • LoadResource.KERNEL32(?,00000000), ref: 0044F6E5
                • LockResource.KERNEL32(00000000), ref: 0044F6F3
                • FreeResource.KERNEL32(00000000), ref: 0044F721
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Resource$FindFreeLoadLock
                • String ID:
                • API String ID: 1078018258-0
                • Opcode ID: a66dfd2ac065b5a4bcce8d3a8b622af2bd5f8eb4d84c97fa06eb32d4f37261db
                • Instruction ID: 1efcae6892355680b023e17b174bd7306132d65cff1f89b43c5d3a15562ddf1c
                • Opcode Fuzzy Hash: a66dfd2ac065b5a4bcce8d3a8b622af2bd5f8eb4d84c97fa06eb32d4f37261db
                • Instruction Fuzzy Hash: 64118C71200205EFEB108FA6C888AAEBBB9EF08355F05807AF90597260CB79DD45CF24
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 0044008E
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000004), ref: 004400C3
                • RegFlushKey.ADVAPI32(?), ref: 004400E1
                • RegCloseKey.ADVAPI32(?), ref: 004400EB
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID:
                • API String ID: 2510291871-0
                • Opcode ID: e1c3e1fc1480248240580da580a458f13d9a9481445cceeefc2cfff2102a9183
                • Instruction ID: 6a606b614cb2eebafacefd653d9453d37a85cf6518c2efdeb74e7509d4a56238
                • Opcode Fuzzy Hash: e1c3e1fc1480248240580da580a458f13d9a9481445cceeefc2cfff2102a9183
                • Instruction Fuzzy Hash: 11116074A00208EBDB04DF90D985FAEB7B8AF04300F108159E605AB280CB75EE44DBA9
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 0044013E
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000004), ref: 00440173
                • RegFlushKey.ADVAPI32(?), ref: 00440191
                • RegCloseKey.ADVAPI32(?), ref: 0044019B
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID:
                • API String ID: 2510291871-0
                • Opcode ID: e1c3e1fc1480248240580da580a458f13d9a9481445cceeefc2cfff2102a9183
                • Instruction ID: 0f866fd3c7aaf34d1b1c9ce9b66de0bc9862e151236a7a58843f6c012b41ec6d
                • Opcode Fuzzy Hash: e1c3e1fc1480248240580da580a458f13d9a9481445cceeefc2cfff2102a9183
                • Instruction Fuzzy Hash: 76116074A00208EFDB14DF90C985FAEB7B8AF04304F108159E905AB280CB75EF44DBA9
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 004402EE
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000008), ref: 00440323
                • RegFlushKey.ADVAPI32(?), ref: 00440341
                • RegCloseKey.ADVAPI32(?), ref: 0044034B
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID:
                • API String ID: 2510291871-0
                • Opcode ID: 6e76b412d51b42ee8d1f688bd33732b259ff8bd1dc73529201fa9529e64499b6
                • Instruction ID: ec4a57ac4304cb4ed2c7a3c8735839cd42ae13aba99a33800bc78e9cf1dc930e
                • Opcode Fuzzy Hash: 6e76b412d51b42ee8d1f688bd33732b259ff8bd1dc73529201fa9529e64499b6
                • Instruction Fuzzy Hash: FE113074A00208EBDB14DF95C995FAEBBB8BF04304F108159E905AB281CB75EE45DBA5
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 0044039E
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000008), ref: 004403D3
                • RegFlushKey.ADVAPI32(?), ref: 004403F1
                • RegCloseKey.ADVAPI32(?), ref: 004403FB
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID:
                • API String ID: 2510291871-0
                • Opcode ID: 6e76b412d51b42ee8d1f688bd33732b259ff8bd1dc73529201fa9529e64499b6
                • Instruction ID: 3ce149642853ec695655ef9319edc8c6431c3982f3667a297ae00dd11cc61fde
                • Opcode Fuzzy Hash: 6e76b412d51b42ee8d1f688bd33732b259ff8bd1dc73529201fa9529e64499b6
                • Instruction Fuzzy Hash: B6115E74A00208EBDB14DF94C995FAEBBB8BB04304F108159E905AB281CB75EE44DBA5
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 0044044E
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000010), ref: 00440483
                • RegFlushKey.ADVAPI32(?), ref: 004404A1
                • RegCloseKey.ADVAPI32(?), ref: 004404AB
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID:
                • API String ID: 2510291871-0
                • Opcode ID: 35bebcb334d776018704d17a89b1660ca6170add006a800693030afc90be4599
                • Instruction ID: 56bc7636d0ac2f5325b6b9894636711aa95786bc253faa4c7c605fcb2cbc6818
                • Opcode Fuzzy Hash: 35bebcb334d776018704d17a89b1660ca6170add006a800693030afc90be4599
                • Instruction Fuzzy Hash: C7116074A00208EBDB14DF94C995FAFB7B8AF04300F108159E605AB281CBB5EE44DBA5
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 0043FC7E
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000004), ref: 0043FCB3
                • RegFlushKey.ADVAPI32(?), ref: 0043FCD1
                • RegCloseKey.ADVAPI32(?), ref: 0043FCDB
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID:
                • API String ID: 2510291871-0
                • Opcode ID: e1c3e1fc1480248240580da580a458f13d9a9481445cceeefc2cfff2102a9183
                • Instruction ID: eb61c0e18d9090ccd1c42ae8459d1fc1c88f0457a6d9438296d7d8e5b6eaaa4e
                • Opcode Fuzzy Hash: e1c3e1fc1480248240580da580a458f13d9a9481445cceeefc2cfff2102a9183
                • Instruction Fuzzy Hash: 9D113374A0020CEBDB14DF95C955FAFB778BF08304F108169E905AB280DB75EE45DBA5
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 0043FD2E
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,0000000C), ref: 0043FD63
                • RegFlushKey.ADVAPI32(?), ref: 0043FD81
                • RegCloseKey.ADVAPI32(?), ref: 0043FD8B
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID:
                • API String ID: 2510291871-0
                • Opcode ID: ef052673760cdf0190de2a1ac9c987ddf0732d99d7277c068b23e0eff2c36e14
                • Instruction ID: 767f9c5a750402bcf6dca8fa348b227b377e44db19139ed6ec0295247b4421eb
                • Opcode Fuzzy Hash: ef052673760cdf0190de2a1ac9c987ddf0732d99d7277c068b23e0eff2c36e14
