Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Overview

General Information

Sample name:SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Analysis ID:1542661
MD5:dd700295c9b6ed7ad2962242a699915a
SHA1:3120ce49211546057dbe9a5af85a29bc34960df6
SHA256:58ffd6f76e096265ee9600b91fc453493cdda4545d8df939761b24f941947528
Tags:exe
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:63
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe (PID: 6636 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe" MD5: DD700295C9B6ED7AD2962242A699915A)
    • OperaGXSetup.exe (PID: 1284 cmdline: "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0 MD5: 19A137A73201F9C451ACF5491070FAE1)
      • setup.exe (PID: 3260 cmdline: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2LTRhNzctOTRiOC1jZjBkMGFmMzAxMTMifQ== MD5: A910474AAD1EEA96921D359E1763D2FD)
        • setup.exe (PID: 3128 cmdline: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74 MD5: A910474AAD1EEA96921D359E1763D2FD)
        • setup.exe (PID: 6808 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version MD5: A910474AAD1EEA96921D359E1763D2FD)
        • setup.exe (PID: 796 cmdline: "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000 MD5: A910474AAD1EEA96921D359E1763D2FD)
          • setup.exe (PID: 792 cmdline: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74 MD5: A910474AAD1EEA96921D359E1763D2FD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.0.SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe.8e0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeReversingLabs: Detection: 39%
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeVirustotal: Detection: 35%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.0% probability

      Compliance

      barindex
      Creates install or setup log file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232814717.logJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232816125.logJump to behavior
      PE / OLE file has a valid certificate
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: certificate valid
      Contains modern PE file flags such as dynamic base (ASLR) or NX
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Binary contains paths to debug symbols
      Source: Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
      Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000002.4162875448.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000000.1819406096.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162590590.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000000.1822723889.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831197645.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000004.00000002.1834407152.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000002.4162695690.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000000.1835949486.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162699031.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000000.1839075688.00000000007C8000.00000002.00000001.01000000.00000008.sdmp
      Source: Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
      Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EA8D20 FindFirstFileW,1_2_00EA8D20
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00ECFF9C FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00ECFF9C

      Networking

      barindex
      Yara detected Generic Downloader
      Source: Yara matchFile source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, type: SAMPLE
      Source: Yara matchFile source: 0.0.SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe.8e0000.0.unpack, type: UNPACKEDPE
      Source: Joe Sandbox ViewIP Address: 82.145.216.20 82.145.216.20
      Source: Joe Sandbox ViewIP Address: 82.145.217.121 82.145.217.121
      Source: Joe Sandbox ViewIP Address: 188.130.153.32 188.130.153.32
      Source: Joe Sandbox ViewIP Address: 104.18.24.17 104.18.24.17
      Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/MainWindow.xaml
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/MainWindow.xamld
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://eu.net.opera.com
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://eu.net.opera.comd
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/MainWindow.xaml
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/MainWindow.xamld
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/mainwindow.baml
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/mainwindow.bamld
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr, Opera_installer_2410260328142573128.dll.3.drString found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://net.geo.opera.com
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://net.geo.opera.comd
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://ocsp.digicert.com0
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://ocsp.digicert.com0A
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://ocsp.digicert.com0X
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.az-partners.net
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.az-partners.netd
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: http://www.opera.com0
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.savinist.com
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.savinist.comd
      Source: Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/U
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://api.config.opr.gg/v0/config
      Source: setup.exe, 00000002.00000002.4169524441.000000002B630000.00000004.00001000.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.drString found in binary or memory: https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&p
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://api.config.opr.gg/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&cha
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000003.1848610472.000000000108D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://autoupdate.geo.opera.com/
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.opera.com/me/OperaDesktopGXhttps://crashstats-co
      Source: setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.drString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
      Source: setup.exe, 00000002.00000002.4164872783.0000000000FFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64vB
      Source: setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.opera.com/A
      Source: setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.opera.com/J
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000003.1848610472.000000000108D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.000000000104E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4169524441.000000002B630000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr, opera_installer_20241025232814717.log.2.drString found in binary or memory: https://autoupdate.opera.com/me/
      Source: setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.opera.com/me/9406d3c57aa7de97f93900760b88b1cc50a7d676ba9d29c865bf5befe72936eabdd7
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://crashpad.chromium.org/
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://crashpad.chromium.org/bug/new
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
      Source: setup.exe, 00000006.00000002.4165080209.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000002.4166670373.000000003C214000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4165036788.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://crashstats-collector-2.opera.com/
      Source: setup.exe, 00000003.00000002.4165394585.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4166867459.000000004C614000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4165080209.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4166670373.000000003C214000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--annotation=channel=Stable--annotation=plat=Win32--annotat
      Source: setup.exe, 00000006.00000002.4165080209.0000000000F3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--annotatp
      Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--database=C:
      Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--initial-client-data=0x320
      Source: setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--initial-client-data=0x340
      Source: setup.exe, 00000003.00000002.4167512042.000000004C66C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167385847.000000003C264000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/32--url=https://crashstats-collector-2.opera.com/
      Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/https://crashstats-collector-2.opera.com/
      Source: setup.exe, 00000006.00000002.4167385847.000000003C264000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/s
      Source: setup.exe, 00000002.00000003.1848225453.000000000105E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
      Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/1x
      Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/5y
      Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/SysWOW64
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/d
      Source: setup.exe, 00000002.00000003.1848225453.000000000105E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryT
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryh
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryy
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/z
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/0
      Source: setup.exe, 00000002.00000002.4169469456.000000002B626000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1847911951.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
      Source: setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=10000
      Source: setup.exe, 00000002.00000002.4170267335.000000002B68C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1pera
      Source: setup.exe, 00000002.00000002.4170112555.000000002B678000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4171117599.000000002B718000.00000004.00001000.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.drString found in binary or memory: https://download.opera.com/download/get/?id=68353&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
      Source: setup.exe, 00000002.00000002.4170484350.000000002B6B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4170535966.000000002B6B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_cont
      Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/
      Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.1
      Source: setup.exe, 00000002.00000002.4170484350.000000002B6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.123_Autoupdat
      Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/p
      Source: setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/
      Source: Opera_installer_2410260328142573128.dll.3.drString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
      Source: setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.drString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=701b5ff5-b736-4d66-a0
      Source: setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/q
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://gamemaker.io
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://gamemaker.io)
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://gamemaker.io/en/education.
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://gamemaker.io/en/get.
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://help.instagram.com/581066165581870;
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://help.opera.com/latest/
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://legal.opera.com/eula/computers
      Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://legal.opera.com/privacy
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://legal.opera.com/privacy.
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://legal.opera.com/terms
      Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://legal.opera.com/terms.
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-2?utm_source=PWNgames&utm_medium=pa&utm_campai
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://opera.com/privacy
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://policies.google.com/terms;
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://redir.opera.com/uninstallsurvey/
      Source: setup.exe, 00000002.00000002.4170848105.000000002B6F4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4171117599.000000002B718000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opg
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://sourcecode.opera.com
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://telegram.org/tos/
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://twitter.com/en/tos;
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002E9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.az-partners.net
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: https://www.az-partners.net/s/3XgyP
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: https://www.az-partners.net/s/dPr71
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: https://www.az-partners.net/s/rXLVP
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: https://www.az-partners.net/s/rXLVPKO
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.az-partners.net/s/rXLVPcorlib
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.az-partners.net/s/rXLVPlBfq
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: https://www.globalsign.com/repository/0
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://www.opera.com
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://www.opera.com..
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://www.opera.com/gx/
      Source: Opera_installer_2410260328151326808.dll.4.drString found in binary or memory: https://www.opera.com/privacy
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/?sub1=opgx90
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/d
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.whatsapp.com/legal;
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EBEE571_2_00EBEE57
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EAE24E1_2_00EAE24E
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EA46061_2_00EA4606
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EAF0391_2_00EAF039
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EA115B1_2_00EA115B
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EA55BB1_2_00EA55BB
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00ED555C1_2_00ED555C
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69215B502_2_69215B50
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6923ADE02_2_6923ADE0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69222E102_2_69222E10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69215EB02_2_69215EB0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692889702_2_69288970
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692F895D2_2_692F895D
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6923C1A02_2_6923C1A0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692FC8042_2_692FC804
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692790402_2_69279040
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692B18802_2_692B1880
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692A08E02_2_692A08E0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692B08E02_2_692B08E0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69294B602_2_69294B60
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6928FA002_2_6928FA00
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6928F2B02_2_6928F2B0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692952902_2_69295290
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69161D102_2_69161D10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69286D002_2_69286D00
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6926FD602_2_6926FD60
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692F3D702_2_692F3D70
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6923ADA02_2_6923ADA0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692935B02_2_692935B0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6928D5F02_2_6928D5F0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69258C402_2_69258C40
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692F7CCC2_2_692F7CCC
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6931EF6A2_2_6931EF6A
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692B56202_2_692B5620
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6926D6502_2_6926D650
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69275EB02_2_69275EB0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692FBE802_2_692FBE80
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692A8E902_2_692A8E90
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6931CEF92_2_6931CEF9
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_690876C02_2_690876C0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69295EE02_2_69295EE0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692506D02_2_692506D0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692896D02_2_692896D0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A35B503_2_68A35B50
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A5ADE03_2_68A5ADE0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A35EB03_2_68A35EB0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A42E103_2_68A42E10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A76E503_2_68A76E50
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AD18803_2_68AD1880
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AC08E03_2_68AC08E0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AD08E03_2_68AD08E0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B1C8043_2_68B1C804
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A990403_2_68A99040
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A5C1A03_2_68A5C1A0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AA89703_2_68AA8970
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B1895D3_2_68B1895D
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AAF2B03_2_68AAF2B0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AB52903_2_68AB5290
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AAFA003_2_68AAFA00
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AB4B603_2_68AB4B60
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B17CCC3_2_68B17CCC
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A78C403_2_68A78C40
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A5ADA03_2_68A5ADA0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AB35B03_2_68AB35B0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AAD5F03_2_68AAD5F0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68981D103_2_68981D10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AA6D003_2_68AA6D00
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B13D703_2_68B13D70
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A8FD603_2_68A8FD60
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A95EB03_2_68A95EB0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B1BE803_2_68B1BE80
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AC8E903_2_68AC8E90
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B3CEF93_2_68B3CEF9
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_688A76C03_2_688A76C0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AB5EE03_2_68AB5EE0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A706D03_2_68A706D0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AA96D03_2_68AA96D0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68AD56203_2_68AD5620
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68A8D6503_2_68A8D650
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B3EF6A3_2_68B3EF6A
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_683F5B505_2_683F5B50
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_6841ADE05_2_6841ADE0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_68402E105_2_68402E10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_683F5EB05_2_683F5EB0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684590405_2_68459040
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684DC8045_2_684DC804
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684808E05_2_684808E0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684908E05_2_684908E0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684918805_2_68491880
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684D895D5_2_684D895D
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684689705_2_68468970
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_6841C1A05_2_6841C1A0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_6846FA005_2_6846FA00
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684752905_2_68475290
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_6846F2B05_2_6846F2B0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_68474B605_2_68474B60
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_68438C405_2_68438C40
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684D7CCC5_2_684D7CCC
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_68341D105_2_68341D10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_6844FD605_2_6844FD60
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684D3D705_2_684D3D70
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_68466D005_2_68466D00
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_6846D5F05_2_6846D5F0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_6841ADA05_2_6841ADA0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684735B05_2_684735B0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_6844D6505_2_6844D650
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684956205_2_68495620
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684306D05_2_684306D0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684696D05_2_684696D0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_68475EE05_2_68475EE0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684FCEF95_2_684FCEF9
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684DBE805_2_684DBE80
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_68488E905_2_68488E90
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_682676C05_2_682676C0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_68455EB05_2_68455EB0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684FEF6A5_2_684FEF6A
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67DD5EB06_2_67DD5EB0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E16E506_2_67E16E50
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67DE2E106_2_67DE2E10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67DFADE06_2_67DFADE0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67DD5B506_2_67DD5B50
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67EDEF6A6_2_67EDEF6A
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67C476C06_2_67C476C0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67EDCEF96_2_67EDCEF9
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E106D06_2_67E106D0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E496D06_2_67E496D0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E35EB06_2_67E35EB0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67EBBE806_2_67EBBE80
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E2D6506_2_67E2D650
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E756206_2_67E75620
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E4D5F06_2_67E4D5F0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E535B06_2_67E535B0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67DFADA06_2_67DFADA0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E2FD606_2_67E2FD60
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67D21D106_2_67D21D10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67EB7CCC6_2_67EB7CCC
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E18C406_2_67E18C40
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E54B606_2_67E54B60
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E4F2B06_2_67E4F2B0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E552906_2_67E55290
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E4FA006_2_67E4FA00
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67DFC1A06_2_67DFC1A0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67EB895D6_2_67EB895D
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E608E06_2_67E608E0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E708E06_2_67E708E0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67E718806_2_67E71880
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: String function: 00ED9103 appears 91 times
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: String function: 00EC13D0 appears 58 times
      Source: setup.exe.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
      Source: setup.exe.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4164602573.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000000.1710715399.00000000008E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameinstaller.exe4 vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeBinary or memory string: OriginalFilenameinstaller.exe4 vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal42.troj.evad.winEXE@13/15@0/10
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B73A80 FormatMessageW,LocalFree,GetLastError,3_2_68B73A80
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Roaming\Opera SoftwareJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeMutant created: NULL
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeFile created: C:\Users\user\AppData\Local\Temp\SetupJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCommand line argument: Title1_2_00EBEE57
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCommand line argument: BeginPrompt1_2_00EBEE57
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCommand line argument: Progress1_2_00EBEE57
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCommand line argument: yes1_2_00EBEE57
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCommand line argument: RunProgram1_2_00EBEE57
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCommand line argument: ExecuteFile1_2_00EBEE57
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCommand line argument: InstallPath1_2_00EBEE57
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCommand line argument: %%T1_2_00EBEE57
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeReversingLabs: Detection: 39%
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeVirustotal: Detection: 35%
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: I/installer;component/mainwindow.xaml
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeString found in binary or memory: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll
      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe"
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2LTRhNzctOTRiOC1jZjBkMGFmMzAxMTMifQ==
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2LTRhNzctOTRiOC1jZjBkMGFmMzAxMTMifQ==Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --versionJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: dwrite.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: msvcp140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: d3d9.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: d3d10warp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: acgenral.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msacm32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dbgcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: acgenral.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msacm32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dbgcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: acgenral.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: msacm32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: dbgcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: acgenral.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msacm32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dbgcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: acgenral.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msacm32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: dbgcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: certificate valid
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
      Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000002.4162875448.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000000.1819406096.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162590590.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000000.1822723889.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831197645.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000004.00000002.1834407152.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000002.4162695690.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000000.1835949486.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162699031.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000000.1839075688.00000000007C8000.00000002.00000001.01000000.00000008.sdmp
      Source: Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
      Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: 0xEA7751BC [Thu Aug 26 19:10:52 2094 UTC]
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69264D90 LoadLibraryW,GetProcAddress,CreateSemaphoreW,2_2_69264D90
      Source: OperaGXSetup.exe.0.drStatic PE information: real checksum: 0x32b459 should be: 0x330afd
      Source: Opera_installer_2410260328139673260.dll.2.drStatic PE information: section name: .rodata
      Source: Opera_installer_2410260328139673260.dll.2.drStatic PE information: section name: CPADinfo
      Source: Opera_installer_2410260328139673260.dll.2.drStatic PE information: section name: malloc_h
      Source: Opera_installer_2410260328142573128.dll.3.drStatic PE information: section name: .rodata
      Source: Opera_installer_2410260328142573128.dll.3.drStatic PE information: section name: CPADinfo
      Source: Opera_installer_2410260328142573128.dll.3.drStatic PE information: section name: malloc_h
      Source: Opera_installer_2410260328151326808.dll.4.drStatic PE information: section name: .rodata
      Source: Opera_installer_2410260328151326808.dll.4.drStatic PE information: section name: CPADinfo
      Source: Opera_installer_2410260328151326808.dll.4.drStatic PE information: section name: malloc_h
      Source: Opera_installer_241026032815625796.dll.5.drStatic PE information: section name: .rodata
      Source: Opera_installer_241026032815625796.dll.5.drStatic PE information: section name: CPADinfo
      Source: Opera_installer_241026032815625796.dll.5.drStatic PE information: section name: malloc_h
      Source: Opera_installer_241026032815935792.dll.6.drStatic PE information: section name: .rodata
      Source: Opera_installer_241026032815935792.dll.6.drStatic PE information: section name: CPADinfo
      Source: Opera_installer_241026032815935792.dll.6.drStatic PE information: section name: malloc_h
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeCode function: 0_2_00F32CB3 pushad ; iretd 0_2_00F32CC1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeCode function: 0_2_00F30DE5 pushfd ; iretd 0_2_00F30DE9
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00ED90E0 push ecx; ret 1_2_00ED90F3
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00ED96C8 push ecx; ret 1_2_00ED96DD
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692F2E7B push ecx; ret 2_2_692F2E8E
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B12E7B push ecx; ret 3_2_68B12E8E
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684D2E7B push ecx; ret 5_2_684D2E8E
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67EB2E7B push ecx; ret 6_2_67EB2E8E
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeStatic PE information: section name: .text entropy: 7.075629122694568
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeFile created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_packageJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_packageJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232814717.logJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232816125.logJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeMemory allocated: F10000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeMemory allocated: 2BB0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6926B0D0 rdtsc 2_2_6926B0D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599891Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599780Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599672Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599531Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599422Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599312Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599203Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599094Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598984Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598875Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598766Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598641Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598516Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598296Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598188Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598063Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597922Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597813Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597688Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597556Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597438Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597313Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597203Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597094Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596969Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596859Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596750Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596641Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596531Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596422Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596313Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596188Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596078Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595969Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595844Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595734Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595625Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595516Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595297Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595188Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595063Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594953Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594843Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594734Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594624Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594514Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeWindow / User API: threadDelayed 8276Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeWindow / User API: threadDelayed 1559Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_packageJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeAPI coverage: 7.9 %
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeAPI coverage: 7.4 %
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -29514790517935264s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -600000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -599891s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4856Thread sleep time: -1844674407370954s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -599780s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -599672s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -599531s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -599422s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -599312s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -599203s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -599094s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598984s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598875s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598766s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598641s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598516s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598406s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598296s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598188s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -598063s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -597922s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -597813s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -597688s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -597556s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -597438s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -597313s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -597203s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -597094s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596969s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596859s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596750s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596641s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596531s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596422s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596313s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596188s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -596078s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595969s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595844s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595734s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595625s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595516s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595406s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595297s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595188s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -595063s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -594953s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -594843s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -594734s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -594624s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -594514s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412Thread sleep time: -594406s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\7zS4052A199 FullSizeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\7zS4052A199 FullSizeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EA8D20 FindFirstFileW,1_2_00EA8D20
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00ECFF9C FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00ECFF9C
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EAA419 GetSystemInfo,1_2_00EAA419
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599891Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599780Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599672Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599531Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599422Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599312Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599203Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 599094Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598984Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598875Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598766Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598641Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598516Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598296Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598188Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 598063Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597922Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597813Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597688Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597556Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597438Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597313Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597203Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 597094Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596969Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596859Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596750Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596641Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596531Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596422Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596313Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596188Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 596078Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595969Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595844Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595734Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595625Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595516Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595297Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595188Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 595063Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594953Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594843Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594734Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594624Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594514Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeThread delayed: delay time: 594406Jump to behavior
      Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWt
      Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4164602573.000000000101E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_6926B0D0 rdtsc 2_2_6926B0D0
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EC67CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00EC67CB
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69264D90 LoadLibraryW,GetProcAddress,CreateSemaphoreW,2_2_69264D90
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00ED0FB7 GetProcessHeap,1_2_00ED0FB7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EC67CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00EC67CB
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EC0D2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00EC0D2C
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EC162A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00EC162A
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EC17B7 SetUnhandledExceptionFilter,1_2_00EC17B7
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_69305274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_69305274
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_692F2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_692F2738
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B25274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_68B25274
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 3_2_68B12738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_68B12738
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684E5274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_684E5274
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 5_2_684D2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_684D2738
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67EB2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_67EB2738
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 6_2_67EC5274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_67EC5274
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeMemory allocated: page read and write | page guardJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeProcess created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe -silent --allusers=0 --server-tracking-blob=ndgxztu0nzezzjm5ntjlnzm3mzgwmjayndc1zjewmjflmtq2n2e4zmi3mwnmndjkyja0ymqzzta5mwezoddhztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinrpbwvzdgftcci6ije3mjk5mtmyodguotixncisinvzzxjhz2vudci6ikryaxzlckh1ykluc3rhbgxlci8zljqunsisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g5mcisimlkijoiymi1zdi3zdrkzgrmngzkntk1njq0mzg3ngnkmwi1mtmilcjtzwrpdw0ioijwysisinnvdxjjzsi6ilbxtmdhbwvzin0sinv1awqioiixmtg4zdnmmi1lmzk2ltrhnzctotrioc1jzjbkmgfmmzaxmtmifq==
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "c:\users\user\appdata\local\temp\7zs4052a199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=ndvlnznlogrkoguxodflnzy4mwe0nwmymjc2mmi4mmfimdfimjyzmzq0nwnjm2e1y2uymtg2ota1y2uznwnhndp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtcyotkxmzi4oc45mje0iiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc41iiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bnedkwiiwiawqioijiyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijexodhkm2yylwuzotytnge3ny05ngi4lwnmmgqwywyzmdexmyj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=fc05000000000000
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe -silent --allusers=0 --server-tracking-blob=ndgxztu0nzezzjm5ntjlnzm3mzgwmjayndc1zjewmjflmtq2n2e4zmi3mwnmndjkyja0ymqzzta5mwezoddhztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinrpbwvzdgftcci6ije3mjk5mtmyodguotixncisinvzzxjhz2vudci6ikryaxzlckh1ykluc3rhbgxlci8zljqunsisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g5mcisimlkijoiymi1zdi3zdrkzgrmngzkntk1njq0mzg3ngnkmwi1mtmilcjtzwrpdw0ioijwysisinnvdxjjzsi6ilbxtmdhbwvzin0sinv1awqioiixmtg4zdnmmi1lmzk2ltrhnzctotrioc1jzjbkmgfmmzaxmtmifq==Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "c:\users\user\appdata\local\temp\7zs4052a199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=ndvlnznlogrkoguxodflnzy4mwe0nwmymjc2mmi4mmfimdfimjyzmzq0nwnjm2e1y2uymtg2ota1y2uznwnhndp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtcyotkxmzi4oc45mje0iiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc41iiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bnedkwiiwiawqioijiyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijexodhkm2yylwuzotytnge3ny05ngi4lwnmmgqwywyzmdexmyj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=fc05000000000000Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74Jump to behavior
      Source: setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: gCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
      Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
      Source: setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: hCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
      Source: setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: iCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
      Source: setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: 7hCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EC144A cpuid 1_2_00EC144A
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: GetLocaleInfoEx,FormatMessageA,1_2_00EC239E
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: EnumSystemLocalesW,1_2_00ECCA14
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: GetLocaleInfoW,1_2_00ECCF23
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: EnumSystemLocalesW,1_2_00ED33C1
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: EnumSystemLocalesW,1_2_00ED33C3
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: EnumSystemLocalesW,1_2_00ED34A9
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: EnumSystemLocalesW,1_2_00ED340E
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,1_2_00ED3534
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: GetLocaleInfoW,1_2_00ED3787
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00ED38B0
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: GetLocaleInfoW,1_2_00ED39B6
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00ED3A8C
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,2_2_69316910
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_693169B7
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,2_2_693129ED
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,2_2_693168C5
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_69316237
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,2_2_69316ABD
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_69316530
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,2_2_693124AC
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,2_2_69316488
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,2_2_69316783
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,2_2_693167F0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,3_2_68B368C5
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_68B369B7
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,3_2_68B329ED
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,3_2_68B36910
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,3_2_68B36ABD
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_68B36237
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,3_2_68B324AC
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,3_2_68B36488
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_68B36530
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,3_2_68B36783
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,3_2_68B367F0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,5_2_684F68C5
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,5_2_684F6910
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,5_2_684F29ED
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_684F69B7
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_684F6237
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,5_2_684F6ABD
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,5_2_684F6488
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,5_2_684F24AC
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_684F6530
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,5_2_684F67F0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,5_2_684F6783
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,6_2_67ED67F0
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,6_2_67ED6783
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_67ED6530
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,6_2_67ED24AC
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,6_2_67ED6488
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,6_2_67ED6ABD
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_67ED6237
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,6_2_67ED29ED
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_67ED69B7
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: GetLocaleInfoW,6_2_67ED6910
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: EnumSystemLocalesW,6_2_67ED68C5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EC1821 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00EC1821
      Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exeCode function: 2_2_693092BA GetTimeZoneInformation,2_2_693092BA
      Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exeCode function: 1_2_00EA1C57 GetVersion,GetModuleHandleW,GetProcAddress,GetSystemDirectoryW,LoadLibraryExW,1_2_00EA1C57
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts13
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		12
      Process Injection      		11
      Masquerading      		OS Credential Dumping2
      System Time Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      Native API      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Disable or Modify Tools      		LSASS Memory1
      Query Registry      		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
      Virtualization/Sandbox Evasion      		Security Account Manager31
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
      Process Injection      		NTDS1
      Process Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA Secrets31
      Virtualization/Sandbox Evasion      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
      Obfuscated Files or Information      		Cached Domain Credentials1
      Application Window Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
      Software Packing      		DCSync1
      File and Directory Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      Timestomp      		Proc Filesystem36
      System Information Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
      DLL Side-Loading      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1542661 Sample: SecuriteInfo.com.Program.Un... Startdate: 26/10/2024 Architecture: WINDOWS Score: 42 62 Multi AV Scanner detection for submitted file 2->62 64 AI detected suspicious sample 2->64 66 Yara detected Generic Downloader 2->66 9 SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe 15 4 2->9         started        process3 dnsIp4 56 188.130.153.32 ROSTPAY-ASRU Russian Federation 9->56 58 185.26.182.111 NO-OPERANO Norway 9->58 60 188.114.96.3 CLOUDFLARENETUS European Union 9->60 44 C:\Users\user\AppData\...\OperaGXSetup.exe, PE32 9->44 dropped 13 OperaGXSetup.exe 2 9->13         started        file5 process6 file7 48 C:\Users\user\AppData\Local\...\setup.exe, PE32 13->48 dropped 16 setup.exe 32 13->16         started        process8 dnsIp9 50 185.26.182.106 NO-OPERANO Norway 16->50 52 185.26.182.123 NO-OPERANO Norway 16->52 54 5 other IPs or domains 16->54 30 Opera_installer_2410260328139673260.dll, PE32 16->30 dropped 32 C:\Users\user\AppData\Local\...\setup.exe, PE32 16->32 dropped 34 C:\Users\user\AppData\Local\...\opera_package, PE32 16->34 dropped 36 Opera_GX_114.0.528...toupdate_x64[1].exe, PE32 16->36 dropped 20 setup.exe 1 6 16->20         started        23 setup.exe 5 16->23         started        25 setup.exe 1 16->25         started        file10 process11 file12 38 C:\...\Opera_installer_241026032815625796.dll, PE32 20->38 dropped 27 setup.exe 4 20->27         started        40 Opera_installer_2410260328142573128.dll, PE32 23->40 dropped 42 Opera_installer_2410260328151326808.dll, PE32 25->42 dropped process13 file14 46 C:\...\Opera_installer_241026032815935792.dll, PE32 27->46 dropped