                • Instruction Fuzzy Hash: F4116374A00208EFDB04DF91C945FAE7778AF08300F108169E505AB280CBB4EF44DBA5
                APIs
                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020006,?), ref: 0043FF2E
                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000008), ref: 0043FF63
                • RegFlushKey.ADVAPI32(?), ref: 0043FF81
                • RegCloseKey.ADVAPI32(?), ref: 0043FF8B
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseFlushOpenValue
                • String ID:
                • API String ID: 2510291871-0
                • Opcode ID: 3f884559434fb5962b21b5c5a33c652ab760c1682650d2eb366775d4904520e1
                • Instruction ID: b3cd15188dfa63896e245d7b490cea805b62d2ba6ce4d1c3d39a2d93c0ec967a
                • Opcode Fuzzy Hash: 3f884559434fb5962b21b5c5a33c652ab760c1682650d2eb366775d4904520e1
                • Instruction Fuzzy Hash: 5A113374A00208EFDB14DF95C955FAEB778AF08304F108169F905AB280CB75EF45DBA5
                APIs
                  • Part of subcall function 00441404: _malloc.LIBCMT ref: 00441422
                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 004511CB
                • GetCurrentProcess.KERNEL32(?,00000000), ref: 004511D1
                • DuplicateHandle.KERNEL32(00000000), ref: 004511D4
                • GetLastError.KERNEL32(?), ref: 004511EF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                • String ID:
                • API String ID: 3704204646-0
                • Opcode ID: 4239805c75470cd7053a73f0fe18e00de6991f57486d1d377d9097760899cbb0
                • Instruction ID: 1e9a45d5ae7d42fd53eaa2f1b2c29d2d35fd85813e556813ee2bbbc399f1236d
                • Opcode Fuzzy Hash: 4239805c75470cd7053a73f0fe18e00de6991f57486d1d377d9097760899cbb0
                • Instruction Fuzzy Hash: B901D435600201ABDB109BA6DC89F5B7BADDB88351F1445A6FA08CB2A3DB74DC40C764
                APIs
                • WindowFromPoint.USER32(?,?), ref: 00460C75
                • GetParent.USER32(00000000), ref: 00460C83
                • ScreenToClient.USER32(00000000,?), ref: 00460CA4
                • IsWindowEnabled.USER32(00000000), ref: 00460CBD
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$ClientEnabledFromParentPointScreen
                • String ID:
                • API String ID: 1871804413-0
                • Opcode ID: a864d8fe5bf26261ea2cbfdc55bc12439aa3c1bc8fbc925ee40ef891f8f01714
                • Instruction ID: 4dde5f49edd754c1fdf3aea14c4f6646a217f2c48aa484c5456af555c0796582
                • Opcode Fuzzy Hash: a864d8fe5bf26261ea2cbfdc55bc12439aa3c1bc8fbc925ee40ef891f8f01714
                • Instruction Fuzzy Hash: 0801B176601504BFC7165B99CC08D6F7B6AEFC9704B14026AF805D3310FB38CD019769
                APIs
                • GetTopWindow.USER32(00000000), ref: 00445330
                • GetTopWindow.USER32(00000000), ref: 0044536F
                • GetWindow.USER32(00000000,00000002), ref: 0044538D
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window
                • String ID:
                • API String ID: 2353593579-0
                • Opcode ID: ea1d1919e2ee581704d57735580937976eac423a50b7a7be661404d8b9639cb8
                • Instruction ID: 92de15eb6189c6d07c85fd836dbddaf9e63870ded3a992af16bd47313a2cf908
                • Opcode Fuzzy Hash: ea1d1919e2ee581704d57735580937976eac423a50b7a7be661404d8b9639cb8
                • Instruction Fuzzy Hash: C401ED32001A1ABBDF125F919C04E9F3B65FF593A1F044115FE1455121C77AC961EFA9
                APIs
                • GetDlgItem.USER32(?,?), ref: 00444B5D
                • GetTopWindow.USER32(00000000), ref: 00444B70
                  • Part of subcall function 00444B50: GetWindow.USER32(00000000,00000002), ref: 00444BB7
                • GetTopWindow.USER32(?), ref: 00444BA0
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$Item
                • String ID:
                • API String ID: 369458955-0
                • Opcode ID: cba5feae47f400ca8b76f6442d8822f45772346122158f7ba7a2f2b927c580a4
                • Instruction ID: b8f97f4fc377b4cdf0dab2ddd0961a0d571855ac00e51fce55a48b98d101f1a1
                • Opcode Fuzzy Hash: cba5feae47f400ca8b76f6442d8822f45772346122158f7ba7a2f2b927c580a4
                • Instruction Fuzzy Hash: 5801A23600169ABBFF322F529C05F9F3B59EFC43A8F004126FD1465210EB39E91296AD
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                • String ID:
                • API String ID: 3016257755-0
                • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                • Instruction ID: b84dbbb2fcf847bc00992924ef47596a8455602911b0680825b536846f08d50d
                • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                • Instruction Fuzzy Hash: D311427204014DBBCF165E85CC01DEE3F26FB19354B588516FA1899131E73AD9B2AB8B
                APIs
                  • Part of subcall function 00448273: GetWindowLongA.USER32(?,000000F0), ref: 0044827E
                • GetParent.USER32(?), ref: 0044C7C0
                • IsZoomed.USER32(00000000), ref: 0044C7C7
                • GetSystemMetrics.USER32(00000005), ref: 0044C7EF
                • GetSystemMetrics.USER32(00000002), ref: 0044C7FD
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MetricsSystem$LongParentWindowZoomed
                • String ID:
                • API String ID: 3909876373-0
                • Opcode ID: e050f8bbb0fd68e9b9c209397152bc3b5f39fc22a47e9e4e8d2edd1ce1db1a9b
                • Instruction ID: 0018f4f843dca2e779a9f33379570ec0f9bbe8fcf7bfc63b40f09603541e2e54
                • Opcode Fuzzy Hash: e050f8bbb0fd68e9b9c209397152bc3b5f39fc22a47e9e4e8d2edd1ce1db1a9b
                • Instruction Fuzzy Hash: 2201DB32A001147BDB106FBACC4DB4EBB78EF48715F058179FE05A7291EA74AC44CBA8
                APIs
                • FindResourceA.KERNEL32(?,?,000000F0), ref: 00447961
                • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,004418F8,?,?,00401131), ref: 0044796D
                • LockResource.KERNEL32(00000000,?,?,?,?,?,004418F8,?,?,00401131), ref: 0044797A
                • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,004418F8,?,?,00401131), ref: 00447996
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Resource$FindFreeLoadLock
                • String ID:
                • API String ID: 1078018258-0
                • Opcode ID: 3e612d28f0036a7c203aed046b51384553834a049c9935041677a5f5aaa2eb8e
                • Instruction ID: 9ce725422c830e8e61563956b6ec8924342e06842de24c03e1c7a2c1b959e76a
                • Opcode Fuzzy Hash: 3e612d28f0036a7c203aed046b51384553834a049c9935041677a5f5aaa2eb8e
                • Instruction Fuzzy Hash: ADF0A4B22006017BB7105FB68C8896BBAAC9F85351715417EFA0993302DF79DD028678
                APIs
                • GetObjectA.GDI32(00000000,0000000C,?), ref: 00442EDB
                • SetBkColor.GDI32(00000000,00000000), ref: 00442EE7
                • GetSysColor.USER32(00000008), ref: 00442EF7
                • SetTextColor.GDI32(00000000,?), ref: 00442F01
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Color$ObjectText
                • String ID:
                • API String ID: 829078354-0
                • Opcode ID: d6cca2b667d14408dce1112a199f84e82323b14b6a32b31c22e5b54967bf1584
                • Instruction ID: 22c3ba557099a1f739f4f9fda452b10b483faf52241d0a4daa318c9bfe8de4dc
                • Opcode Fuzzy Hash: d6cca2b667d14408dce1112a199f84e82323b14b6a32b31c22e5b54967bf1584
                • Instruction Fuzzy Hash: 99018B30001009ABEF215F65DE48AAB3B79EF04305FD04622FE06C11E0E7B4CC98EA69
                APIs
                • SetEvent.KERNEL32(000000C0), ref: 0043B9EB
                • WaitForSingleObject.KERNEL32(C181DC4D,00001388), ref: 0043BA0C
                • CloseHandle.KERNEL32(C181DC4D), ref: 0043BA1C
                • ResetEvent.KERNEL32(000000C0), ref: 0043BA39
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Event$CloseHandleObjectResetSingleWait
                • String ID:
                • API String ID: 3023640180-0
                • Opcode ID: 6fc27ef8ec7e12c8e97cc5b03a58a9b0b138a831e77e7550e19ee395bd35361c
                • Instruction ID: d2caf99b2a2f3368dc0201f09de4f337252b28f0a82007450f0e93aae4e38998
                • Opcode Fuzzy Hash: 6fc27ef8ec7e12c8e97cc5b03a58a9b0b138a831e77e7550e19ee395bd35361c
                • Instruction Fuzzy Hash: F901E974600204EFDB04CF94D588B9AB7B9FB49304F2482E8E9489B352CB366E85EB41
                APIs
                • EnableWindow.USER32(?,00000001), ref: 00441D63
                • GetActiveWindow.USER32 ref: 00441D6E
                • SetActiveWindow.USER32(?,?,00000024,004070BD,34224227), ref: 00441D7C
                • FreeResource.KERNEL32(?,?,00000024,004070BD,34224227), ref: 00441D98
                  • Part of subcall function 004483E3: EnableWindow.USER32(?,00000478), ref: 004483F4
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Window$ActiveEnable$FreeResource
                • String ID:
                • API String ID: 253586258-0
                • Opcode ID: 1972d6b5a1620f655cc531b2313acaa208464392ed64e2ed32ec6abc493a11b8
                • Instruction ID: 18f1f1804d05eebf3b6efdfa844586f1bf9114b9e569e8347711c4d15e390c4a
                • Opcode Fuzzy Hash: 1972d6b5a1620f655cc531b2313acaa208464392ed64e2ed32ec6abc493a11b8
                • Instruction Fuzzy Hash: E6F04F74A00608DFEF21AF95C8455AEB7B1BF48709B60056AE44672271DB3A6DC0CF59
                APIs
                • __getptd.LIBCMT ref: 0046DEF5
                  • Part of subcall function 0046A39C: __getptd_noexit.LIBCMT ref: 0046A39F
                  • Part of subcall function 0046A39C: __amsg_exit.LIBCMT ref: 0046A3AC
                • __getptd.LIBCMT ref: 0046DF0C
                • __amsg_exit.LIBCMT ref: 0046DF1A
                • __lock.LIBCMT ref: 0046DF2A
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                • String ID:
                • API String ID: 3521780317-0
                • Opcode ID: 9787f2414c43562989b5c9953008201115c6a4f4d871b325c87786ec90d2af20
                • Instruction ID: 81f0597d864be6a3730a8b09a8f036ce3be67d807c05f5d6b277957530cbd077
                • Opcode Fuzzy Hash: 9787f2414c43562989b5c9953008201115c6a4f4d871b325c87786ec90d2af20
                • Instruction Fuzzy Hash: 5EF06D32E447008BE725FBBA880274D73A0AB44728F10466FE452AB3C1FB3C69058A5F
                APIs
                • GetTickCount.KERNEL32 ref: 0046052B
                • GetTickCount.KERNEL32 ref: 00460538
                • CoFreeUnusedLibraries.OLE32 ref: 00460547
                • GetTickCount.KERNEL32 ref: 0046054D
                  • Part of subcall function 004604AA: CoFreeUnusedLibraries.OLE32 ref: 004604F2
                  • Part of subcall function 004604AA: OleUninitialize.OLE32 ref: 004604F8
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                • String ID:
                • API String ID: 685759847-0
                • Opcode ID: 4ebc92920bad6fa078a17a69d7141ad437e2ac2bc4a0e7cfe4306d03b0b2639b
                • Instruction ID: 418ed486388e34664265c63ea5a3656f0fe23c6c74371c2d4f81564e07f15a86
                • Opcode Fuzzy Hash: 4ebc92920bad6fa078a17a69d7141ad437e2ac2bc4a0e7cfe4306d03b0b2639b
                • Instruction Fuzzy Hash: FDE06531804158DBCB10EF65EC087573B68EB55310F508433D41592530E7B898A0CF6F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CtrlFocus
                • String ID: %0.6f
                • API String ID: 1223567573-540447034
                • Opcode ID: 2aefa231c3ab3f7e4ef51a50e084bf66ddee8341fba06753d91b36a2a9f0f44f
                • Instruction ID: cd9e442c4a0dc3089fa3a1182e591772cbd20a7872be872b88f7bd2336090e47
                • Opcode Fuzzy Hash: 2aefa231c3ab3f7e4ef51a50e084bf66ddee8341fba06753d91b36a2a9f0f44f
                • Instruction Fuzzy Hash: D6914070D00208EBDB14DF95C885AEDBBB5BF48305F10812EE519AB252DB79AEC5CF49