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe39%ReversingLabsWin32.Infostealer.Tinba
      SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe36%VirustotalBrowse

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
      https://crashstats-collector-2.opera.com/--initial-client-data=0x3400%VirustotalBrowse
      https://desktop-netinstaller-sub.osp.opera.software/z0%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://desktop-netinstaller-sub.osp.opera.software/zsetup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      http://foo/MainWindow.xamldSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
        		unknown
        https://crashstats-collector-2.opera.com/--initial-client-data=0x340setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        https://legal.opera.com/termsOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
          		unknown
          https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.123_Autoupdatsetup.exe, 00000002.00000002.4170484350.000000002B6B0000.00000004.00001000.00020000.00000000.sdmpfalse
            		unknown
            https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgsetup.exe, 00000002.00000002.4170848105.000000002B6F4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4171117599.000000002B718000.00000004.00001000.00020000.00000000.sdmpfalse
              		unknown
              https://download.opera.com/setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://help.opera.com/latest/OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                  		unknown
                  https://desktop-netinstaller-sub.osp.opera.software/5ysetup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://policies.google.com/terms;OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                      		unknown
                      https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstallerOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                        		unknown
                        https://desktop-netinstaller-sub.osp.opera.software/dsetup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://localhost:3001api/prefs/?product=$1&version=$2..OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr, Opera_installer_2410260328142573128.dll.3.drfalse
                            		unknown
                            https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                              		unknown
                              https://desktop-netinstaller-sub.osp.opera.software/SysWOW64setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://crashstats-collector-2.opera.com/https://crashstats-collector-2.opera.com/setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://www.az-partners.netSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.savinist.com/77PRQFB/KMZXBTT/dSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://crashstats-collector-2.opera.com/32--url=https://crashstats-collector-2.opera.com/setup.exe, 00000003.00000002.4167512042.000000004C66C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167385847.000000003C264000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://www.opera.comOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                          		unknown
                                          https://crashstats-collector-2.opera.com/setup.exe, 00000006.00000002.4165080209.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000002.4166670373.000000003C214000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4165036788.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                            		unknown
                                            http://eu.net.opera.comdSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.1setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://desktop-netinstaller-sub.osp.opera.software/v1/binarysetup.exe, 00000002.00000003.1848225453.000000000105E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://autoupdate.opera.com/Asetup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://crashpad.chromium.org/OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                      		unknown
                                                      https://addons.opera.com/en/extensions/details/dify-cashback/Opera_installer_2410260328151326808.dll.4.drfalse
                                                        		unknown
                                                        https://www.az-partners.net/s/dPr71SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exefalse
                                                          		unknown
                                                          https://autoupdate.opera.com/Jsetup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://download5.operacdn.com/setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://download.opera.com/0setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.opera.com0SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                  		unknown
                                                                  http://www.az-partners.netdSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://opera.com/privacyOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                      		unknown
                                                                      https://www.az-partners.net/s/rXLVPlBfqSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://gamemaker.io)OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                          		unknown
                                                                          http://www.savinist.comSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://sourcecode.opera.comOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                              		unknown
                                                                              https://autoupdate.geo.opera.com/https://autoupdate.opera.com/me/OperaDesktopGXhttps://crashstats-coOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                                		unknown
                                                                                http://foo/bar/mainwindow.bamlSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://net.geo.opera.comdSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://eu.net.opera.comSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://www.az-partners.net/s/rXLVPcorlibSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://defaultcontainer/MainWindow.xamldSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://foo/MainWindow.xamlSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://download5.operacdn.com/psetup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://net.geo.opera.comSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://gamemaker.io/en/get.OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.opera.com/gx/OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                                                    		unknown
                                                                                                    https://gamemaker.ioOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://www.az-partners.netSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002E9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.az-partners.net/s/rXLVPKOSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exefalse
                                                                                                          		unknown
                                                                                                          https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&psetup.exe, 00000002.00000002.4169524441.000000002B630000.00000004.00001000.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.drfalse
                                                                                                            		unknown
                                                                                                            https://help.instagram.com/581066165581870;OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.savinist.com/77PRQFB/KMZXBTT/?sub1=opgx90SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=701b5ff5-b736-4d66-a0setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.drfalse
                                                                                                                  		unknown
                                                                                                                  https://crashstats-collector-2.opera.com/ssetup.exe, 00000006.00000002.4167385847.000000003C264000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://api.config.opr.gg/v0/configOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                                                                      		unknown
                                                                                                                      https://www.az-partners.net/s/rXLVPSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exefalse
                                                                                                                        		unknown
                                                                                                                        https://download.opera.com/download/get/?id=68353&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_Usetup.exe, 00000002.00000002.4170112555.000000002B678000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4171117599.000000002B718000.00000004.00001000.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.drfalse
                                                                                                                          		unknown
                                                                                                                          https://www.opera.com/privacyOpera_installer_2410260328151326808.dll.4.drfalse
                                                                                                                            		unknown
                                                                                                                            https://crashpad.chromium.org/bug/newOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                                                                              		unknown
                                                                                                                              http://www.savinist.comdSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=10000setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://crashstats-collector-2.opera.com/--annotation=channel=Stable--annotation=plat=Win32--annotatsetup.exe, 00000003.00000002.4165394585.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4166867459.000000004C614000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4165080209.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4166670373.000000003C214000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1setup.exe, 00000002.00000002.4169469456.000000002B626000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1847911951.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://gamemaker.io/en/education.OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://legal.opera.com/terms.setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://defaultcontainer/MainWindow.xamlSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://telegram.org/tos/OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://features.opera-api2.com/setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://www.az-partners.net/s/3XgyPSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exefalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_contsetup.exe, 00000002.00000002.4170484350.000000002B6B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4170535966.000000002B6B8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://foo/bar/mainwindow.bamldSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.drfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.savinist.comSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://crashstats-collector-2.opera.com/--database=C:setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1perasetup.exe, 00000002.00000002.4170267335.000000002B68C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://net.geo.opera.com/opera_gx/stable/edition/std-2?utm_source=PWNgames&utm_medium=pa&utm_campaiSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.savinist.com/77PRQFB/KMZXBTT/SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://desktop-netinstaller-sub.osp.opera.software/v1/binaryTsetup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://net.geo.opera.comSecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://autoupdate.geo.opera.com/OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000003.1848610472.000000000108D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://autoupdate.opera.com/me/9406d3c57aa7de97f93900760b88b1cc50a7d676ba9d29c865bf5befe72936eabdd7setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://twitter.com/en/tos;OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://crashstats-collector-2.opera.com/--initial-client-data=0x320setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://desktop-netinstaller-sub.osp.opera.software/v1/binaryhsetup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://redir.opera.com/uninstallsurvey/OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://autoupdate.opera.com/me/OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000003.1848610472.000000000108D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.000000000104E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4169524441.000000002B630000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr, opera_installer_20241025232814717.log.2.drfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://desktop-netinstaller-sub.osp.opera.software/setup.exe, 00000002.00000003.1848225453.000000000105E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://features.opera-api2.com/qsetup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://desktop-netinstaller-sub.osp.opera.software/v1/binaryysetup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://api.config.opr.gg/setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://api.config.opr.gg/Usetup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://legal.opera.com/eula/computersOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://www.whatsapp.com/legal;OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://www.opera.com..OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://api.config.opr.gg/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&chaOperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.drfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://desktop-netinstaller-sub.osp.opera.software/1xsetup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        82.145.216.20
                                                                                                                                                                                                        		unknownUnited Kingdom
                                                                                                                                                                                                        		39832NO-OPERANOfalse
                                                                                                                                                                                                        82.145.217.121
                                                                                                                                                                                                        		unknownUnited Kingdom
                                                                                                                                                                                                        		39832NO-OPERANOfalse
                                                                                                                                                                                                        188.130.153.32
                                                                                                                                                                                                        		unknownRussian Federation
                                                                                                                                                                                                        		204846ROSTPAY-ASRUfalse
                                                                                                                                                                                                        104.18.24.17
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                        185.26.182.111
                                                                                                                                                                                                        		unknownNorway
                                                                                                                                                                                                        		39832NO-OPERANOfalse
                                                                                                                                                                                                        185.26.182.123
                                                                                                                                                                                                        		unknownNorway
                                                                                                                                                                                                        		39832NO-OPERANOfalse
                                                                                                                                                                                                        104.18.10.89
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                        188.114.96.3
                                                                                                                                                                                                        		unknownEuropean Union
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                        185.26.182.106
                                                                                                                                                                                                        		unknownNorway
                                                                                                                                                                                                        		39832NO-OPERANOfalse
                                                                                                                                                                                                        82.145.216.23
                                                                                                                                                                                                        		unknownUnited Kingdom
                                                                                                                                                                                                        		39832NO-OPERANOfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1542661
                                                                                                                                                                                                        Start date and time:2024-10-26 05:27:07 +02:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 11m 47s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:11
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal42.troj.evad.winEXE@13/15@0/10
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 71.4%
                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                        • Execution Graph export aborted for target SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, PID 6636 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target setup.exe, PID 6808 because there are no executed function
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                        23:28:05API Interceptor12265286x Sleep call for process: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe modified