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus
                • String ID: %0.6f
                • API String ID: 2734777837-540447034
                • Opcode ID: 8c5bc9fe2daef28becb3b158fd6f7fc880722d4aa4ba6ac9513cd9f11a892ca3
                • Instruction ID: f021d23024c082cf29c59c9be34fb3c883b84c3cdda6e836c819c2114325c017
                • Opcode Fuzzy Hash: 8c5bc9fe2daef28becb3b158fd6f7fc880722d4aa4ba6ac9513cd9f11a892ca3
                • Instruction Fuzzy Hash: B3913071D04208DBDB14EFE5D881ADDBBB5BF44305F20812EE51A6B292DB78AD85CF48
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus
                • String ID: %0.6f
                • API String ID: 2734777837-540447034
                • Opcode ID: bd5adc6e3505d8ecd492a9a0e1fad95a200cbb5a4f4cf01e5e8b49d818d9844b
                • Instruction ID: 39c324e16a0c21d00d20b671c2c5967f1de71ee12736ab6ef607e8b4b2595937
                • Opcode Fuzzy Hash: bd5adc6e3505d8ecd492a9a0e1fad95a200cbb5a4f4cf01e5e8b49d818d9844b
                • Instruction Fuzzy Hash: 72915D71D04208EBDB14DFA4D8809DDBBB5BF48305F20816EF5096B252DB389D86CF59
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus
                • String ID: %0.6f
                • API String ID: 2734777837-540447034
                • Opcode ID: 7d29c965fa6800205643309780797180631b25bbec3bfabd721ade004b19fdaf
                • Instruction ID: 385720688bb15922707a8c4b2537c34f892ee5a3c2b1389f381630f15444efa7
                • Opcode Fuzzy Hash: 7d29c965fa6800205643309780797180631b25bbec3bfabd721ade004b19fdaf
                • Instruction Fuzzy Hash: 4A915F70D00208DBDB14EFA5D88599DB7B5FF44305F20812EE5097B292DB38AE85CF89
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus
                • String ID: %0.6f
                • API String ID: 2734777837-540447034
                • Opcode ID: a3b39858d568469023975e6de9d0849bf0ac1556b7eaf72d6e43609158f48ccc
                • Instruction ID: 542585c3fff4ce5e5910af23fb6481879e5c664a9b761dacd9a0e92933054f21
                • Opcode Fuzzy Hash: a3b39858d568469023975e6de9d0849bf0ac1556b7eaf72d6e43609158f48ccc
                • Instruction Fuzzy Hash: C5912C71D00208DBDB24DF95D881ADDBBB5BB48305F20813FE5096B292DB79AD85CF89
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus
                • String ID: %0.6f
                • API String ID: 2734777837-540447034
                • Opcode ID: 077955cf399e93a8e060d7a9a773ff56251ce646531b86a154216c067bc0c62a
                • Instruction ID: b4ec9d5a67bffef42bebd4c95db4439399e5293ea1ce49681936ae83898e3ddd
                • Opcode Fuzzy Hash: 077955cf399e93a8e060d7a9a773ff56251ce646531b86a154216c067bc0c62a
                • Instruction Fuzzy Hash: 62914C71D40208EBDB14EF95DCC59EDB7B6AF44305F20812EE4196B292DB38AD85CF48
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Focus
                • String ID: %0.6f
                • API String ID: 2734777837-540447034
                • Opcode ID: 407c350ee3defb199f05a6227588a1c5df85678f7185de25f5164f50870981b0
                • Instruction ID: ca9afd17eb7a5797c9f86b74277622a71cc9b6993cab226c1805b9dc8553f077
                • Opcode Fuzzy Hash: 407c350ee3defb199f05a6227588a1c5df85678f7185de25f5164f50870981b0
                • Instruction Fuzzy Hash: B0914171D00208DBDB14DF95D8919EEB7B6FF44305F20812EE40A6B291DB39AE95CF49
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClearVariant
                • String ID: (
                • API String ID: 1473721057-3887548279
                • Opcode ID: b623d79182e3de9986508132b18e65e81cbfc82a74d7b39d7360c053f1bdea5e
                • Instruction ID: afc4c06120ae38fc3051e55c8b1b755d22e78fbbfa2dd67c96e8e9dc54d0dab8
                • Opcode Fuzzy Hash: b623d79182e3de9986508132b18e65e81cbfc82a74d7b39d7360c053f1bdea5e
                • Instruction Fuzzy Hash: 23518931A00705EFCB64CF69C98296AB7F0FF48315B504A2EE98397A52CB34F845CB48
                APIs
                • __EH_prolog3.LIBCMT ref: 0045652B
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                • VariantClear.OLEAUT32(?), ref: 004566CC
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClearException@8H_prolog3ThrowVariant
                • String ID: @
                • API String ID: 2674903915-2766056989
                • Opcode ID: 54353b096e3e81b6897afa33805607d57a464af13f9c33717521de20a31c1017
                • Instruction ID: 7e5588687eff3c157bbfd2175b766d9f5613418bdd3d906e089b361c3f8c9f31
                • Opcode Fuzzy Hash: 54353b096e3e81b6897afa33805607d57a464af13f9c33717521de20a31c1017
                • Instruction Fuzzy Hash: 3B510870A002199FDB14DFA4C888AEEB7F9FF48305F14456EE816EB251E778A945CF50
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 004517C0
                  • Part of subcall function 004513CB: __EH_prolog3_GS.LIBCMT ref: 004513D5
                  • Part of subcall function 004513CB: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,00000158,00451674,?,00000000,?,00000000,00000104,00000000), ref: 00451413
                • CreateFileA.KERNEL32(00000000,80000000,00000000,0000000C,00000003,00000080,00000000,?,?,00000000,?,00000000,00000104,00000000), ref: 0045177E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorCreateDebugFileFullH_prolog3_HeapNamePath
                • String ID: 'B"4
                • API String ID: 3792280456-3921257376
                • Opcode ID: 3bd16ac51bb401fb91b8d943d3a3e4ef23372bd2f5de090eb6bdcd28c54955a5
                • Instruction ID: 1cd42ee694eba5dd093c733b8c976542f49b9e1a0577b2f2d2f9ccf14f1b3eed
                • Opcode Fuzzy Hash: 3bd16ac51bb401fb91b8d943d3a3e4ef23372bd2f5de090eb6bdcd28c54955a5
                • Instruction Fuzzy Hash: C0510F31A002095BEB258F19CD85BDAB7A5EB48309F1446ABE915D22F1DBBC8DC5CF04
                APIs
                • __recalloc.LIBCMT ref: 004265C4
                  • Part of subcall function 00464E0B: __lock.LIBCMT ref: 00464E29