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        82.145.216.20SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          Lisect_AVT_24003_G1B_57.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            AnyDesk_new_Soft.exeGet hashmaliciousEICARBrowse
                                                                                                                                                                                                              OperaSetup.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                OperaSetup.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                  driver-hub-install__28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    MDE_File_Sample_6a23352b0aa498037d7973b179f9f94f90a8fa9d.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      vL0e7nwV98.exeGet hashmaliciousPrivateLoader, RedLineBrowse
                                                                                                                                                                                                                        zAtOGFlwK5.exeGet hashmaliciousNymaim, PrivateLoader, RHADAMANTHYS, RedLine, lgoogLoaderBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousFabookie, ManusCrypt, Nymaim, RHADAMANTHYS, RedLine, Socelars, VidarBrowse
                                                                                                                                                                                                                            82.145.217.121SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.23843.7791.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    SecuriteInfo.com.Win32.Malware-gen.25696.17269.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      Lisect_AVT_24003_G1B_57.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        Lisect_AVT_24003_G1B_57.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          AnyDesk_new_Soft.exeGet hashmaliciousEICARBrowse
                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5510.19662.8210.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              MDE_File_Sample_6a23352b0aa498037d7973b179f9f94f90a8fa9d.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                188.130.153.32SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    https://www.drvhub.net/devices/monitors/dell/e228wfp/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.Unwanted.5510.17823.1529.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        SecuriteInfo.com.Program.Unwanted.5510.17823.1529.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          https://www.az-partners.net/apps/driver-hub/download?ap=28Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            https://www.az-partners.net/apps/driver-hub/download?ap=28Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              driver-hub-install__28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                driver-hub-install__28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  driver-hub-install__28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    104.18.24.17SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            SecuriteInfo.com.FileRepMalware.23843.7791.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              SecuriteInfo.com.Win32.Malware-gen.25696.17269.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                SecuriteInfo.com.Program.Unwanted.5510.19662.8210.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                  NO-OPERANOhttps://us-west-2.protection.sophos.com/?d=site.pro&u=aHR0cHM6Ly9jbGF1ZGlha3J1ZWdlci5zaXRlLnByby8=&i=NThlN2NjYzYyOTljZjkxNGY4YmM1Njkz&t=QTRyTlRXbysvd3IyNERLT1pJYVNuNlAvU0FLMVAyb2pCN053UGFJSWtBST0=&h=dd65eaa7298b4ffebbd13b01dcbd3434&s=AVNPUEhUT0NFTkNSWVBUSVYfWTd0VrJEAZ1PFPx8UNdDDkWk4HVuGeVZrBnJzV7IfgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  http://www.bollywoodhungama.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://meandyouj.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 185.26.182.118
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 185.26.182.117
                                                                                                                                                                                                                                                                                  https://event.stibee.com/v2/click/NDA4MDIvMjQzOTA2MS80OTAyMzcv/aHR0cHM6Ly9uLm5ld3MubmF2ZXIuY29tL21uZXdzL2FydGljbGUvMDI1LzAwMDMzOTE2NDc_c2lkPTEwMQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://issuu.com/ryanrodger/docs/smn8263528?fr=sMTQ5NTc4NTgxNDcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://www.fsist.com.brGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  ROSTPAY-ASRUhttps://www.drvhub.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.33
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.33
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.33
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.Unwanted.5510.19662.8210.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.33
                                                                                                                                                                                                                                                                                  https://www.drvhub.net/devices/monitors/dell/e228wfp/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.33
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.Unwanted.5510.17823.1529.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.32
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.Unwanted.5510.17823.1529.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.32
                                                                                                                                                                                                                                                                                  https://www.az-partners.net/apps/driver-hub/download?ap=28Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.33
                                                                                                                                                                                                                                                                                  https://www.az-partners.net/apps/driver-hub/download?ap=28Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.33
                                                                                                                                                                                                                                                                                  driver-hub-install__28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 188.130.153.33
                                                                                                                                                                                                                                                                                  NO-OPERANOhttps://us-west-2.protection.sophos.com/?d=site.pro&u=aHR0cHM6Ly9jbGF1ZGlha3J1ZWdlci5zaXRlLnByby8=&i=NThlN2NjYzYyOTljZjkxNGY4YmM1Njkz&t=QTRyTlRXbysvd3IyNERLT1pJYVNuNlAvU0FLMVAyb2pCN053UGFJSWtBST0=&h=dd65eaa7298b4ffebbd13b01dcbd3434&s=AVNPUEhUT0NFTkNSWVBUSVYfWTd0VrJEAZ1PFPx8UNdDDkWk4HVuGeVZrBnJzV7IfgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  http://www.bollywoodhungama.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://meandyouj.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 185.26.182.118
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.27261.32754.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 185.26.182.117
                                                                                                                                                                                                                                                                                  https://event.stibee.com/v2/click/NDA4MDIvMjQzOTA2MS80OTAyMzcv/aHR0cHM6Ly9uLm5ld3MubmF2ZXIuY29tL21uZXdzL2FydGljbGUvMDI1LzAwMDMzOTE2NDc_c2lkPTEwMQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://issuu.com/ryanrodger/docs/smn8263528?fr=sMTQ5NTc4NTgxNDcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8
                                                                                                                                                                                                                                                                                  https://www.fsist.com.brGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 82.145.213.8

                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\features[1].json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1451
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.395404934994687
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:YPiRyiRAS3RH4rRUtRCRMR6mR9R5DR3RoRY+RWEIiRGiRCR8xRIjRuAcBpDRJRl6:YqRyiRhRYRUtRCRMR6mR9R5DR3RoRJRm
                                                                                                                                                                                                                                                                                  MD5:E297CF33FDD2A49EB648484FEA3912A4
                                                                                                                                                                                                                                                                                  SHA1:BF313E34E9B33731EBA607CE8AE0762BA6BE8EE9
                                                                                                                                                                                                                                                                                  SHA-256:B9D5DB235003326AEAA41D3ACCBD9F7137A0CDDDC7A19CCA6729A937E3DBE796
                                                                                                                                                                                                                                                                                  SHA-512:B5F40F676E5372950D12CD68604CDA12864CD7A9DF593410C7BABFEA27AF1F0A8B5977F949448FE65C82DD229B474D962219E23326DD1A84217E248CC6344014
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Preview:{"features":{"01979299c8cd":{"state":"enabled"},"13e025f64bd6":{"state":"disabled"},"13eeaf851da7":{"state":"enabled"},"1ad69b007ce5":{"state":"enabled"},"1c4dddb65bac":{"state":"enabled"},"1d24dceb937a":{"state":"enabled"},"278deecb29a1":{"state":"enabled"},"2c1429a5a72e":{"state":"enabled"},"3389f6c15eb9":{"state":"enabled"},"40db6e644d2c":{"state":"disabled"},"50796754ffc7":{"state":"enabled"},"5448a57d6689":{"state":"disabled"},"54726ed4401e":{"state":"enabled"},"56d717ae3ad6":{"state":"enabled"},"5a28d66c82cd":{"state":"enabled"},"603cade21cf7":{"state":"enabled"},"654296fe9d6c":{"state":"enabled"},"818c3ef12d0b":{"state":"enabled","dna_filter":{"required_dna":["64336fb81a04836eb8108d24fbca3aa3682db0a5"],"forbidden_dna":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"]}},"8511df77ed15":{"state":"enabled"},"88edd7903398":{"state":"enabled"},"970fe421a344":{"state":"enabled"},"9ec4e68ae70a":{"state":"disabled"},"b2a2a32b832b":{"state":"enabled"},"b7751444d14a":{"state":"enabled"},"b9677b

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exe

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):137337348
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999978964335061
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:3145728:r6u5O5/wkU/f6XU5kD8nbfvH9XNNRLENHW66p8p:I5/U/yXFDuzduhv6p8p
                                                                                                                                                                                                                                                                                  MD5:0CE2684434D35F00B4573D4FE617CAA3
                                                                                                                                                                                                                                                                                  SHA1:75F4C579247DB37EAD5F714C739936632C9D50CB
                                                                                                                                                                                                                                                                                  SHA-256:2D7B815D995FEEA965E11E0A3BC0A82D6BC12751B954247FCF521891E148F261
                                                                                                                                                                                                                                                                                  SHA-512:4BF5F95AF36045B927C8687B4390E1F84DDFDA4E2708CE6DFA244B1934868EA708E40BDCBF0DC54372EB01D1B305224AE2EADBF55C703ED08AB3205A14E3B210
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(2S&lS=ulS=ulS=u'+>t`S=u'+8t.S=u..8tAS=u..9t.S=u..>tyS=u'+9tyS=u'+<teS=ulS<u.S=u..5t:S=u...umS=ulS.umS=u..?tmS=uRichlS=u........PE..L...4.if...............'..........................@..................................&....@..................................R..d........................).......&......................................@............................................text............................... ..`.rdata..............................@..@.data....A...`.......J..............@....rsrc................`..............@..@.reloc...&.......(...l..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_package

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):137337348
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999978964335061
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:3145728:r6u5O5/wkU/f6XU5kD8nbfvH9XNNRLENHW66p8p:I5/U/yXFDuzduhv6p8p
                                                                                                                                                                                                                                                                                  MD5:0CE2684434D35F00B4573D4FE617CAA3
                                                                                                                                                                                                                                                                                  SHA1:75F4C579247DB37EAD5F714C739936632C9D50CB
                                                                                                                                                                                                                                                                                  SHA-256:2D7B815D995FEEA965E11E0A3BC0A82D6BC12751B954247FCF521891E148F261
                                                                                                                                                                                                                                                                                  SHA-512:4BF5F95AF36045B927C8687B4390E1F84DDFDA4E2708CE6DFA244B1934868EA708E40BDCBF0DC54372EB01D1B305224AE2EADBF55C703ED08AB3205A14E3B210
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(2S&lS=ulS=ulS=u'+>t`S=u'+8t.S=u..8tAS=u..9t.S=u..>tyS=u'+9tyS=u'+<teS=ulS<u.S=u..5t:S=u...umS=ulS.umS=u..?tmS=uRichlS=u........PE..L...4.if...............'..........................@..................................&....@..................................R..d........................).......&......................................@............................................text............................... ..`.rdata..............................@..@.data....A...`.......J..............@....rsrc................`..............@..@.reloc...&.......(...l..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820248
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.170583543939228
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:98304:i+hx5c6666666666666666666666666666666x666666666666666fwwwwwwwww5:bSJmoDdtFFsg5uwx1jh6UoBs2CRDw8w
                                                                                                                                                                                                                                                                                  MD5:A910474AAD1EEA96921D359E1763D2FD
                                                                                                                                                                                                                                                                                  SHA1:8F663C05861CE93A1418607BD208C21DC7263237
                                                                                                                                                                                                                                                                                  SHA-256:5354A7FA4EF330546D79E1EA02C456084400D0B47D52AAA43B088340981F461E
                                                                                                                                                                                                                                                                                  SHA-512:8654F3C5EB98DD4097ED5367771F2F3487A4C90F95754CA39B8900AB52C2C78AB6F90DA339C1CCE06364CA242D49901A7EBBAC92CF14955E3A267EA988C194E4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......b....c.....|.............@..........................@h.......h...@.................................p%..P.......(Xb...........g..)....h..6...".......................!......................P'...............................text....a.......b.................. ..`.rdata...............f..............@..@.data....5...P.......6..............@....tls.................T..............@....rsrc...(Xb......Zb..V..............@..@.reloc...6....h..8....g.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232814717.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1849)
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6843
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.808348334877257
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:hrHGMPa1fWUnfKBQ1vSJoU6v8ujtS1eAAMF3fhglVIWFsUXvdk5hyxT9+1EkH4X4:hrla1fWUnfKBuvSJoHv8ujtSEAHp4IWw
                                                                                                                                                                                                                                                                                  MD5:28F4680B540EB0B22A34D5982E226CDA
                                                                                                                                                                                                                                                                                  SHA1:66E755B05D2DB2C9D2BBF6E4C860CE5770223E48
                                                                                                                                                                                                                                                                                  SHA-256:D1EB92348B1AA038CC2B940F98DA4384A3F894DAB557936E691B323D95A368AB
                                                                                                                                                                                                                                                                                  SHA-512:73EF3D4330F7A55489B4E9AAF53BB527AC9E4C6FB48D37142AA4BBA431FEFDA5276C5F8F317767EB56D452C5038EA5CDBF47C6F0E4088CBF2576E48FA82F3314
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Preview:[1025/232814.733:INFO:installer_main.cc(475)] Opera GX installer starting - version 114.0.5282.123 Stable.[1025/232814.733:INFO:installer_main.cc(478)] Command line: "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232816125.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1814)
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3249
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.750141993046832
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:hahqMF3JJpgbwXCYUbYKugWld5051a3liRUaM6iHP:hyqMF3fhKugWld5051aViRUaMTHP
                                                                                                                                                                                                                                                                                  MD5:6EBE22F16F2880EF8EDF5B5E515216FB
                                                                                                                                                                                                                                                                                  SHA1:40F6BFD83BA1EFEBE40CD0B28470A4AD59BFE4C2
                                                                                                                                                                                                                                                                                  SHA-256:DD0C82F21E6392325CA4AA50D8523D17B4D32CA95DF5E19F8650A4BA9A78544B
                                                                                                                                                                                                                                                                                  SHA-512:27895C9163B9901BA91816433534DF1C506DB58C4E7E98EE82C9B85A93ABCFDFABB6B1779759E51D471C4042A8C858A93AE54ACEF1C14E7E08C3998ECA3353B1
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Preview:[1025/232816.125:INFO:installer_main.cc(475)] Opera GX installer starting - version 114.0.5282.123 Stable.[1025/232816.125:INFO:installer_main.cc(478)] Command line: "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820248
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.170583543939228
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:98304:i+hx5c6666666666666666666666666666666x666666666666666fwwwwwwwww5:bSJmoDdtFFsg5uwx1jh6UoBs2CRDw8w
                                                                                                                                                                                                                                                                                  MD5:A910474AAD1EEA96921D359E1763D2FD
                                                                                                                                                                                                                                                                                  SHA1:8F663C05861CE93A1418607BD208C21DC7263237
                                                                                                                                                                                                                                                                                  SHA-256:5354A7FA4EF330546D79E1EA02C456084400D0B47D52AAA43B088340981F461E
                                                                                                                                                                                                                                                                                  SHA-512:8654F3C5EB98DD4097ED5367771F2F3487A4C90F95754CA39B8900AB52C2C78AB6F90DA339C1CCE06364CA242D49901A7EBBAC92CF14955E3A267EA988C194E4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......b....c.....|.............@..........................@h.......h...@.................................p%..P.......(Xb...........g..)....h..6...".......................!......................P'...............................text....a.......b.................. ..`.rdata...............f..............@..@.data....5...P.......6..............@....tls.................T..............@....rsrc...(Xb......Zb..V..............@..@.reloc...6....h..8....g.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dll

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6287256
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.186042672427458
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:98304:S6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwU:JSJmoDdtFFsg5uwx1jh6UoBs2CRDw82
                                                                                                                                                                                                                                                                                  MD5:94A99783BF5A9AEB8A0C8ADCBB144AC8
                                                                                                                                                                                                                                                                                  SHA1:F5682606D1A3774A44D58A42391533899578897B
                                                                                                                                                                                                                                                                                  SHA-256:5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
                                                                                                                                                                                                                                                                                  SHA-512:F545D11B103B79A00F8118000A447B26F76520F9AE4C4E78542237EB11B931B98900F62065AE3FBFF747A79D6954D15A7CCB123B2ADCFC81DF71C17A6CF840A2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."!......6...)......1(.......................................a.......`...@A........................:.>.m.....>...... A.8............._..)....`....|o>......................n>.....8.6..............>.8...H.>.`....................text.....6.......6................. ..`.rdata...X....6..Z....6.............@..@.data...@.... ?..@....?.............@....rodata.......@......F?............. ..`.tls....].....@......H?.............@...CPADinfo0.....A......J?.............@...malloc_h......A......L?............. ..`.rsrc...8.... A......N?.............@..@.reloc.......`......,^.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dll

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6287256
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.186042672427458
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:98304:S6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwU:JSJmoDdtFFsg5uwx1jh6UoBs2CRDw82
                                                                                                                                                                                                                                                                                  MD5:94A99783BF5A9AEB8A0C8ADCBB144AC8
                                                                                                                                                                                                                                                                                  SHA1:F5682606D1A3774A44D58A42391533899578897B
                                                                                                                                                                                                                                                                                  SHA-256:5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
                                                                                                                                                                                                                                                                                  SHA-512:F545D11B103B79A00F8118000A447B26F76520F9AE4C4E78542237EB11B931B98900F62065AE3FBFF747A79D6954D15A7CCB123B2ADCFC81DF71C17A6CF840A2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."!......6...)......1(.......................................a.......`...@A........................:.>.m.....>...... A.8............._..)....`....|o>......................n>.....8.6..............>.8...H.>.`....................text.....6.......6................. ..`.rdata...X....6..Z....6.............@..@.data...@.... ?..@....?.............@....rodata.......@......F?............. ..`.tls....].....@......H?.............@...CPADinfo0.....A......J?.............@...malloc_h......A......L?............. ..`.rsrc...8.... A......N?.............@..@.reloc.......`......,^.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dll

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6287256
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.186042672427458
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:98304:S6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwU:JSJmoDdtFFsg5uwx1jh6UoBs2CRDw82
                                                                                                                                                                                                                                                                                  MD5:94A99783BF5A9AEB8A0C8ADCBB144AC8
                                                                                                                                                                                                                                                                                  SHA1:F5682606D1A3774A44D58A42391533899578897B
                                                                                                                                                                                                                                                                                  SHA-256:5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
                                                                                                                                                                                                                                                                                  SHA-512:F545D11B103B79A00F8118000A447B26F76520F9AE4C4E78542237EB11B931B98900F62065AE3FBFF747A79D6954D15A7CCB123B2ADCFC81DF71C17A6CF840A2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."!......6...)......1(.......................................a.......`...@A........................:.>.m.....>...... A.8............._..)....`....|o>......................n>.....8.6..............>.8...H.>.`....................text.....6.......6................. ..`.rdata...X....6..Z....6.............@..@.data...@.... ?..@....?.............@....rodata.......@......F?............. ..`.tls....].....@......H?.............@...CPADinfo0.....A......J?.............@...malloc_h......A......L?............. ..`.rsrc...8.... A......N?.............@..@.reloc.......`......,^.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dll

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6287256
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.186042672427458
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:98304:S6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwU:JSJmoDdtFFsg5uwx1jh6UoBs2CRDw82
                                                                                                                                                                                                                                                                                  MD5:94A99783BF5A9AEB8A0C8ADCBB144AC8
                                                                                                                                                                                                                                                                                  SHA1:F5682606D1A3774A44D58A42391533899578897B
                                                                                                                                                                                                                                                                                  SHA-256:5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
                                                                                                                                                                                                                                                                                  SHA-512:F545D11B103B79A00F8118000A447B26F76520F9AE4C4E78542237EB11B931B98900F62065AE3FBFF747A79D6954D15A7CCB123B2ADCFC81DF71C17A6CF840A2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."!......6...)......1(.......................................a.......`...@A........................:.>.m.....>...... A.8............._..)....`....|o>......................n>.....8.6..............>.8...H.>.`....................text.....6.......6................. ..`.rdata...X....6..Z....6.............@..@.data...@.... ?..@....?.............@....rodata.......@......F?............. ..`.tls....].....@......H?.............@...CPADinfo0.....A......J?.............@...malloc_h......A......L?............. ..`.rsrc...8.... A......N?.............@..@.reloc.......`......,^.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dll

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6287256
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.186042672427458
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:98304:S6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwU:JSJmoDdtFFsg5uwx1jh6UoBs2CRDw82
                                                                                                                                                                                                                                                                                  MD5:94A99783BF5A9AEB8A0C8ADCBB144AC8
                                                                                                                                                                                                                                                                                  SHA1:F5682606D1A3774A44D58A42391533899578897B
                                                                                                                                                                                                                                                                                  SHA-256:5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
                                                                                                                                                                                                                                                                                  SHA-512:F545D11B103B79A00F8118000A447B26F76520F9AE4C4E78542237EB11B931B98900F62065AE3FBFF747A79D6954D15A7CCB123B2ADCFC81DF71C17A6CF840A2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."!......6...)......1(.......................................a.......`...@A........................:.>.m.....>...... A.8............._..)....`....|o>......................n>.....8.6..............>.8...H.>.`....................text.....6.......6................. ..`.rdata...X....6..Z....6.............@..@.data...@.... ?..@....?.............@....rodata.......@......F?............. ..`.tls....].....@......H?.............@...CPADinfo0.....A......J?.............@...malloc_h......A......L?............. ..`.rsrc...8.... A......N?.............@..@.reloc.......`......,^.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3313768
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.9612567439660955
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:49152:gVAbwPZo8iIk9k6qkbnzlpp+E6k5ucpKx9OA/cIq6XdEHi8kmtxvDTZvjFhBvi:MA4diGkbnfMEZEcpwHq6NMiaDNbo
                                                                                                                                                                                                                                                                                  MD5:19A137A73201F9C451ACF5491070FAE1
                                                                                                                                                                                                                                                                                  SHA1:D8CBBF7A4CAB803C0576F83A2ECE25CEBA6566A2
                                                                                                                                                                                                                                                                                  SHA-256:8A7A5C2FEFA12D5CFCFC01EEF47FD9AF709131D6CF13E639F920753A73347356
                                                                                                                                                                                                                                                                                  SHA-512:EC70110DDD6EA48AFAE10441EFF5957443D263BAF27C15751510B0D055E1764F0BCA05E922838B2717368D8921F3E3880B963438426F8B180EEDF991E675DA1C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N....m...m...m..A....m..A....m...._m.....m.....m..A....m..A....m...m...m....\m....X..m...m0..m.....m..Rich.m..........PE..L....if...............'.....j....................@.................................Y.2...@.................................H...d.......T0...........c2..,...@...1...C...............................C..@...............0............................text............................... ..`.rdata..z...........................@..@.data....K..........................@....rsrc...T0.......2..................@..@.reloc...1...@...2..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.39546184423832
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:FkWXlW7dap3n:9WwVn
                                                                                                                                                                                                                                                                                  MD5:E3A0F495DF79A0EDE0601D13A5197795
                                                                                                                                                                                                                                                                                  SHA1:EF6A0DF637E65E37C7DB291EC1E861B8A3E97C7C
                                                                                                                                                                                                                                                                                  SHA-256:97B4E9364BF3ADF526CCC43BBFD182C6C3CDF7B03CC91208667A89DA0474FBB9
                                                                                                                                                                                                                                                                                  SHA-512:23D1BF81F26E18E5094DD68C25EA4D4C7563CB673B44CC494113C19AE48A35C4039203009A56C6B9D322FB0D410CAB64775594B059CFDC8B49FD1201380CC097
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:sdPC......................kx..D......1.

                                                                                                                                                                                                                                                                                  \Device\Mailslot\opera_installer\C:\Users\user\AppData\Local\Programs\Opera GX

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):32
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.4772170014624826
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:alXtRBXFIvCOt:aldTXFcz
                                                                                                                                                                                                                                                                                  MD5:B8F4AE17649F67195291A85DE16B561D
                                                                                                                                                                                                                                                                                  SHA1:1800356941EAFADF247EA9932A02FFEC6C4E4B4C
                                                                                                                                                                                                                                                                                  SHA-256:0FD98AA12C34794DABD32375F4B14B207D4840359AB571D278D2ED490BDDE75A
                                                                                                                                                                                                                                                                                  SHA-512:F640756A1233CC9596AA273C2A4A0296D7F87788486956F8319C4521F27957201DCBA805A7D994B3EAA12249645D5A4B28134C91FE3A4062891612115A941DAC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........:Installer message:.....

                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.348160268009913
                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                  File name:SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
                                                                                                                                                                                                                                                                                  File size:47'048 bytes
                                                                                                                                                                                                                                                                                  MD5:dd700295c9b6ed7ad2962242a699915a
                                                                                                                                                                                                                                                                                  SHA1:3120ce49211546057dbe9a5af85a29bc34960df6
                                                                                                                                                                                                                                                                                  SHA256:58ffd6f76e096265ee9600b91fc453493cdda4545d8df939761b24f941947528
                                                                                                                                                                                                                                                                                  SHA512:d989d47c75e29f549d4510fb66a3a34add73e471afb37990ef27602103a3e6400812fb19efbe24345e5b851ff50c08af674f39f5a023d63a3ba5202e7e29a07e
                                                                                                                                                                                                                                                                                  SSDEEP:768:nvjqHbVpfXOgV8ofPK60zx2ET1RVfyCSUzfgx2ET1RVfyCSUzws20I2B8a2Ex:vuDfD8yiNxH1RAOfgxH1RAOwssmj
                                                                                                                                                                                                                                                                                  TLSH:7523D063CB94821AFE7B8F3BE9D5662122B7B3430944CE5E68C8504D4E64B112B43FE7
                                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Qw..........."...0..X...4......vv... ........@.. ..............................eK....`................................

                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                  Icon Hash:08b2b271f0ccf841

                                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Entrypoint:0x407676
                                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                  Time Stamp:0xEA7751BC [Thu Aug 26 19:10:52 2094 UTC]
                                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                                                                                                                  Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                                                  • 16/06/2023 07:32:39 21/07/2025 14:59:39
                                                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                                                  • E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET="Dolomanovsky lane, 70D apt.1(10th floor)", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                                                  Thumbprint MD5:18C73C44CD6953743C925E6518577B8A
                                                                                                                                                                                                                                                                                  Thumbprint SHA-1:C3C709B7E01318BA74D48BD64D05F48DECA5CD80
                                                                                                                                                                                                                                                                                  Thumbprint SHA-256:9C9861A03BDB211C22878641B1A614F4F39EB20B52E31E9354628CB618BB0E98
                                                                                                                                                                                                                                                                                  Serial:5E8B8578E42183FD1F84CF04