                  • Part of subcall function 00464E0B: ___sbh_find_block.LIBCMT ref: 00464E34
                  • Part of subcall function 00464E0B: ___sbh_free_block.LIBCMT ref: 00464E43
                  • Part of subcall function 00464E0B: HeapFree.KERNEL32(00000000,00000078,00498D20,0000000C,0046F83E,00000000,004990B8,0000000C,0046F878,00000078,0040101D,?,004703D5,00000004,004990D8,0000000C), ref: 00464E73
                  • Part of subcall function 00464E0B: GetLastError.KERNEL32(?,004703D5,00000004,004990D8,0000000C,0046F5DB,00000078,0040102C,00000000,00000000,00000000,?,0046A34E,00000001,00000214), ref: 00464E84
                • _calloc.LIBCMT ref: 0042660F
                  • Part of subcall function 00464E99: __calloc_impl.LIBCMT ref: 00464EAE
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block__calloc_impl__lock__recalloc_calloc
                • String ID: cB
                • API String ID: 674092130-842239044
                • Opcode ID: fdc893c4fe9916f191d710ceadffad3702466396429ada064d55609f852a9d5f
                • Instruction ID: b54b806e8017cec27ec597acaa883880555c6dd242d70acf652c050d8dc79a6b
                • Opcode Fuzzy Hash: fdc893c4fe9916f191d710ceadffad3702466396429ada064d55609f852a9d5f
                • Instruction Fuzzy Hash: 31318E75A00219EFCF00DF60E985BAE3761BF44314F60C56AE8056B384E779DE90CB99
                APIs
                • _strcat.LIBCMT ref: 00439C80
                  • Part of subcall function 00439F00: __mbsupr.LIBCMT ref: 00439F07
                • _memset.LIBCMT ref: 00439C9F
                  • Part of subcall function 00439EE0: __fassign.LIBCMT ref: 00439EEF
                Strings
                • 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 00439C56
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __fassign__mbsupr_memset_strcat
                • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
                • API String ID: 4103193120-442858466
                • Opcode ID: 5fc468421cdfd6d74f9514750a094e5490da93e82dfe23b1f098b5f1ebeb4402
                • Instruction ID: 51fadd62a938b1dbecc0f6d3da9c5fa116595207cd72470e50b190cab5f92707
                • Opcode Fuzzy Hash: 5fc468421cdfd6d74f9514750a094e5490da93e82dfe23b1f098b5f1ebeb4402
                • Instruction Fuzzy Hash: 553164B2D01208ABCB14EF95E885BDDBBB5EF58304F1041AAF505A7241D7795F44CF94
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __calloc_crt
                • String ID: I
                • API String ID: 3494438863-429267355
                • Opcode ID: 542d949fec11aed5cf1462275f539513471cf61bb9d3bd6c0fc76ce48e6aff3a
                • Instruction ID: 090357206bce2ee322a6d77772aa8c9fdd1ccab2f9de988f8f14ffc65dfc3b47
                • Opcode Fuzzy Hash: 542d949fec11aed5cf1462275f539513471cf61bb9d3bd6c0fc76ce48e6aff3a
                • Instruction Fuzzy Hash: 9311E77174411157E7188E2E7C41AA62A91A786374B24853FF71ACB3A1EB7CDC82568C
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __mbstowcs_l
                • String ID: c.@+@$c.@+@
                • API String ID: 106630405-802518711
                • Opcode ID: f71f842fcf62fc6a8cac5c7152efe45146cd82c7a53cc2a52acf778ed658a9ef
                • Instruction ID: aa2a7b689881aa077dbb8f6972549fad4c38e905c6447a22b9d3d5ead42fbf12
                • Opcode Fuzzy Hash: f71f842fcf62fc6a8cac5c7152efe45146cd82c7a53cc2a52acf778ed658a9ef
                • Instruction Fuzzy Hash: D521E774E001099FCB04EF99C9919AEBBB6FF88304F1081ADE915A7395DB34AE41CF94
                APIs
                • GetDefaultCommConfigA.KERNEL32(00000000,?,00000034), ref: 00426CB7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CommConfigDefault
                • String ID: 4$COM%d
                • API String ID: 3929297560-1530337496
                • Opcode ID: ffc6a160eb82ce61e5a71f689de35235f1ad35a6742823cc2e04ce5190e1543d
                • Instruction ID: 51840c6549e22a831e6dd50f60d048177a1891913debc721b46f28ffc9abaa50
                • Opcode Fuzzy Hash: ffc6a160eb82ce61e5a71f689de35235f1ad35a6742823cc2e04ce5190e1543d
                • Instruction Fuzzy Hash: 93214FB1A002199BCB04EFA5DC45BAEB778FF44714F50462EE4166B280DB786A04CB89
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 0043EBFB
                  • Part of subcall function 0043F020: RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,000F003F,'B"4,0043EC0B,?), ref: 0043F050
                  • Part of subcall function 0043F020: RegCloseKey.ADVAPI32('B"4), ref: 0043F05D
                • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0043EC3F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorCloseDebugDeleteHeapOpen
                • String ID: 'B"4
                • API String ID: 1441579208-3921257376
                • Opcode ID: 1cb2403fa4f36796e92fcfe9b35c6d046973a08778d29fd01590c4de5b36bbda
                • Instruction ID: 438cfc94a752dfac98edfa6a6189bc43e0be958dd3cab769c80157894dd42e24
                • Opcode Fuzzy Hash: 1cb2403fa4f36796e92fcfe9b35c6d046973a08778d29fd01590c4de5b36bbda
                • Instruction Fuzzy Hash: 66213EB090020CDFCB04DF95C945BDEBBB4FB08314F10526EE815A72D1D7796A45CB98
                APIs
                • _memset.LIBCMT ref: 004611C7
                • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 004611F4
                  • Part of subcall function 004435E5: SendMessageA.USER32(?,00000401,00000000,00000000), ref: 0044360A
                  • Part of subcall function 004435E5: GetKeyState.USER32(00000001), ref: 0044361F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: MessageSend$State_memset
                • String ID: ,
                • API String ID: 930327405-3772416878
                • Opcode ID: d1e49833adc9d833f9df8f631b2f8841f1e0c4adb7b92ff383007420b3b951e2
                • Instruction ID: 665c9052e58a556831491eaa9e1868d79fbc3fb3fd63d2218c9e90529b762f9b
                • Opcode Fuzzy Hash: d1e49833adc9d833f9df8f631b2f8841f1e0c4adb7b92ff383007420b3b951e2
                • Instruction Fuzzy Hash: 80119131540304AFE720DFA6C886B9AB7B4FF44725F18411FE645A6661E3B9A804CF9A
                APIs
                • _memset.LIBCMT ref: 00437F8E
                • _DebugHeapAllocator.LIBCPMTD ref: 00437FB1
                  • Part of subcall function 00437E80: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 00437EFF
                  • Part of subcall function 00437E80: Sleep.KERNEL32(00000898), ref: 00437F0C
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Sleep$AllocatorDebugHeap_memset
                • String ID: $r
                • API String ID: 1103342030-203082776
                • Opcode ID: b870ae169c79b3edde1edfc7eeb0831b39663dd3fbf564487b22750cc700e5d6
                • Instruction ID: db5c1e31bcc74555295b5882270712c3bc0a0928bbcf41f3e1d9f45f1768521c
                • Opcode Fuzzy Hash: b870ae169c79b3edde1edfc7eeb0831b39663dd3fbf564487b22750cc700e5d6
                • Instruction Fuzzy Hash: B0110AB5E00209ABCB04EF94D942BAFF7B4FB08714F10466EE925673C1DB796A04CB94
                APIs
                • __EH_prolog3.LIBCMT ref: 0044BD2B
                  • Part of subcall function 00441404: _malloc.LIBCMT ref: 00441422
                • GetModuleFileNameA.KERNEL32(?,00000000,00000104,00000010,0044BFD1,?,00000066), ref: 0044BD61
                  • Part of subcall function 0044AF01: __EH_prolog3.LIBCMT ref: 0044AF08
                  • Part of subcall function 0044AF01: lstrlenA.KERNEL32(?,?,?,00000048,0044BFE7,?,00000000,00000000,00000000,00000000,00000000,00000066), ref: 0044AF41
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?,?,00000000,00000000,00000008,00000000,?,00000003,?,00000008,?,00000008,?,?,00000048,0044BFE7), ref: 0044AFA0
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?), ref: 0044AFAD
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?), ref: 0044AFB3
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?), ref: 0044AFB9
                  • Part of subcall function 0044AF01: VariantClear.OLEAUT32(?), ref: 0044AFBF
                  • Part of subcall function 0044AF01: SysFreeString.OLEAUT32(?), ref: 0044AFC4
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClearVariant$H_prolog3$FileFreeModuleNameString_malloclstrlen
                • String ID: res://%s/%s
                • API String ID: 88287491-2322498915
                • Opcode ID: b387cfc9b70906b258026b2b6ae7b14f4b6b372ccda34ef562d1412d6ea6931e
                • Instruction ID: eb35edbad607bc8eeeccd5b4cb1a7e194c5399d63742ebdf3a0551abd494627b
                • Opcode Fuzzy Hash: b387cfc9b70906b258026b2b6ae7b14f4b6b372ccda34ef562d1412d6ea6931e
                • Instruction Fuzzy Hash: 750121B1D0010A9BEF00AFA5CC869BFBB74EF00318F14446FF11467292C6799D518B99
                APIs
                • GetWindowLongA.USER32(00000000,000000F0), ref: 00451A2A
                • GetClassNameA.USER32(00000000,?,0000000A), ref: 00451A3F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ClassLongNameWindow
                • String ID: combobox
                • API String ID: 1147815241-2240613097
                • Opcode ID: d3ba86b002978924ec95b8d62f4ad8398f427b5c222826e384520c012c96e8ce
                • Instruction ID: 9efa3c8216bb72b9ad18e0b10be7f34f0726cdb5d943742e0ffe4298fdb99a84
                • Opcode Fuzzy Hash: d3ba86b002978924ec95b8d62f4ad8398f427b5c222826e384520c012c96e8ce
                • Instruction Fuzzy Hash: 2FF0F632611118AF8B01EF65CC01EBF73E8EB19315B50062AE822E7181EE38AA048799
                APIs
                • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,000F003F,'B"4,0043EC0B,?), ref: 0043F050
                • RegCloseKey.ADVAPI32('B"4), ref: 0043F05D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CloseOpen
                • String ID: 'B"4
                • API String ID: 47109696-3921257376
                • Opcode ID: 3fd408b19042e56f699960d27e40430ec942ee10f9a1312f1e0294fa0fa73379
                • Instruction ID: 60b157363e03ee81029d49a3fe5fb322861ff02efa4a9b6bf8139848b987d88f
                • Opcode Fuzzy Hash: 3fd408b19042e56f699960d27e40430ec942ee10f9a1312f1e0294fa0fa73379
                • Instruction Fuzzy Hash: 2101F474D0020CEFCB04DF95C545BEE77B4EB14300F40816AE9156B291D7B59B89DFA5
                APIs
                • _DebugHeapAllocator.LIBCPMTD ref: 0043327F
                  • Part of subcall function 004029F0: _DebugHeapAllocator.LIBCPMTD ref: 004029FE
                • _DebugHeapAllocator.LIBCPMTD ref: 0043328E
                  • Part of subcall function 00430440: Sleep.KERNEL32(00000032,?,00000001,00000000), ref: 004304BF
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AllocatorDebugHeap$Sleep
                • String ID: totres
                • API String ID: 2219973828-2234705810
                • Opcode ID: f0f2a03055145e894641e6fcba942eb161999813e99e98b4c828e639a63b484c
                • Instruction ID: 117722383da3c43a15e4812dffb8eb433608a1eba91335f51b9a8e1abd32dfd1
                • Opcode Fuzzy Hash: f0f2a03055145e894641e6fcba942eb161999813e99e98b4c828e639a63b484c
                • Instruction Fuzzy Hash: 040162B1D04209DBCB05EF95CD42BAFB7B8FB04714F10066FA425A32C0DB782604CB88
                APIs
                  • Part of subcall function 0046372E: __getptd.LIBCMT ref: 00463734
                  • Part of subcall function 0046372E: __getptd.LIBCMT ref: 00463744
                • __getptd.LIBCMT ref: 00469874
                  • Part of subcall function 0046A39C: __getptd_noexit.LIBCMT ref: 0046A39F
                  • Part of subcall function 0046A39C: __amsg_exit.LIBCMT ref: 0046A3AC
                • __getptd.LIBCMT ref: 00469882
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __getptd$__amsg_exit__getptd_noexit
                • String ID: csm
                • API String ID: 803148776-1018135373
                • Opcode ID: 7b79a73e368aaa0a436365c9d3fd1ae95ef578de730f6aa6882ab28c02c430ad