                                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x76210x4f.text
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x3048.rsrc
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x8e000x29c8
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x75840x38.text
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                  .text0x20000x567c0x580002fe605ec467edd90874e49bfbc2dbf3False0.7318448153409091data7.075629122694568IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                  .rsrc0x80000x30480x3200813bcefb1fe276cdd975ba29eae60daeFalse0.8590625data7.509051234180052IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                  .reloc0xc0000xc0x2009cf5c9fd67a2e8b1f031e8ecff721bc8False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                  RT_ICON0x81000x29f6PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9499162167194191
                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0xab080x14data1.05
                                                                                                                                                                                                                                                                                  RT_VERSION0xab2c0x31cdata0.42462311557788945
                                                                                                                                                                                                                                                                                  RT_MANIFEST0xae580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                  Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                  Start time:23:28:02
                                                                                                                                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe"
                                                                                                                                                                                                                                                                                  Imagebase:0x8e0000
                                                                                                                                                                                                                                                                                  File size:47'048 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:DD700295C9B6ED7AD2962242A699915A
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                                                  Start time:23:28:12
                                                                                                                                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0
                                                                                                                                                                                                                                                                                  Imagebase:0xea0000
                                                                                                                                                                                                                                                                                  File size:3'313'768 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:19A137A73201F9C451ACF5491070FAE1
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                                  Start time:23:28:13
                                                                                                                                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2LTRhNzctOTRiOC1jZjBkMGFmMzAxMTMifQ==
                                                                                                                                                                                                                                                                                  Imagebase:0x780000
                                                                                                                                                                                                                                                                                  File size:6'820'248 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:A910474AAD1EEA96921D359E1763D2FD
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                  Start time:23:28:14
                                                                                                                                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74
                                                                                                                                                                                                                                                                                  Imagebase:0x780000
                                                                                                                                                                                                                                                                                  File size:6'820'248 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:A910474AAD1EEA96921D359E1763D2FD
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                  Start time:23:28:15
                                                                                                                                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                                                                                                                                                                                                                                                  Imagebase:0x670000
                                                                                                                                                                                                                                                                                  File size:6'820'248 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:A910474AAD1EEA96921D359E1763D2FD
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                  Start time:23:28:15
                                                                                                                                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000
                                                                                                                                                                                                                                                                                  Imagebase:0x780000
                                                                                                                                                                                                                                                                                  File size:6'820'248 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:A910474AAD1EEA96921D359E1763D2FD
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                  Start time:23:28:15
                                                                                                                                                                                                                                                                                  Start date:25/10/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74
                                                                                                                                                                                                                                                                                  Imagebase:0x780000
                                                                                                                                                                                                                                                                                  File size:6'820'248 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:A910474AAD1EEA96921D359E1763D2FD
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 00F35074 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: FHbQ
                                                                                                                                                                                                                                                                                    • API String ID: 0-2853530818
                                                                                                                                                                                                                                                                                    • Opcode ID: e44e9c5f2ff321685b29b3e9e8a4f231a0a9f81cf8e77af487bac9a02408553a
                                                                                                                                                                                                                                                                                    • Instruction ID: 03b0cc17e398ee5d726fec7a2922fe27eb058ff55d4a9729d037a9fc4e69138e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e44e9c5f2ff321685b29b3e9e8a4f231a0a9f81cf8e77af487bac9a02408553a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F3125B0D002499FCB10DFA9CA80BDEBBF5AF48350F24842AE419AB254DB789941DB90
                                                                                                                                                                                                                                                                                    Function 00F35080 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: FHbQ
                                                                                                                                                                                                                                                                                    • API String ID: 0-2853530818
                                                                                                                                                                                                                                                                                    • Opcode ID: e307a2e42021cf2409e7f5ed86656af2038410a3af5a394da4111f72dd406010
                                                                                                                                                                                                                                                                                    • Instruction ID: 92870f8d38dbeab09a76a94641e05294d1c3c75760767f438052016fdda8a49a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e307a2e42021cf2409e7f5ed86656af2038410a3af5a394da4111f72dd406010
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D83105B0D002499FCB14DFA9C980BDEBFF5AF48760F248419E519AB254DB749941DB90
                                                                                                                                                                                                                                                                                    Function 00F31CF8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: bf68122fc259f7309c91b2d828c57dab8587d217216a85ff85ba45e1b3b0db4a
                                                                                                                                                                                                                                                                                    • Instruction ID: 7d11cf3ff8d81dfcc4f3bdc38f4d5c102f832fc660cded23c9801d4f8fffbbaa
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf68122fc259f7309c91b2d828c57dab8587d217216a85ff85ba45e1b3b0db4a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0A1B1713003418FD715EB38D981BAA7BA2FF85310F148929E94A9B399CF35BC46DB90
                                                                                                                                                                                                                                                                                    Function 00F31CD8 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: dde1033403a0a2d74b8b92da266eb7f90d0f88ae3727e6eda70539613696665e
                                                                                                                                                                                                                                                                                    • Instruction ID: 146afe3929e63116f5d8256bafa1376e04988fa0f3999a20c549353dcec7e992
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde1033403a0a2d74b8b92da266eb7f90d0f88ae3727e6eda70539613696665e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A19184713103018FD715EB34D891BAA77A2FF84310F148929E94A9B3A9DF35BC46DB91
                                                                                                                                                                                                                                                                                    Function 00F306B5 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: bd736027955599cc4fbd9a9eab95d0f41ed45474a12f255fb8308d78df39578f
                                                                                                                                                                                                                                                                                    • Instruction ID: f4f19b2737886c3b2326b6194fc465ee91be220ba3520df532cb9728b99a6d29
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd736027955599cc4fbd9a9eab95d0f41ed45474a12f255fb8308d78df39578f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8518E97A4D7C01FE70746246CAA7A43F608FA366AF1B01CBC580CF5D3E959490BD362
                                                                                                                                                                                                                                                                                    Function 00F33DC3 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 1a5afbdff7cc4bdb8a561052235dcc02a72ff2bf6a440c33289d57e5bdc051bc
                                                                                                                                                                                                                                                                                    • Instruction ID: e22e425cdac27ed48c6898b6679e2110c5c7f112eaed6c92bdbd0469e33fe894
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a5afbdff7cc4bdb8a561052235dcc02a72ff2bf6a440c33289d57e5bdc051bc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78419E35B001048FDB08DB68D595B6E77F2EF88321F6440A9E402EB7A1CB75DE45DBA1
                                                                                                                                                                                                                                                                                    Function 00F30752 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 8306e2d13fcf63a5978d6f3bb11dc47acc9b1e3837a3fd0c8fa278ecfed4cd5d
                                                                                                                                                                                                                                                                                    • Instruction ID: 408d143754e617adba6fbadefa2ae73c3a3db1730f956a9ed525656e5031ce99
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8306e2d13fcf63a5978d6f3bb11dc47acc9b1e3837a3fd0c8fa278ecfed4cd5d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72317FA7A4D7C01FE70706646CA97A83F618F6366AF0A01D7D981CF5D3D925090BC3A2
                                                                                                                                                                                                                                                                                    Function 00F351C8 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 93628171e87aa0c7b03077b947cd10ea9701cd8c8e4a526bd18dded5912cd359
                                                                                                                                                                                                                                                                                    • Instruction ID: e5cdd4749796df0a6531316c60d024bd1230cc29c286a4404cb05bcf553a6958
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93628171e87aa0c7b03077b947cd10ea9701cd8c8e4a526bd18dded5912cd359
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5231E5723043008FDB15EB68E880B6ABBA6EBC0364F14446EE5098F356CB76FC46D795
                                                                                                                                                                                                                                                                                    Function 00F34960 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 715c71ac429e2b04ff4ed7fb88c7208bc26b3f7558de73d42e3262119ee09806
                                                                                                                                                                                                                                                                                    • Instruction ID: 03e3a31dc54dd3970f42232c93f4e15e8c44baf6d86eced3e3cd24466619ca96
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 715c71ac429e2b04ff4ed7fb88c7208bc26b3f7558de73d42e3262119ee09806
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06311675A002488FDB05CF68C944ADDBBF2BF8D320F1981A5E445AB362D735AD41CF60
                                                                                                                                                                                                                                                                                    Function 00E6D06C Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163121062.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_e6d000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: d665ae93439445e276e5aefcf5bdb7b78ca1c57e0e798fa64fcaa5bbba2d0277
                                                                                                                                                                                                                                                                                    • Instruction ID: 21dddeb4a51f9adbc43a2f550d840c0bd3b813ff696b9a2e5cf2c330d05a2ee1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d665ae93439445e276e5aefcf5bdb7b78ca1c57e0e798fa64fcaa5bbba2d0277
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB2138B1A48200DFCF15DF14EDC0B26BF66FB88318F64C559E9091B255C37AC816CBA1
                                                                                                                                                                                                                                                                                    Function 00ECD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163932620.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_ecd000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: a71853545a0ed34c3cdfbb5bf359769bb21e39424f6ad6741102350d94291ec3
                                                                                                                                                                                                                                                                                    • Instruction ID: 886a3c2c8243d266be509a34aa5ad021af3d5502a622b5533dc738847c940347
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a71853545a0ed34c3cdfbb5bf359769bb21e39424f6ad6741102350d94291ec3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0521C1755082009FCB14DF18DAC1F26BB66EB84318F24C56DD94A5B296C337D847CA61
                                                                                                                                                                                                                                                                                    Function 00F351B9 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 2ac71657e562a00f60d0f9066676f05b578f6977f620db4fe2e9409f25875353
                                                                                                                                                                                                                                                                                    • Instruction ID: b4c3a07015e65912179c51c0b3d8b760fae4995391d2223916a4b52a69c002ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ac71657e562a00f60d0f9066676f05b578f6977f620db4fe2e9409f25875353
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E82100712042408BDB05EB68D881BABBBA7AFC0320F08446DE9459F396CB76FC059791
                                                                                                                                                                                                                                                                                    Function 00ECD005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163932620.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_ecd000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 38344df8b6a200da256d4ffb70ccae5a009b5e433b45da23ad14f5d5e24c4fdc
                                                                                                                                                                                                                                                                                    • Instruction ID: c4d4f6f8fc73f8234159504042bbd9bd71a8ca032dabecb00a99987f17a31d73
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38344df8b6a200da256d4ffb70ccae5a009b5e433b45da23ad14f5d5e24c4fdc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D12171755093808FD712CF24D990B15BF72EB46214F28C5EAD8498B6A7C33B980BCB62
                                                                                                                                                                                                                                                                                    Function 00E6D067 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163121062.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_e6d000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: ad2dec59e3151889acede25dbdc09f1e0996748c90a37620c8196c664727292b
                                                                                                                                                                                                                                                                                    • Instruction ID: ead55e9240efaf372bbd6b2ee8805c2e472c382beb0069b51e1a431b7cb8403e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad2dec59e3151889acede25dbdc09f1e0996748c90a37620c8196c664727292b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F21DF76904280DFCB06CF10D9C4B16BF72FB88318F24C2A9D9485B256C33AD866CB91
                                                                                                                                                                                                                                                                                    Function 00E6DA01 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163121062.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_e6d000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 95ff5e514a929930c5248780773e42ac8c9dc23d57645199eb1b42696be8ef29
                                                                                                                                                                                                                                                                                    • Instruction ID: 51577045a69a240382db43980347aab8194bec7ee043a9aaa11640d21328decb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95ff5e514a929930c5248780773e42ac8c9dc23d57645199eb1b42696be8ef29
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F012B71A4D3409AE7108E56DCC0776BFDCDF513A4F58E45AED096B283C6789C40D6B1
                                                                                                                                                                                                                                                                                    Function 00E6D847 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163121062.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_e6d000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 2f5f60e80b6bc5f7caa7794b6aca3cd14360c9e300f5b3a619e5bad862bd8647
                                                                                                                                                                                                                                                                                    • Instruction ID: f7bbbf11c2ffc188a2e610b7b8b9f877ef2b49696dd6279312d90ad6dea47972
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f5f60e80b6bc5f7caa7794b6aca3cd14360c9e300f5b3a619e5bad862bd8647
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57011A72600A00AFC7219F46DD84C23FBBAFF88760355845DE94A4BA21C372F851DF60
                                                                                                                                                                                                                                                                                    Function 00E6D838 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163121062.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_e6d000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 5550a584cf5663a26f1e0b54f99c63a1612f7b68b8434ed8453b4fd65f0d2b65
                                                                                                                                                                                                                                                                                    • Instruction ID: 1e0e9845f9b040c094b49d9f53767d03b406bb3f4bbaff24723b5d8058e01f61
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5550a584cf5663a26f1e0b54f99c63a1612f7b68b8434ed8453b4fd65f0d2b65
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1010C75104640AFD7268F56CD84C62BFBAFF89760759948DE9864BA22C232F812DF60
                                                                                                                                                                                                                                                                                    Function 00F348D8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 43575bb7f45cad313d21d04e666ba7688153b0c157fe13ac6860340fba1de8de
                                                                                                                                                                                                                                                                                    • Instruction ID: 8af2f0cd86efd4ba03f719c15273405ac8b281821848293b6d2a3c284568a3d4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43575bb7f45cad313d21d04e666ba7688153b0c157fe13ac6860340fba1de8de
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBF0F672D101099BDB04D764C855AEFBFB69F88310F55883AD412BB340DE70690ADBD1
                                                                                                                                                                                                                                                                                    Function 00E6D163 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163121062.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_e6d000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 4ff9078f66788c1bedeeef62ee0dae91338d3d78737374c7db1e596a633467b9
                                                                                                                                                                                                                                                                                    • Instruction ID: 9a4fb73a086885b07429780b364800f16675b67c6473860bf73a36fe0a7efebc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ff9078f66788c1bedeeef62ee0dae91338d3d78737374c7db1e596a633467b9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AF04976640600AFD320CF0ADC84C23FBADEFC5770319C19AE84A5B612C671EC02CEA0
                                                                                                                                                                                                                                                                                    Function 00E6DA00 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163121062.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_e6d000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: c3542ebfd0c6a1e7f196ae6190fc854952d3e7b19bf04ab0939c3f7b22420aa3
                                                                                                                                                                                                                                                                                    • Instruction ID: 10706d779c50bed669bb752ca09967fbc4339fd0f320284acbb6a73f9b7d08f0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3542ebfd0c6a1e7f196ae6190fc854952d3e7b19bf04ab0939c3f7b22420aa3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49F0C27250C3849EE7108A06DDC4B62FFDCEB50778F18D05AED085B282C2789C40CAB0
                                                                                                                                                                                                                                                                                    Function 00F34808 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: d7a19d183bb535319ebc723c6cb7417bdc7904bf4ab68ce3ef41d6833b94f215
                                                                                                                                                                                                                                                                                    • Instruction ID: e177b744baf50c9588d165fdfdf6b8a1fa1b05101390a8a2e3a9a17051964a8e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7a19d183bb535319ebc723c6cb7417bdc7904bf4ab68ce3ef41d6833b94f215
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACF09A71A001158FCB80DBACCA46BAE77F4EF48320F2040B9D119E7354EB34B9009BC2
                                                                                                                                                                                                                                                                                    Function 00E6D154 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4163121062.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_e6d000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: a78448e3b26844e0c6a862d81ffebe2448bc602abcf5d8bc630f5f51ed4b0667
                                                                                                                                                                                                                                                                                    • Instruction ID: 2caef09ffcf87cd24da63982f5243b4902afd890e48b3059b35f575ae9489e13
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a78448e3b26844e0c6a862d81ffebe2448bc602abcf5d8bc630f5f51ed4b0667
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F03C70505680AFD311CF06CC84C63BBB9EF85660719858DE84A5B252C675EC01CB60
                                                                                                                                                                                                                                                                                    Function 00F348E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 291621e45be5d65858d5b14374e4c4723fbd64368ab2cd59098d4728d7e2546c
                                                                                                                                                                                                                                                                                    • Instruction ID: 2eb246e5b8f29f681e5c07cdbd8b327dd1f68bd882b01340f09f45fd0efad5da
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 291621e45be5d65858d5b14374e4c4723fbd64368ab2cd59098d4728d7e2546c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97F08272A101099BDB04DB64C855AEFBFBA9F84320F158836D512BB390DE70690A96D2
                                                                                                                                                                                                                                                                                    Function 00F34878 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 8ef3db21c19802b029cccca07b7f570d5037368bb7d798b01825ccf9530ea967
                                                                                                                                                                                                                                                                                    • Instruction ID: 708c0c40e0eb26f124d950d72169a5ea4a4df18d156e4a25523604474a1be532
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ef3db21c19802b029cccca07b7f570d5037368bb7d798b01825ccf9530ea967
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0F06232D002098BCB14CBACE8455DDBBF5EB8C320F04C22AD521B3290EB705915CB94
                                                                                                                                                                                                                                                                                    Function 00F34818 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 6fd71b6626ebff01b3f3533178f35e709cd31e7fe51e2590c95998ede479bfed
                                                                                                                                                                                                                                                                                    • Instruction ID: c9fb6324f79c50958b26ba65e901abbadcc4ab83c4a841bb4fd86a77dc7f77d0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fd71b6626ebff01b3f3533178f35e709cd31e7fe51e2590c95998ede479bfed
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4F01571E001268FCB80EBACC5057AE7BF8AF48324F1040BAD62DD7255EB75AE009B81
                                                                                                                                                                                                                                                                                    Function 00F347A0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 0aa6f70be83e9486440dd5afc9b132d9631e63a34090596a4086327a558f7d76
                                                                                                                                                                                                                                                                                    • Instruction ID: ed2dc5c393432ca5e94d049d1441dfd4d6353824f63ec63faa351408a35c2528
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0aa6f70be83e9486440dd5afc9b132d9631e63a34090596a4086327a558f7d76
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93F0E5362143018FCB01EB28ED90BA877F4AF427A1F548068E448C73A9EB25FC04EF60
                                                                                                                                                                                                                                                                                    Function 00F30848 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 6ba7a33cfe052e20c65f724b88f8407167d9202f754e70ddc58673337a22789f
                                                                                                                                                                                                                                                                                    • Instruction ID: 2cc8b39802e048a2f7c09439bcaa944b4a7066013083df739bce2cf44ca90053
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ba7a33cfe052e20c65f724b88f8407167d9202f754e70ddc58673337a22789f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38D05E3574022457CB0D2779A46C6AD3A4BEBC6B62B04442DEA07D3381CF368D0787D5
                                                                                                                                                                                                                                                                                    Function 00F33D2B Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4164427664.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_f30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: a20db722639ce958505d5664b71a0d94f0d87d86ac48a36971171013d512fb43
                                                                                                                                                                                                                                                                                    • Instruction ID: d763c8ffde9ce43196a680a215ee4a9ae5c615bb3684aef835e1183156a84eb2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a20db722639ce958505d5664b71a0d94f0d87d86ac48a36971171013d512fb43
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AD0A73B1002008FC700DF70FC09E253BB5F748204F1400A4E80C83331E622ED068F81

                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                    Execution Coverage:11.6%
                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                    Signature Coverage:7.1%
                                                                                                                                                                                                                                                                                    Total number of Nodes:1761
                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                                    execution_graph 31445 ebb49f 31446 ebb4a8 31445->31446 31449 ebadc7 31446->31449 31447 ebb4d7 31452 ec6a64 31449->31452 31451 ebadd0 31451->31447 31453 ec6a70 ___scrt_is_nonwritable_in_current_image 31452->31453 31454 ec6a7a 31453->31454 31455 ec6a92 31453->31455 31480 ecb5b9 14 API calls __dosmaperr 31454->31480 31472 ec7f4a EnterCriticalSection 31455->31472 31458 ec6a7f 31481 ec69c7 39 API calls __fread_nolock 31458->31481 31459 ec6a9d 31464 ec6ab5 31459->31464 31482 ecd244 31459->31482 31462 ec6b1d 31489 ecb5b9 14 API calls __dosmaperr 31462->31489 31463 ec6b45 31473 ec6a28 31463->31473 31464->31462 31464->31463 31467 ec6b22 31490 ec69c7 39 API calls __fread_nolock 31467->31490 31468 ec6b4b 31491 ec6b75 LeaveCriticalSection __Getctype 31468->31491 31471 ec6a8a 31471->31451 31472->31459 31474 ec6a49 __fread_nolock 31473->31474 31475 ec6a34 31473->31475 31474->31468 31492 ecb5b9 14 API calls __dosmaperr 31475->31492 31477 ec6a39 31493 ec69c7 39 API calls __fread_nolock 31477->31493 31479 ec6a44 31479->31468 31480->31458 31481->31471 31483 ecd265 31482->31483 31484 ecd250 31482->31484 31483->31464 31494 ecb5b9 14 API calls __dosmaperr 31484->31494 31486 ecd255 31495 ec69c7 39 API calls __fread_nolock 31486->31495 31488 ecd260 31488->31464 31489->31467 31490->31471 31491->31471 31492->31477 31493->31479 31494->31486 31495->31488 31496 ecd26b 31497 ecd278 31496->31497 31502 ecd290 31496->31502 31546 ecb5b9 14 API calls __dosmaperr 31497->31546 31499 ecd27d 31547 ec69c7 39 API calls __fread_nolock 31499->31547 31501 ecd288 31502->31501 31503 ecd2ef 31502->31503 31548 ecd84f 14 API calls 2 library calls 31502->31548 31505 ecd244 __fread_nolock 39 API calls 31503->31505 31506 ecd308 31505->31506 31516 ecf3b2 31506->31516 31509 ecd244 __fread_nolock 39 API calls 31510 ecd341 31509->31510 31510->31501 31511 ecd244 __fread_nolock 39 API calls 31510->31511 31512 ecd34f 31511->31512 31512->31501 31513 ecd244 __fread_nolock 39 API calls 31512->31513 31514 ecd35d 31513->31514 31515 ecd244 __fread_nolock 39 API calls 31514->31515 31515->31501 31517 ecf3be ___scrt_is_nonwritable_in_current_image 31516->31517 31518 ecf3c6 31517->31518 31522 ecf3e1 31517->31522 31615 ecb5a6 14 API calls __dosmaperr 31518->31615 31520 ecf3cb 31616 ecb5b9 14 API calls __dosmaperr 31520->31616 31521 ecf3f8 31617 ecb5a6 14 API calls __dosmaperr 31521->31617 31522->31521 31525 ecf433 31522->31525 31527 ecf43c 31525->31527 31528 ecf451 31525->31528 31526 ecf3fd 31618 ecb5b9 14 API calls __dosmaperr 31526->31618 31620 ecb5a6 14 API calls __dosmaperr 31527->31620 31549 ed160a EnterCriticalSection 31528->31549 31532 ecf457 31535 ecf48b 31532->31535 31536 ecf476 31532->31536 31533 ecf405 31619 ec69c7 39 API calls __fread_nolock 31533->31619 31534 ecf441 31621 ecb5b9 14 API calls __dosmaperr 31534->31621 31550 ecf4cb 31535->31550 31622 ecb5b9 14 API calls __dosmaperr 31536->31622 31541 ecf47b 31623 ecb5a6 14 API calls __dosmaperr 31541->31623 31542 ecf486 31624 ecf4c3 LeaveCriticalSection __wsopen_s 31542->31624 31545 ecd310 31545->31501 31545->31509 31546->31499 31547->31501 31548->31503 31549->31532 31551 ecf4dd 31550->31551 31552 ecf4f5 31550->31552 31634 ecb5a6 14 API calls __dosmaperr 31551->31634 31554 ecf837 31552->31554 31559 ecf538 31552->31559 31656 ecb5a6 14 API calls __dosmaperr 31554->31656 31555 ecf4e2 31635 ecb5b9 14 API calls __dosmaperr 31555->31635 31558 ecf83c 31657 ecb5b9 14 API calls __dosmaperr 31558->31657 31560 ecf543 31559->31560 31561 ecf4ea 31559->31561 31567 ecf573 31559->31567 31636 ecb5a6 14 API calls __dosmaperr 31560->31636 31561->31542 31564 ecf550 31658 ec69c7 39 API calls __fread_nolock 31564->31658 31565 ecf548 31637 ecb5b9 14 API calls __dosmaperr 31565->31637 31569 ecf58c 31567->31569 31570 ecf599 31567->31570 31571 ecf5c7 31567->31571 31569->31570 31603 ecf5b5 31569->31603 31638 ecb5a6 14 API calls __dosmaperr 31570->31638 31641 ecc333 15 API calls 2 library calls 31571->31641 31574 ecf59e 31639 ecb5b9 14 API calls __dosmaperr 31574->31639 31576 ecf5d8 31642 ecc2f9 31576->31642 31578 ecf713 31582 ecf787 31578->31582 31585 ecf72c GetConsoleMode 31578->31585 31580 ecf5a5 31640 ec69c7 39 API calls __fread_nolock 31580->31640 31584 ecf78b ReadFile 31582->31584 31587 ecf7ff GetLastError 31584->31587 31588 ecf7a3 31584->31588 31585->31582 31589 ecf73d 31585->31589 31586 ecc2f9 ___free_lconv_mon 14 API calls 31590 ecf5e8 31586->31590 31591 ecf80c 31587->31591 31592 ecf763 31587->31592 31588->31587 31593 ecf77c 31588->31593 31589->31584 31594 ecf743 ReadConsoleW 31589->31594 31595 ecf60d 31590->31595 31596 ecf5f2 31590->31596 31654 ecb5b9 14 API calls __dosmaperr 31591->31654 31611 ecf5b0 __fread_nolock 31592->31611 31651 ecb55f 14 API calls __dosmaperr 31592->31651 31608 ecf7df 31593->31608 31609 ecf7c8 31593->31609 31593->31611 31594->31593 31599 ecf75d GetLastError 31594->31599 31650 ece719 41 API calls __fread_nolock 31595->31650 31648 ecb5b9 14 API calls __dosmaperr 31596->31648 31599->31592 31600 ecc2f9 ___free_lconv_mon 14 API calls 31600->31561 31602 ecf811 31655 ecb5a6 14 API calls __dosmaperr 31602->31655 31625 ed601e 31603->31625 31605 ecf5f7 31649 ecb5a6 14 API calls __dosmaperr 31605->31649 31608->31611 31612 ecf7f8 31608->31612 31652 ecf1dd 44 API calls 2 library calls 31609->31652 31611->31600 31653 ecf023 42 API calls __fread_nolock 31612->31653 31614 ecf7fd 31614->31611 31615->31520 31616->31545 31617->31526 31618->31533 31619->31545 31620->31534 31621->31533 31622->31541 31623->31542 31624->31545 31626 ed6038 31625->31626 31627 ed602b 31625->31627 31630 ed6044 31626->31630 31660 ecb5b9 14 API calls __dosmaperr 31626->31660 31659 ecb5b9 14 API calls __dosmaperr 31627->31659 31629 ed6030 31629->31578 31630->31578 31632 ed6065 31661 ec69c7 39 API calls __fread_nolock 31632->31661 31634->31555 31635->31561 31636->31565 31637->31564 31638->31574 31639->31580 31640->31611 31641->31576 31643 ecc304 RtlFreeHeap 31642->31643 31644 ecc32e 31642->31644 31643->31644 31645 ecc319 GetLastError 31643->31645 31644->31586 31646 ecc326 __dosmaperr 31645->31646 31662 ecb5b9 14 API calls __dosmaperr 31646->31662 31648->31605 31649->31611 31650->31603 31651->31611 31652->31611 31653->31614 31654->31602 31655->31611 31656->31558 31657->31564 31658->31561 31659->31629 31660->31632 31661->31629 31662->31644 31663 ed5015 31668 ed4daa 31663->31668 31667 ed5054 31673 ed4dd8 ___vcrt_FlsFree 31668->31673 31670 ed5003 31687 ec69c7 39 API calls __fread_nolock 31670->31687 31672 ed4f33 31672->31667 31680 ed75e8 31672->31680 31679 ed4f28 31673->31679 31683 ed6aa6 40 API calls 2 library calls 31673->31683 31675 ed4f90 31675->31679 31684 ed6aa6 40 API calls 2 library calls 31675->31684 31677 ed4fae 31677->31679 31685 ed6aa6 40 API calls 2 library calls 31677->31685 31679->31672 31686 ecb5b9 14 API calls __dosmaperr 31679->31686 31688 ed6cd4 31680->31688 31683->31675 31684->31677 31685->31679 31686->31670 31687->31672 31689 ed6ce0 ___scrt_is_nonwritable_in_current_image 31688->31689 31690 ed6ce7 31689->31690 31693 ed6d12 31689->31693 31745 ecb5b9 14 API calls __dosmaperr 31690->31745 31692 ed6cec 31746 ec69c7 39 API calls __fread_nolock 31692->31746 31699 ed72be 31693->31699 31698 ed6cf6 31698->31667 31700 ed72db 31699->31700 31701 ed7309 31700->31701 31702 ed72f0 31700->31702 31748 ed16e2 31701->31748 31762 ecb5a6 14 API calls __dosmaperr 31702->31762 31706 ed732e 31761 ed7005 CreateFileW 31706->31761 31707 ed7317 31764 ecb5a6 14 API calls __dosmaperr 31707->31764 31711 ed6d36 31747 ed6d69 LeaveCriticalSection __wsopen_s 31711->31747 31712 ed731c 31765 ecb5b9 14 API calls __dosmaperr 31712->31765 31714 ed73e4 GetFileType 31715 ed73ef GetLastError 31714->31715 31716 ed7436 31714->31716 31768 ecb55f 14 API calls __dosmaperr 31715->31768 31770 ed162d 15 API calls 2 library calls 31716->31770 31717 ed72f5 31763 ecb5b9 14 API calls __dosmaperr 31717->31763 31718 ed73b9 GetLastError 31767 ecb55f 14 API calls __dosmaperr 31718->31767 31721 ed7367 31721->31714 31721->31718 31766 ed7005 CreateFileW 31721->31766 31722 ed73fd CloseHandle 31722->31717 31726 ed7426 31722->31726 31725 ed73ac 31725->31714 31725->31718 31769 ecb5b9 14 API calls __dosmaperr 31726->31769 31727 ed7457 31729 ed74a3 31727->31729 31771 ed7214 73 API calls 3 library calls 31727->31771 31734 ed74aa 31729->31734 31773 ed6daf 73 API calls 4 library calls 31729->31773 31730 ed742b 31730->31717 31733 ed74d8 31733->31734 31735 ed74e6 31733->31735 31772 ecfa35 42 API calls 2 library calls 31734->31772 31735->31711 31737 ed7562 CloseHandle 31735->31737 31774 ed7005 CreateFileW 31737->31774 31739 ed758d 31740 ed75c3 31739->31740 31741 ed7597 GetLastError 31739->31741 31740->31711 31775 ecb55f 14 API calls __dosmaperr 31741->31775 31743 ed75a3 31776 ed17f5 15 API calls 2 library calls 31743->31776 31745->31692 31746->31698 31747->31698 31749 ed16ee ___scrt_is_nonwritable_in_current_image 31748->31749 31777 ecaac4 EnterCriticalSection 31749->31777 31751 ed173c 31778 ed17ec 31751->31778 31752 ed16f5 31752->31751 31753 ed171a 31752->31753 31758 ed1789 EnterCriticalSection 31752->31758 31781 ed14bc 15 API calls 3 library calls 31753->31781 31757 ed171f 31757->31751 31782 ed160a EnterCriticalSection 31757->31782 31758->31751 31759 ed1796 LeaveCriticalSection 31758->31759 31759->31752 31761->31721 31762->31717 31763->31711 31764->31712 31765->31717 31766->31725 31767->31717 31768->31722 31769->31730 31770->31727 31771->31729 31772->31711 31773->31733 31774->31739 31775->31743 31776->31740 31777->31752 31783 ecab0c LeaveCriticalSection 31778->31783 31780 ed175c 31780->31706 31780->31707 31781->31757 31782->31751 31783->31780 31784 ec1244 31785 ec1250 ___scrt_is_nonwritable_in_current_image 31784->31785 31812 ec0fa4 31785->31812 31787 ec1257 31788 ec13aa 31787->31788 31796 ec1281 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 31787->31796 31967 ec162a 4 API calls 2 library calls 31788->31967 31790 ec13b1 31968 ec8697 21 API calls std::locale::_Setgloballocale 31790->31968 31792 ec13b7 31969 ec865b 21 API calls std::locale::_Setgloballocale 31792->31969 31794 ec13bf 31795 ec12a0 31796->31795 31803 ec1321 31796->31803 31963 ec8148 39 API calls 4 library calls 31796->31963 31823 ec173f 31803->31823 31804 ec133c 31964 ec1775 GetModuleHandleW 31804->31964 31806 ec1343 31806->31790 31807 ec1347 31806->31807 31808 ec1350 31807->31808 31965 ec864c 21 API calls std::locale::_Setgloballocale 31807->31965 31966 ec1115 75 API calls ___scrt_uninitialize_crt 31808->31966 31811 ec1358 31811->31795 31813 ec0fad 31812->31813 31970 ec144a IsProcessorFeaturePresent 31813->31970 31815 ec0fb9 31971 ec4edb 10 API calls 2 library calls 31815->31971 31817 ec0fbe 31822 ec0fc2 31817->31822 31972 ec8fec 31817->31972 31820 ec0fd9 31820->31787 31822->31787 31985 ec3660 31823->31985 31825 ec1752 GetStartupInfoW 31826 ec1327 31825->31826 31827 ec90ba 31826->31827 31986 ed0970 31827->31986 31829 ec90c3 31830 ec132f 31829->31830 31992 ed0c20 39 API calls 31829->31992 31832 ebee57 31830->31832 31995 ebdf9d GetVersionExW 31832->31995 31839 ea70e4 41 API calls 31840 ebeea5 31839->31840 31841 ea70e4 41 API calls 31840->31841 31842 ebeeb1 31841->31842 31843 ea70e4 41 API calls 31842->31843 31844 ebeebd GetCommandLineW 31843->31844 32011 ea7108 31844->32011 31846 ebeecd 32015 ea67ec 31846->32015 31848 ebeee2 31849 ea70e4 41 API calls 31848->31849 31850 ebeef7 31849->31850 32021 ea80d2 31850->32021 31852 ebef36 32029 ea6dd7 31852->32029 31854 ebef03 31854->31852 32160 ea71a5 31854->32160 31855 ebef4b 32032 ebe84b 31855->32032 31858 ebef67 31859 ea70e4 41 API calls 31858->31859 31880 ebee77 31858->31880 31860 ebef8c 31859->31860 31861 ea70e4 41 API calls 31860->31861 31862 ebef95 31861->31862 32041 ea77ee 31862->32041 31864 ebefac 31864->31880 32050 ea7a12 31864->32050 31867 ea7a12 41 API calls 31868 ebefef 31867->31868 31869 ea7a12 41 API calls 31868->31869 31875 ebf001 31869->31875 31870 ebf055 31871 ea7a12 41 API calls 31870->31871 31872 ebf067 31871->31872 32057 ea7204 31872->32057 31874 ebf071 31877 ea7a12 41 API calls 31874->31877 31875->31870 31876 ebf041 MessageBoxW 31875->31876 31876->31870 31876->31880 31878 ebf08c 31877->31878 31879 ea7204 41 API calls 31878->31879 31881 ebf099 31879->31881 31880->31804 31882 ea7a12 41 API calls 31881->31882 31883 ebf0b4 31882->31883 31884 ea7204 41 API calls 31883->31884 31885 ebf0c1 31884->31885 31886 ea7a12 41 API calls 31885->31886 31887 ebf0dc 31886->31887 31888 ea7204 41 API calls 31887->31888 31889 ebf0e6 31888->31889 32061 ebeafd 31889->32061 31891 ebf0f8 31891->31880 32081 ebde90 31891->32081 31893 ebf1ae 32102 ec0cd9 31893->32102 31894 ebf167 31894->31893 32084 ea8a77 31894->32084 31897 ebf1b5 32118 eb6898 31897->32118 31898 ebf181 31899 ebf185 31898->31899 31900 ea7204 41 API calls 31898->31900 32173 ebdeaa 63 API calls 31899->32173 31900->31893 31903 ebf1d3 31904 ea70e4 41 API calls 31903->31904 31911 ebf1d7 31903->31911 31905 ebf1f6 31904->31905 32126 eb9f5b 31905->32126 31908 ebf217 31909 ebf2b2 31908->31909 31910 ebf221 31908->31910 32153 ebdef0 31909->32153 31910->31911 31915 ebf233 31910->31915 32164 eaa3de 43 API calls 31910->32164 32167 eab92d 31911->32167 31914 ebf2c7 32159 ea87b9 SetCurrentDirectoryW 31914->32159 31915->31911 31917 ebf26e 31915->31917 32165 ebde7b 43 API calls 31915->32165 32166 eaa2bf 43 API calls __EH_prolog3_GS 31917->32166 31920 ebdf1d 44 API calls 31920->31911 31921 ebf264 31923 ea7204 41 API calls 31921->31923 31922 ebf2d7 31924 ebf2fe 31922->31924 31928 ebf417 31922->31928 31959 ebf424 31922->31959 31923->31917 31927 ea717a 41 API calls 31924->31927 31925 ebf283 31926 ebf296 