                • Instruction ID: 7a950a037cd2471349e405d2af7050b72c9375ff329539232da5364753d54b6d
                • Opcode Fuzzy Hash: 7b79a73e368aaa0a436365c9d3fd1ae95ef578de730f6aa6882ab28c02c430ad
                • Instruction Fuzzy Hash: 8E0178748102058ACF24AF22C4406AEB7B8AF12326F28442FE44157791FBB89D94CF0B
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __mbstowcs_l
                • String ID: 'B"4$'B"4
                • API String ID: 106630405-1347724834
                • Opcode ID: a145d263d65f89e0d11f0cdd052b30f1b68a80db405a77d66e18a3e98e7b6804
                • Instruction ID: 4ccee11dd9bf42ee8990badfdbca25526961bf5a352e9904f4649cb8d396f5f0
                • Opcode Fuzzy Hash: a145d263d65f89e0d11f0cdd052b30f1b68a80db405a77d66e18a3e98e7b6804
                • Instruction Fuzzy Hash: CEF054D680514877CB04DBE69C02DDF777C595D218F0449AEB90952243E43AD61487A6
                APIs
                • std::bad_exception::bad_exception.LIBCMTD ref: 0043CEE0
                  • Part of subcall function 0043CF20: std::runtime_error::runtime_error.LIBCPMTD ref: 0043CF2E
                • __CxxThrowException@8.LIBCMT ref: 0043CEEE
                  • Part of subcall function 004652A1: KiUserExceptionDispatcher.NTDLL(000000AC,00000000,00401046,00000000,000000AC,00000000,00000000,?,00401046,00000000), ref: 004652E3
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: DispatcherExceptionException@8ThrowUserstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
                • String ID: vector<T> too long
                • API String ID: 1211073810-3788999226
                • Opcode ID: fc60651fa779b834ea73a953b0c5de79756bf28f9c060bb6b317c19e4c727403
                • Instruction ID: dd151657c8afc33160bbb45991d6f7a7735ee8ecfb5906524c623fa15555a8a2
                • Opcode Fuzzy Hash: fc60651fa779b834ea73a953b0c5de79756bf28f9c060bb6b317c19e4c727403
                • Instruction Fuzzy Hash: A5F03C71904608ABCB14EBD0DD41B9DB778EB18724F50026EA411676C4EB786A04CB88
                APIs
                • LoadIconA.USER32(?,6wD), ref: 00447604
                • LoadIconA.USER32(00000000,00007F00), ref: 00447613
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: IconLoad
                • String ID: 6wD
                • API String ID: 2457776203-3462933128
                • Opcode ID: ac0b78c677c49f9f2d2a668ac6b6027537002b336462e8d689d604fdc759369e
                • Instruction ID: a7001ac70a327b6438e980a4359fd0704adc3e955533ec59003b8c5dd97cc297
                • Opcode Fuzzy Hash: ac0b78c677c49f9f2d2a668ac6b6027537002b336462e8d689d604fdc759369e
                • Instruction Fuzzy Hash: 99E09B725017196B9710AFAADC04C6BF7ECDF94721301492BF904C7201D674F8018BB9
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: Version_memset
                • String ID: p D
                • API String ID: 963298953-1334120553
                • Opcode ID: 2c6acc63c919e8a87e54367c3c43e0b24b81b10214f0c26acf20842db58dcdf5
                • Instruction ID: 7f0ccbe538c4042a0b15c0486f4ba81d54e1bdfa4eb1ff85ae0fe7c504c026cd
                • Opcode Fuzzy Hash: 2c6acc63c919e8a87e54367c3c43e0b24b81b10214f0c26acf20842db58dcdf5
                • Instruction Fuzzy Hash: AFF065759102189FDB50DF71DD46B4EB7F89B08304F5040E9A50DD7282EE749B8C8B55
                APIs
                • __EH_prolog3.LIBCMT ref: 00461242
                • GetProcAddress.KERNEL32(00000000,?), ref: 0046127B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: AddressH_prolog3Proc
                • String ID: UxTheme.dll
                • API String ID: 3325816569-352951104
                • Opcode ID: 201db801cd708352faf11f62ba480c55a59e274643c4893dc1acdf68ebb291bb
                • Instruction ID: 469293d9be521a282874924896fb010a962f496180dab60a0eb3fbe453fbee32
                • Opcode Fuzzy Hash: 201db801cd708352faf11f62ba480c55a59e274643c4893dc1acdf68ebb291bb
                • Instruction Fuzzy Hash: 30E0E530B042905FDB50DF65980534A3AE46B05719F4840ABF808E72B1EB3CCD84C79D
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: _sprintf
                • String ID: %08X$'B"4
                • API String ID: 1467051239-743380200
                • Opcode ID: 4974d376e369c72859ef08ab55b1c5441f3dd367dc8549c5aee7526dfca0b7e5
                • Instruction ID: d78e18fa2bef0382ebf8c1845b6463f356ef52a874d1c9e1b200b6af4bf65e51
                • Opcode Fuzzy Hash: 4974d376e369c72859ef08ab55b1c5441f3dd367dc8549c5aee7526dfca0b7e5
                • Instruction Fuzzy Hash: 24E012B5D1020CAB8B00EFA5D942DAEB7F8EB58700F50416EEC0597241EA35AA14CBC5
                APIs
                • __CxxThrowException@8.LIBCMT ref: 00450285
                  • Part of subcall function 004652A1: KiUserExceptionDispatcher.NTDLL(000000AC,00000000,00401046,00000000,000000AC,00000000,00000000,?,00401046,00000000), ref: 004652E3
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: DispatcherExceptionException@8ThrowUser
                • String ID: 8J$8J
                • API String ID: 2513928553-2394045951
                • Opcode ID: bbff79bfa358adad3a863bff9f4b9dbeeed22c561f22bd925a4d34c1dd5a35f2
                • Instruction ID: ee37ce83065a1f5fff467fe9c56b7877b66a2850d0e9d4591c8626bf4a125b31
                • Opcode Fuzzy Hash: bbff79bfa358adad3a863bff9f4b9dbeeed22c561f22bd925a4d34c1dd5a35f2
                • Instruction Fuzzy Hash: 49D05B7510430CBBC700DBC5C409E4A7FADDFC4714F244096B91897241DBB4FD10D665
                APIs
                  • Part of subcall function 00464E0B: __lock.LIBCMT ref: 00464E29
                  • Part of subcall function 00464E0B: ___sbh_find_block.LIBCMT ref: 00464E34
                  • Part of subcall function 00464E0B: ___sbh_free_block.LIBCMT ref: 00464E43
                  • Part of subcall function 00464E0B: HeapFree.KERNEL32(00000000,00000078,00498D20,0000000C,0046F83E,00000000,004990B8,0000000C,0046F878,00000078,0040101D,?,004703D5,00000004,004990D8,0000000C), ref: 00464E73
                  • Part of subcall function 00464E0B: GetLastError.KERNEL32(?,004703D5,00000004,004990D8,0000000C,0046F5DB,00000078,0040102C,00000000,00000000,00000000,?,0046A34E,00000001,00000214), ref: 00464E84
                • __strdup.LIBCMT ref: 0044F026
                • __strdup.LIBCMT ref: 0044F039
                  • Part of subcall function 0046883F: _strlen.LIBCMT ref: 00468855
                  • Part of subcall function 0046883F: _malloc.LIBCMT ref: 0046885E
                  • Part of subcall function 0046883F: _strcpy_s.LIBCMT ref: 00468870
                  • Part of subcall function 0046883F: __invoke_watson.LIBCMT ref: 00468881
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: __strdup$ErrorFreeHeapLast___sbh_find_block___sbh_free_block__invoke_watson__lock_malloc_strcpy_s_strlen
                • String ID: \A
                • API String ID: 4224818309-728734823
                • Opcode ID: f249206f3b7a52a9b2adaad2f6807e4d6417c9eb2373e711d0604d4c3a70aa1a
                • Instruction ID: 8c785acc144d27d70773c4d8fe2a016fc92857615965b4d703bde2371208679a
                • Opcode Fuzzy Hash: f249206f3b7a52a9b2adaad2f6807e4d6417c9eb2373e711d0604d4c3a70aa1a
                • Instruction Fuzzy Hash: 54E0EC718007046BDB317BA6C802857BB95FF507587400C2FB49553A21EBBAA920DAC5
                APIs
                • ShellExecuteA.SHELL32(00000000,open,http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspx,00000000,00000000,00000001), ref: 00421399
                Strings
                • open, xrefs: 00421392
                • http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspx, xrefs: 0042138D
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: ExecuteShell
                • String ID: http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspx$open
                • API String ID: 587946157-2554700700
                • Opcode ID: 8afa9ba564dacb730d79b77c05a9f7a81773961dee463e6de5234d689828ddc2
                • Instruction ID: 0418597258ac824aa79d271b74c056c3d6dccf65f2c7d026c755c527dc2009ab
                • Opcode Fuzzy Hash: 8afa9ba564dacb730d79b77c05a9f7a81773961dee463e6de5234d689828ddc2
                • Instruction Fuzzy Hash: 8DC080307C430877F6106741AC07F197658E744F16F200595FE0C3A6C054D12940059D
                APIs
                • EnterCriticalSection.KERNEL32(?), ref: 004524BB
                • LeaveCriticalSection.KERNEL32(?), ref: 004524CB
                • LocalFree.KERNEL32(?), ref: 004524D4
                • TlsSetValue.KERNEL32(?,00000000), ref: 004524E6
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CriticalSection$EnterFreeLeaveLocalValue
                • String ID:
                • API String ID: 2949335588-0
                • Opcode ID: 4c6da635f5d09507a44a5bb0431aee41d8f1274dc044593fb12ce1d2106a91e6
                • Instruction ID: 43a44b10c187fa9584a5e4c589c02b6f0e3f084519b3424ea7fd110e6f65ba42
                • Opcode Fuzzy Hash: 4c6da635f5d09507a44a5bb0431aee41d8f1274dc044593fb12ce1d2106a91e6
                • Instruction Fuzzy Hash: 6611AC31600200EFD724CF55C984F5AB7B8FF46316F10846AF9468B2A2CBB4E884CB54
                APIs
                • EnterCriticalSection.KERNEL32(004A0FB0,?,?,?,?,00452046,00000010,00000008,0044A048,00449FEB,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452759
                • InitializeCriticalSection.KERNEL32(-004A0E18,?,?,?,?,00452046,00000010,00000008,0044A048,00449FEB,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 0045276B
                • LeaveCriticalSection.KERNEL32(004A0FB0,?,?,?,?,00452046,00000010,00000008,0044A048,00449FEB,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452778
                • EnterCriticalSection.KERNEL32(-004A0E18,?,?,?,?,00452046,00000010,00000008,0044A048,00449FEB,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452788
                  • Part of subcall function 004494A9: __CxxThrowException@8.LIBCMT ref: 004494BF
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                • String ID:
                • API String ID: 3253506028-0
                • Opcode ID: fdedf0caec7680a24d95c02f110847b2203b4bab78b684af6f6d057da1cc44f9
                • Instruction ID: f85a88f6fc06e61286c13a7f3729e5b28750a044ee52c0005bd061ce90345a3d
                • Opcode Fuzzy Hash: fdedf0caec7680a24d95c02f110847b2203b4bab78b684af6f6d057da1cc44f9
                • Instruction Fuzzy Hash: 66F0F6336012085FD7109B65DE4671BB75AEBB7317F50453BF44452152CBF898818AAD
                APIs
                • EnterCriticalSection.KERNEL32(004A0DF4,?,?,?,?,004525B6,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00451FCD
                • TlsGetValue.KERNEL32(004A0DD8,?,?,?,?,004525B6,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00451FE1
                • LeaveCriticalSection.KERNEL32(004A0DF4,?,?,?,?,004525B6,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00451FF7
                • LeaveCriticalSection.KERNEL32(004A0DF4,?,?,?,?,004525B6,?,00000004,0044A029,00442FB8,00447D61,'B"4,004434D1,'B"4,00441525), ref: 00452002
                Memory Dump Source
                • Source File: 00000000.00000002.2947311065.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.2947289715.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947400256.000000000049C000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.2947419505.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_DataIndustrial.jbxd
                Similarity
                • API ID: CriticalSection$Leave$EnterValue
                • String ID:
                • API String ID: 3969253408-0
                • Opcode ID: 1f7ae50a44fd2d9ba0a484d914e20b1fc0df40e3bc04c26f3e26dfd7df23956b
                • Instruction ID: c9768af405c037e3c4b1434606fac6724e0e4c2ba640eb2a9f792f96b88e42e0
                • Opcode Fuzzy Hash: 1f7ae50a44fd2d9ba0a484d914e20b1fc0df40e3bc04c26f3e26dfd7df23956b
                • Instruction Fuzzy Hash: DEF0B4322011009FE7204F25DC88C17B7ADEA897663594567FE0A83212CA75F885CA54