MessageBoxW 31925->31926 31926->31911 31932 ebf30d 31927->31932 31929 ea7108 41 API calls 31928->31929 31928->31959 31930 ebf439 31929->31930 31931 ea758c 41 API calls 31930->31931 31933 ebf44c 31931->31933 31934 ebf36d 31932->31934 31936 ea739a 41 API calls 31932->31936 31935 ea717a 41 API calls 31933->31935 31941 ea717a 41 API calls 31934->31941 31937 ebf463 31935->31937 31938 ebf35c 31936->31938 31940 ebebdb 84 API calls 31937->31940 31939 ea73e4 41 API calls 31938->31939 31939->31934 31944 ebf478 31940->31944 31942 ebf383 31941->31942 31945 ebf390 31942->31945 31943 ebf49c 31951 ea717a 41 API calls 31943->31951 31944->31943 31946 ea7392 41 API calls 31944->31946 31947 ebf3aa ShellExecuteExW 31945->31947 31948 ebf48e 31946->31948 31949 ebf3fe 31947->31949 31953 ebf3d9 31947->31953 31950 ea73e4 41 API calls 31948->31950 31954 ebf54d 31949->31954 31950->31943 31952 ebf4e9 31951->31952 31955 ebf507 CreateProcessW 31952->31955 31953->31959 31958 ebf556 WaitForSingleObject GetExitCodeProcess CloseHandle 31954->31958 31954->31959 31956 ebf513 31955->31956 31957 ebf536 CloseHandle 31955->31957 31956->31959 31961 ebea71 45 API calls 31956->31961 31957->31949 31960 ebf580 31958->31960 31959->31920 31962 ebfeb6 Sleep QueryPerformanceCounter QueryPerformanceFrequency 31960->31962 31961->31959 31962->31959 31963->31803 31964->31806 31965->31808 31966->31811 31967->31790 31968->31792 31969->31794 31970->31815 31971->31817 31976 ed0fd2 31972->31976 31975 ec4efa 7 API calls 2 library calls 31975->31822 31977 ed0fe2 31976->31977 31978 ec0fcb 31976->31978 31977->31978 31980 ecd4bb 31977->31980 31978->31820 31978->31975 31984 ecd4c2 31980->31984 31981 ecd505 GetStdHandle 31981->31984 31982 ecd567 31982->31977 31983 ecd518 GetFileType 31983->31984 31984->31981 31984->31982 31984->31983 31985->31825 31987 ed0979 31986->31987 31988 ed09ab 31986->31988 31993 ecc7d7 39 API calls 3 library calls 31987->31993 31988->31829 31990 ed099c 31994 ed077b 49 API calls 4 library calls 31990->31994 31992->31829 31993->31990 31994->31988 31996 ebdfcb 31995->31996 32174 ec0b18 31996->32174 31998 ebdfe4 31998->31880 31999 ea1c57 GetVersion 31998->31999 32000 ea1ca0 GetSystemDirectoryW 31999->32000 32001 ea1c76 GetModuleHandleW GetProcAddress 31999->32001 32002 ea1cba 32000->32002 32007 ea1d39 32000->32007 32001->32000 32003 ea1c91 32001->32003 32006 ea1d08 LoadLibraryExW 32002->32006 32002->32007 32003->32000 32003->32007 32004 ec0b18 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 32005 ea1d46 32004->32005 32008 ea70e4 32005->32008 32006->32002 32006->32007 32007->32004 32182 ec0c5c 32008->32182 32010 ea70f1 32010->31839 32012 ea7117 32011->32012 32241 ea6ef5 32012->32241 32014 ea7121 32014->31846 32020 ea67ff 32015->32020 32016 ea6852 32016->31848 32017 ea6854 32019 ea71a5 41 API calls 32017->32019 32019->32016 32020->32016 32020->32017 32244 ea679a 32020->32244 32249 ea677c 32021->32249 32023 ea80ed GetModuleFileNameW 32024 ea8127 32023->32024 32025 ea8115 32023->32025 32027 ec0b18 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 32024->32027 32025->32024 32026 ea71a5 41 API calls 32025->32026 32026->32024 32028 ea8138 32027->32028 32028->31854 32030 ec0c5c 41 API calls 32029->32030 32031 ea6de4 32030->32031 32031->31855 32033 ebe866 __wsopen_s 32032->32033 32250 ea971d 32033->32250 32035 ec0b18 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 32037 ebea54 32035->32037 32037->31858 32038 ebea1e 32038->32035 32039 ebe8a5 std::_Locinfo::_Locinfo_ctor ctype 32039->32038 32253 ea977b 32039->32253 32257 ea6b81 41 API calls 32039->32257 32042 ea77fa __EH_prolog3 32041->32042 32044 ea7970 std::locale::locale 32042->32044 32046 ea7cf3 41 API calls 32042->32046 32047 ea6dd7 41 API calls 32042->32047 32048 ea6b81 41 API calls 32042->32048 32276 ea7994 41 API calls 2 library calls 32042->32276 32277 ea7726 41 API calls 2 library calls 32042->32277 32278 ea7a7f 41 API calls 32042->32278 32044->31864 32046->32042 32047->32042 32048->32042 32051 ea7a2a 32050->32051 32052 ea7a2e 32051->32052 32053 ea7a37 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32051->32053 32054 ea70e4 41 API calls 32052->32054 32279 ea717a 32053->32279 32056 ea7a35 32054->32056 32056->31867 32058 ea7212 32057->32058 32059 ea7238 32057->32059 32058->32059 32060 ec0c5c 41 API calls 32058->32060 32059->31874 32060->32059 32062 ebeb09 __EH_prolog3 32061->32062 32063 ea70e4 41 API calls 32062->32063 32080 ebeb14 std::locale::locale 32062->32080 32064 ebeb28 32063->32064 32282 ea87c7 32064->32282 32066 ebeb35 32067 ea7108 41 API calls 32066->32067 32068 ebeb4a 32067->32068 32298 ea758c 32068->32298 32070 ebeb5d 32302 ea813a 42 API calls 2 library calls 32070->32302 32072 ebeb70 32073 ea7204 41 API calls 32072->32073 32074 ebeb7d 32073->32074 32075 ea7108 41 API calls 32074->32075 32076 ebeb9d 32075->32076 32077 ea758c 41 API calls 32076->32077 32078 ebebb0 32077->32078 32303 ea8421 32078->32303 32080->31891 32082 ea70e4 41 API calls 32081->32082 32083 ebdea5 32082->32083 32083->31894 32085 ea8a83 __EH_prolog3 32084->32085 32328 ea8b1b 32085->32328 32087 ea8a8a 32088 ea70e4 41 API calls 32087->32088 32101 ea8afc std::locale::locale 32087->32101 32089 ea8aa4 32088->32089 32333 ea88de GetTempPathW 32089->32333 32093 ea8ac2 32094 ea6dd7 41 API calls 32093->32094 32095 ea8aca 32094->32095 32342 ea8946 32095->32342 32097 ea8ae2 32098 ea7204 41 API calls 32097->32098 32097->32101 32099 ea8af1 32098->32099 32376 ea82c4 32099->32376 32101->31898 32104 ec0cde 32102->32104 32103 ec6367 _Yarn 15 API calls 32103->32104 32104->32103 32105 ec0cf8 32104->32105 32106 ec81ae std::_Facet_Register 2 API calls 32104->32106 32107 ec0cfa 32104->32107 32105->31897 32106->32104 32108 eba1f7 std::_Facet_Register 32107->32108 32110 ec0d04 std::_Facet_Register 32107->32110 32109 ec4f11 std::_Xinvalid_argument RaiseException 32108->32109 32112 eba213 32109->32112 32111 ec4f11 std::_Xinvalid_argument RaiseException 32110->32111 32114 ec1449 32111->32114 32113 eba22f std::bad_exception::bad_exception 40 API calls 32112->32113 32115 eba222 32113->32115 32115->31897 32116 ec0cd9 std::_Facet_Register 41 API calls 32115->32116 32117 eba250 32116->32117 32117->31897 32122 eb68a4 __EH_prolog3 32118->32122 32120 eb696d std::locale::locale 32120->31903 32121 ea70e4 41 API calls 32121->32122 32122->32120 32122->32121 32123 ea7320 41 API calls 32122->32123 32516 eb672d 41 API calls 32122->32516 32517 eb67bf 41 API calls 3 library calls 32122->32517 32518 eb69c5 41 API calls 32122->32518 32123->32122 32127 eb9f6a __EH_prolog3 32126->32127 32519 eba0bc 32127->32519 32129 eb9f7f 32130 ea7204 41 API calls 32129->32130 32131 eb9f95 32130->32131 32132 ea7204 41 API calls 32131->32132 32133 eb9fa3 32132->32133 32134 ec0cd9 std::_Facet_Register 41 API calls 32133->32134 32135 eb9fad 32134->32135 32529 eba13b 32135->32529 32137 eb9fbc 32138 eb9fdc 32137->32138 32139 eba062 32137->32139 32583 eb34f5 32138->32583 32543 eb9d32 32139->32543 32142 ea7204 41 API calls 32145 eba079 32142->32145 32144 ea70e4 41 API calls 32146 eba02d 32144->32146 32147 ea7204 41 API calls 32145->32147 32148 eba00f 32145->32148 32586 eb9c6e 45 API calls 32146->32586 32147->32148 32577 eba10c 32148->32577 32151 eba0b2 std::locale::locale 32151->31908 32152 eba04c 32152->32142 32154 ebdefc __EH_prolog3 32153->32154 32155 ea70e4 41 API calls 32154->32155 32156 ebdf06 32155->32156 32157 ea87c7 43 API calls 32156->32157 32158 ebdf15 std::locale::locale 32157->32158 32158->31914 32161 ea71b5 32160->32161 32162 ec0c5c 41 API calls 32161->32162 32163 ea71d7 32161->32163 32162->32163 32163->31852 32164->31915 32165->31921 32166->31925 32168 eab95b 32167->32168 32169 eab955 32167->32169 32168->31899 33678 eaa8b2 32169->33678 33682 eb36f0 32169->33682 33685 eb51f0 32169->33685 32173->31880 32175 ec0b20 32174->32175 32176 ec0b21 IsProcessorFeaturePresent 32174->32176 32175->31998 32178 ec0d69 32176->32178 32181 ec0d2c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 32178->32181 32180 ec0e4c 32180->31998 32181->32180 32184 ec0cd9 32182->32184 32185 ec0cf8 32184->32185 32187 ec0cfa 32184->32187 32204 ec81ae 32184->32204 32207 ec6367 32184->32207 32185->32010 32188 eba1f7 std::_Facet_Register 32187->32188 32190 ec0d04 std::_Facet_Register 32187->32190 32198 ec4f11 32188->32198 32191 ec4f11 std::_Xinvalid_argument RaiseException 32190->32191 32194 ec1449 32191->32194 32192 eba213 32201 eba22f 32192->32201 32196 ec0cd9 std::_Facet_Register 41 API calls 32197 eba250 32196->32197 32197->32010 32199 ec4f58 RaiseException 32198->32199 32200 ec4f2b 32198->32200 32199->32192 32200->32199 32214 ebd83e 32201->32214 32229 ec81da 32204->32229 32212 ecc333 __dosmaperr 32207->32212 32208 ecc371 32240 ecb5b9 14 API calls __dosmaperr 32208->32240 32209 ecc35c RtlAllocateHeap 32211 ecc36f 32209->32211 32209->32212 32211->32184 32212->32208 32212->32209 32213 ec81ae std::_Facet_Register 2 API calls 32212->32213 32213->32212 32217 ec4e59 32214->32217 32218 ec4e66 32217->32218 32224 eba222 32217->32224 32219 ec6367 _Yarn 15 API calls 32218->32219 32218->32224 32220 ec4e83 32219->32220 32221 ec4e93 32220->32221 32225 ecbbaf 39 API calls 2 library calls 32220->32225 32226 ec634c 32221->32226 32224->32010 32224->32196 32225->32221 32227 ecc2f9 ___free_lconv_mon 14 API calls 32226->32227 32228 ec6364 32227->32228 32228->32224 32230 ec81e6 ___scrt_is_nonwritable_in_current_image 32229->32230 32235 ecaac4 EnterCriticalSection 32230->32235 32232 ec81f1 std::locale::_Setgloballocale 32236 ec8228 32232->32236 32235->32232 32239 ecab0c LeaveCriticalSection 32236->32239 32238 ec81b9 32238->32184 32239->32238 32240->32211 32242 ec0c5c 41 API calls 32241->32242 32243 ea6f19 32242->32243 32243->32014 32245 ea67a8 32244->32245 32246 ea67ad 32244->32246 32248 ea6f28 41 API calls std::_Xinvalid_argument 32245->32248 32246->32020 32248->32246 32249->32023 32258 ea970a 32250->32258 32255 ea9796 32253->32255 32256 ea97c7 32255->32256 32274 ea972d ReadFile 32255->32274 32256->32039 32257->32039 32261 ea96af 32258->32261 32266 ea948b 32261->32266 32263 ea9702 32263->32039 32265 ea96ea SetFileTime 32265->32263 32271 ea94c0 32266->32271 32269 ea949a CreateFileW 32270 ea94bb 32269->32270 32270->32263 32270->32265 32272 ea94ea CloseHandle 32271->32272 32273 ea9496 32271->32273 32272->32273 32273->32269 32273->32270 32275 ea9750 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32274->32275 32275->32255 32276->32042 32277->32042 32278->32042 32280 ea6ef5 41 API calls 32279->32280 32281 ea718c 32280->32281 32281->32056 32283 ea87d6 __EH_prolog3_GS 32282->32283 32284 ea87dd GetCurrentDirectoryW 32283->32284 32285 ea8804 32284->32285 32297 ea8820 32284->32297 32286 ea880c 32285->32286 32287 ea8824 32285->32287 32288 ea71a5 41 API calls 32286->32288 32289 ea70e4 41 API calls 32287->32289 32288->32297 32291 ea882f 32289->32291 32322 ea76d8 41 API calls 32291->32322 32292 ea8894 32292->32066 32294 ea883f GetCurrentDirectoryW 32295 ea8849 32294->32295 32294->32297 32296 ea7204 41 API calls 32295->32296 32295->32297 32296->32297 32319 ed90f4 32297->32319 32301 ea759c 32298->32301 32299 ea75ff 32299->32070 32301->32299 32323 ea7548 41 API calls 32301->32323 32302->32072 32304 ea842d __EH_prolog3 32303->32304 32324 ea8f5c GetFileAttributesW 32304->32324 32306 ea843d std::locale::locale 32306->32080 32307 ea8434 32307->32306 32308 ea7108 41 API calls 32307->32308 32311 ea8469 32308->32311 32309 ea8495 32310 ea717a 41 API calls 32309->32310 32315 ea84a9 32310->32315 32311->32306 32311->32309 32313 ea84b8 GetLastError 32314 ea8573 32313->32314 32313->32315 32314->32306 32315->32313 32315->32314 32317 ea851c 32315->32317 32325 ea8399 57 API calls 2 library calls 32315->32325 32317->32314 32326 ea7267 41 API calls 32317->32326 32327 ea838a CreateDirectoryW 32317->32327 32320 ec0b18 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 32319->32320 32321 ed90fe 32320->32321 32321->32321 32322->32294 32323->32301 32324->32307 32325->32315 32326->32317 32327->32317 32329 ea8b23 32328->32329 32330 ea8b27 32328->32330 32329->32087 32380 ea85c6 63 API calls 2 library calls 32330->32380 32332 ea8b2f 32332->32087 32334 ea71a5 41 API calls 32333->32334 32335 ea8922 32334->32335 32336 ec0b18 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 32335->32336 32337 ea8944 32336->32337 32337->32101 32338 ea73a8 32337->32338 32339 ea73b7 32338->32339 32381 ea6f6f 32339->32381 32341 ea73c1 32341->32093 32392 ed9136 32342->32392 32344 ea8952 GetCurrentThreadId GetTickCount GetCurrentProcessId 32350 ea897f 32344->32350 32345 ea8a71 32404 ec0e4e 32345->32404 32348 ea89be GetTickCount 32349 ea7108 41 API calls 32348->32349 32349->32350 32350->32345 32351 ea82c4 41 API calls 32350->32351 32356 ea8a01 SetLastError 32350->32356 32362 ea8a21 GetLastError 32350->32362 32364 ea8a49 32350->32364 32393 ea6df9 32350->32393 32397 ea93c0 32350->32397 32403 ea838a CreateDirectoryW 32350->32403 32351->32350 32352 ea8a76 __EH_prolog3 32353 ea8b1b 63 API calls 32352->32353 32355 ea8a8a 32353->32355 32357 ea70e4 41 API calls 32355->32357 32375 ea8afc std::locale::locale 32355->32375 32356->32350 32358 ea8aa4 32357->32358 32359 ea88de 42 API calls 32358->32359 32361 ea8ab1 32359->32361 32363 ea73a8 41 API calls 32361->32363 32361->32375 32362->32350 32365 ea8ac2 32363->32365 32368 ed90f4 5 API calls 32364->32368 32366 ea6dd7 41 API calls 32365->32366 32367 ea8aca 32366->32367 32370 ea8946 66 API calls 32367->32370 32369 ea8a61 32368->32369 32369->32097 32371 ea8ae2 32370->32371 32372 ea7204 41 API calls 32371->32372 32371->32375 32373 ea8af1 32372->32373 32374 ea82c4 41 API calls 32373->32374 32374->32375 32375->32097 32377 ea82d1 32376->32377 32378 ea741c 41 API calls 32377->32378 32379 ea82d9 32378->32379 32379->32101 32380->32332 32382 ea6fbc 32381->32382 32383 ea6f86 32381->32383 32382->32341 32384 ea6fc3 32383->32384 32385 ea6fb1 32383->32385 32386 ec4f11 std::_Xinvalid_argument RaiseException 32384->32386 32389 ea6e4e 32385->32389 32388 ea6fd8 32386->32388 32390 ec0c5c 41 API calls 32389->32390 32391 ea6e70 32390->32391 32391->32382 32392->32344 32394 ea6e08 32393->32394 32407 ea6d70 32394->32407 32396 ea6e12 32396->32348 32398 ea93cc __EH_prolog3 32397->32398 32416 ea83fd 32398->32416 32402 ea93e5 std::locale::locale 32402->32350 32403->32350 32511 ec0e5a IsProcessorFeaturePresent 32404->32511 32408 ea6dba 32407->32408 32409 ea6d87 32407->32409 32408->32396 32410 ea6dc1 32409->32410 32411 ea6db2 32409->32411 32412 ec4f11 std::_Xinvalid_argument RaiseException 32410->32412 32415 ea6cf0 41 API calls ctype 32411->32415 32414 ea6dd6 32412->32414 32415->32408 32417 ea840c 32416->32417 32418 ea70e4 41 API calls 32417->32418 32419 ea8414 32418->32419 32420 ea8f6e 32419->32420 32421 ea8f7a __EH_prolog3 32420->32421 32422 ea7108 41 API calls 32421->32422 32425 ea912d 32421->32425 32423 ea8fb2 32422->32423 32424 ea7108 41 API calls 32423->32424 32433 ea8fc0 32424->32433 32426 ea91bc 32425->32426 32427 ea9173 32425->32427 32430 ea91da 32426->32430 32431 ea920d 32426->32431 32436 ea91df 32426->32436 32499 ea8f5c GetFileAttributesW 32427->32499 32429 ea917a 32429->32436 32437 ea918e 32429->32437 32501 ea8f5c GetFileAttributesW 32430->32501 32431->32436 32502 ea9353 8 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 32431->32502 32441 ea8ffe 32433->32441 32487 ea741c 32433->32487 32472 ea90c8 std::locale::locale 32436->32472 32478 ea8d20 32436->32478 32438 ea71a5 41 API calls 32437->32438 32439 ea91a6 32438->32439 32500 ea9353 8 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 32439->32500 32440 ea92cf 32440->32472 32506 ea9353 8 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 32440->32506 32442 ea9046 32441->32442 32453 ea9024 32441->32453 32445 ea8f6e 54 API calls 32442->32445 32448 ea9051 32445->32448 32446 ea9245 32449 ea9249 32446->32449 32450 ea9257 32446->32450 32448->32425 32451 ea9044 32448->32451 32452 ea71a5 41 API calls 32449->32452 32454 ea7108 41 API calls 32450->32454 32491 ea8c03 41 API calls 2 library calls 32451->32491 32452->32472 32453->32451 32460 ea7204 41 API calls 32453->32460 32456 ea9260 32454->32456 32503 ea7d4f 41 API calls 32456->32503 32457 ea9073 32492 ea933a 41 API calls 32457->32492 32460->32451 32461 ea926c 32504 ea8b4a 41 API calls 32461->32504 32463 ea9275 32466 ea8d20 43 API calls 32463->32466 32465 ea90fd SetLastError 32465->32472 32469 ea9287 32466->32469 32471 ea92f1 32469->32471 32505 ea8f5c GetFileAttributesW 32469->32505 32470 ea92a7 32470->32436 32470->32471 32473 ea71a5 41 API calls 32471->32473 32472->32402 32473->32472 32474 ea907f 32474->32465 32474->32472 32475 ea90ca 32474->32475 32493 ea8b54 CharUpperW 32474->32493 32494 ea933a 41 API calls 32474->32494 32495 ea8f0b 48 API calls 32474->32495 32496 ea73e4 32475->32496 32507 ea8d01 32478->32507 32481 ea8d4e FindFirstFileW 32482 ea8d6c 32481->32482 32483 ea8d61 32481->32483 32485 ec0b18 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 32482->32485 32510 ea8ca9 41 API calls 32483->32510 32486 ea8d83 32485->32486 32486->32440 32488 ea742e 32487->32488 32489 ea6f6f 41 API calls 32488->32489 32490 ea7438 32489->32490 32490->32441 32491->32457 32492->32474 32493->32474 32494->32474 32495->32474 32497 ea6f6f 41 API calls 32496->32497 32498 ea73f6 32497->32498 32498->32472 32499->32429 32500->32472 32501->32436 32502->32446 32503->32461 32504->32463 32505->32470 32506->32472 32508 ea8d09 FindClose 32507->32508 32509 ea8d15 32507->32509 32508->32509 32509->32481 32509->32482 32510->32482 32512 ec0e6f 32511->32512 32515 ec0d2c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 32512->32515 32514 ec0e58 32514->32352 32515->32514 32516->32122 32517->32122 32518->32122 32520 eba0c8 __EH_prolog3 32519->32520 32521 ea70e4 41 API calls 32520->32521 32522 eba0d5 32521->32522 32523 ea70e4 41 API calls 32522->32523 32524 eba0e1 32523->32524 32587 eb9935 32524->32587 32526 eba0f5 32527 ea70e4 41 API calls 32526->32527 32528 eba104 std::locale::locale 32527->32528 32528->32129 32530 eba147 __EH_prolog3 32529->32530 32531 ea70e4 41 API calls 32530->32531 32532 eba175 32531->32532 32533 ea70e4 41 API calls 32532->32533 32534 eba181 32533->32534 32535 ea70e4 41 API calls 32534->32535 32536 eba18d 32535->32536 32537 ea70e4 41 API calls 32536->32537 32538 eba1a1 32537->32538 32599 eb9a8a 32538->32599 32540 eba1ad 32541 ea70e4 41 API calls 32540->32541 32542 eba1bc std::locale::locale 32541->32542 32542->32137 32544 eb9d41 __EH_prolog3 32543->32544 32545 ea83fd 41 API calls 32544->32545 32546 eb9d4e 32545->32546 32547 ea8f6e 55 API calls 32546->32547 32548 eb9d6a 32547->32548 32549 eb9d6e 32548->32549 32551 eb9d8d 32548->32551 32699 ea7320 41 API calls 32549->32699 32614 eb6f0d 32551->32614 32554 ea7204 41 API calls 32555 eb9dcd 32554->32555 32618 eb8643 32555->32618 32557 eb9de9 32558 eb9e08 32557->32558 32559 eb9df3 32557->32559 32561 ea717a 41 API calls 32558->32561 32700 ea7320 41 API calls 32559->32700 32562 eb9e14 32561->32562 32563 ea8421 59 API calls 32562->32563 32564 eb9e2f 32563->32564 32565 eb9e5e 32564->32565 32566 eb9e36 32564->32566 32642 ea713a 32565->32642 32701 eb8c3a 43 API calls 2 library calls 32566->32701 32569 eb9e6b 32646 eb92f3 32569->32646 32570 eb9e3f 32571 ea7204 41 API calls 32570->32571 32572 eb9d7e std::locale::locale 32571->32572 32572->32152 32574 eb9e8e 32652 eac7d5 32574->32652 32655 eac23a 32574->32655 32578 eba11a 32577->32578 33502 eb9982 15 API calls Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32578->33502 33503 ea661c 32583->33503 32586->32152 32588 eb9941 __EH_prolog3 32587->32588 32589 ea70e4 41 API calls 32588->32589 32590 eb996e 32589->32590 32593 eb6f57 32590->32593 32592 eb997a std::locale::locale 32592->32526 32594 eb6f63 __EH_prolog3 32593->32594 32595 ea70e4 41 API calls 32594->32595 32596 eb6f84 32595->32596 32597 ea70e4 41 API calls 32596->32597 32598 eb6f8f std::locale::locale 32597->32598 32598->32592 32600 eb9a96 __EH_prolog3 32599->32600 32601 ea70e4 41 API calls 32600->32601 32602 eb9ab6 32601->32602 32612 eb9a58 InitializeCriticalSection 32602->32612 32604 eb9ad2 32613 eb99c0 GetLastError CreateEventW 32604->32613 32606 eb9ae6 32607 eb9aea std::locale::locale 32606->32607 32608 ec4f11 std::_Xinvalid_argument RaiseException 32606->32608 32607->32540 32609 eb9b07 32608->32609 32610 ea7204 41 API calls 32609->32610 32611 eb9b19 32610->32611 32611->32540 32612->32604 32613->32606 32615 eb6f23 32614->32615 32616 ea70e4 41 API calls 32615->32616 32617 eb6f40 32616->32617 32617->32554 32619 eb864f __EH_prolog3 32618->32619 32620 ec0cd9 std::_Facet_Register 41 API calls 32619->32620 32621 eb8664 32620->32621 32702 eb6cb7 32621->32702 32623 eb8672 32624 ea70e4 41 API calls 32623->32624 32625 eb8692 32624->32625 32626 ea70e4 41 API calls 32625->32626 32627 eb869e 32626->32627 32628 eb86df 32627->32628 32629 eb86af 32627->32629 32798 eb5b24 41 API calls 32628->32798 32710 ea8895 32629->32710 32631 eb86d4 32636 eb86da 32631->32636 32726 eb8087 32631->32726 32633 eb86c5 32716 eb5a9e 32633->32716 32637 eab92d 15 API calls 32636->32637 32638 eb8799 std::locale::locale 32637->32638 32638->32557 32640 eb870a Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32640->32636 32799 ea70a2 32640->32799 32803 ea68cc 41 API calls 32640->32803 32643 ea714c 32642->32643 32644 ea6ef5 41 API calls 32643->32644 32645 ea7156 32644->32645 32645->32569 32647 eb9304 32646->32647 32648 ea7204 41 API calls 32647->32648 32649 eb9316 32648->32649 32650 ea7204 41 API calls 32649->32650 32651 eb933e 32650->32651 32651->32574 32653 eab92d 15 API calls 32652->32653 32654 eac7e0 32653->32654 32659 eac27e 32655->32659 32656 eab92d 15 API calls 32657 eac7aa 32656->32657 32657->32572 32658 ec0cd9 std::_Facet_Register 41 API calls 32660 eac391 32658->32660 32659->32658 32689 eac383 32659->32689 32661 ec0cd9 std::_Facet_Register 41 API calls 32660->32661 32679 eac3ea 32661->32679 32662 eac444 32663 eab92d 15 API calls 32662->32663 32665 eac44c 32663->32665 32664 eac477 32666 eab92d 15 API calls 32664->32666 32667 eab92d 15 API calls 32665->32667 32668 eac47f 32666->32668 32669 eac454 32667->32669 32670 eab92d 15 API calls 32668->32670 32672 eac7d5 15 API calls 32669->32672 32671 eac487 32670->32671 32673 eac7d5 15 API calls 32671->32673 32674 eac45f 32672->32674 32676 eac492 32673->32676 32677 eab92d 15 API calls 32674->32677 32678 eab92d 15 API calls 32676->32678 32677->32689 32678->32689 32679->32662 32679->32664 32680 eac5e2 32679->32680 32690 eac705 32679->32690 32692 eac208 69 API calls 32679->32692 33065 eabed4 32679->33065 33068 eaafe5 32679->33068 32681 eab92d 15 API calls 32680->32681 32682 eac5ea 32681->32682 32683 eab92d 15 API calls 32682->32683 32684 eac5f2 32683->32684 32685 eac7d5 15 API calls 32684->32685 32686 eac5fd 32685->32686 32688 eab92d 15 API calls 32686->32688 32688->32689 32689->32656 32691 eab92d 15 API calls 32690->32691 32693 eac70d 32691->32693 32692->32679 32694 eab92d 15 API calls 32693->32694 32695 eac715 32694->32695 32696 eac7d5 15 API calls 32695->32696 32697 eac720 32696->32697 32698 eab92d 15 API calls 32697->32698 32698->32689 32699->32572 32700->32572 32701->32570 32703 eb6cc3 __EH_prolog3 32702->32703 32704 ea70e4 41 API calls 32703->32704 32705 eb6d1d 32704->32705 32706 ea70e4 41 API calls 32705->32706 32707 eb6d29 32706->32707 32708 ea83fd 41 API calls 32707->32708 32709 eb6d35 std::locale::locale 32708->32709 32709->32623 32711 ea88a4 32710->32711 32712 ea71a5 41 API calls 32711->32712 32713 ea88b2 32711->32713 32712->32713 32714 ea71a5 41 API calls 32713->32714 32715 ea88cd 32714->32715 32715->32633 32717 eb5aaa __EH_prolog3 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32716->32717 32718 ea7204 41 API calls 32717->32718 32719 eb5ae0 32718->32719 32720 ea70a2 41 API calls 32719->32720 32721 eb5aee 32720->32721 32804 ea8beb 32721->32804 32723 eb5b01 32725 eb5b18 std::locale::locale 32723->32725 32807 ea9474 GetLastError 32723->32807 32725->32631 32727 eb8096 __EH_prolog3 32726->32727 32808 eb805e 32727->32808 32729 eb80b0 std::locale::locale 32729->32640 32731 ea7204 41 API calls 32733 eb80a0 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32731->32733 32733->32729 32733->32731 32734 eb84ec 32733->32734 32745 eb81e5 32733->32745 32812 eb6fa0 32733->32812 32824 eb7dc5 32733->32824 32853 eb880c 41 API calls 32733->32853 32854 eb85ed 15 API calls 32733->32854 32735 eb8517 32734->32735 32901 eb7b31 41 API calls 32734->32901 32902 eb85ed 15 API calls 32735->32902 32739 eb8508 32741 ea7204 41 API calls 32739->32741 32741->32735 32742 eb85ba 32743 eaa167 VariantClear 32742->32743 32743->32729 32744 eb85ca 32746 eaa167 VariantClear 32744->32746 32745->32742 32745->32744 32747 eb8261 32745->32747 32746->32729 32747->32744 32748 eb826d 32747->32748 32855 eaa167 32748->32855 32750 eb85b0 32751 eab92d 15 API calls 32750->32751 32751->32729 32752 eb85a8 32753 eab92d 15 API calls 32752->32753 32753->32750 32754 eb85a0 32755 eab92d 15 API calls 32754->32755 32755->32752 32756 eb8272 32756->32750 32756->32752 32756->32754 32757 eb6fa0 41 API calls 32756->32757 32758 eb8338 32757->32758 32859 eb7216 43 API calls 2 library calls 32758->32859 32761 eb8351 32780 eb8529 32761->32780 32860 eb7040 VariantClear 32761->32860 32767 eb83d2 32770 eb6f0d 41 API calls 32767->32770 32771 eb83ef 32770->32771 32772 ea7204 41 API calls 32771->32772 32773 eb8442 32772->32773 32861 eb7b8f 32773->32861 32775 eab92d 15 API calls 32775->32767 32776 eb8466 32778 eb847f 32776->32778 32779 eb8561 32776->32779 32777 eb8371 32777->32767 32777->32775 32777->32780 32778->32780 32898 eb7401 VariantClear VariantClear 32778->32898 32904 eb7b31 41 API calls 32779->32904 32903 eb85ed 15 API calls 32780->32903 32783 eb8573 32785 ea7204 41 API calls 32783->32785 32784 eb8499 32784->32780 32786 eb84a3 32784->32786 32788 eb8582 32785->32788 32899 eb880c 41 API calls 32786->32899 32905 eb85ed 15 API calls 32788->32905 32790 eb84b2 32900 eb85ed 15 API calls 32790->32900 32798->32631 32800 ea70b7 32799->32800 33062 ea705e 32800->33062 32802 ea70da 32802->32640 32803->32640 32805 ea8f6e 55 API calls 32804->32805 32806 ea8bf8 32805->32806 32806->32723 32807->32725 32809 eb8069 32808->32809 32810 eb8085 32809->32810 32906 eb87f0 15 API calls 32809->32906 32810->32733 32813 eb6fac __EH_prolog3 32812->32813 32814 ea70e4 41 API calls 32813->32814 32815 eb6fe9 32814->32815 32816 ea70e4 41 API calls 32815->32816 32817 eb6ff5 32816->32817 32818 ea70e4 41 API calls 32817->32818 32819 eb7001 32818->32819 32820 eb6f57 41 API calls 32819->32820 32821 eb7015 32820->32821 32822 eb6f57 41 API calls 32821->32822 32823 eb7024 std::locale::locale 32822->32823 32823->32733 32825 eb7dd1 __EH_prolog3 32824->32825 32826 eb7dfa 32825->32826 32827 eb7e22 32825->32827 32828 ec0cd9 std::_Facet_Register 41 API calls 32826->32828 32829 ec0cd9 std::_Facet_Register 41 API calls 32827->32829 32839 eb7e01 32827->32839 32828->32839 32832 eb7e2e 32829->32832 32830 eb7b8f 97 API calls 32841 eb7ea6 32830->32841 32831 eab92d 15 API calls 32833 eb7e7a 32831->32833 32835 ea7204 41 API calls 32832->32835 32834 eab92d 15 API calls 32833->32834 32836 eb7e82 std::locale::locale 32834->32836 32837 eb7e54 32835->32837 32836->32733 32838 eb7e69 32837->32838 32837->32839 32907 ea9474 GetLastError 32838->32907 32839->32830 32843 eb7e6e 32841->32843 32908 eb65ec 41 API calls 32841->32908 32843->32831 32844 ea717a 41 API calls 32850 eb7f0b Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32844->32850 32847 ea73e4 41 API calls 32847->32850 32848 ea741c 41 API calls 32848->32850 32849 ea7204 41 API calls 32849->32850 32850->32843 32850->32844 32850->32847 32850->32848 32850->32849 32851 eb6d48 55 API calls 32850->32851 32852 eb7b8f 97 API calls 32850->32852 32909 ea738a 41 API calls 32850->32909 32910 eb6dd2 41 API calls 32850->32910 32851->32850 32852->32850 32853->32733 32856 eaa16f 32855->32856 32857 eaa184 VariantClear 32855->32857 32856->32857 32858 eaa18b 32856->32858 32857->32858 32858->32756 32859->32761 32860->32777 32862 eb7b9b __EH_prolog3 32861->32862 32911 eb7730 32862->32911 32864 eb7d5b std::locale::locale 32864->32776 32865 eb7ba8 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32865->32864 32941 eb70ad VariantClear 32865->32941 32867 eb7c21 32867->32864 32942 eb70ad VariantClear 32867->32942 32869 eb7c3e 32869->32864 32943 eb70ad VariantClear 32869->32943 32871 eb7c5b 32871->32864 32944 eb70ad VariantClear 32871->32944 32873 eb7c78 32873->32864 32945 eb70ad VariantClear 32873->32945 32875 eb7c95 32875->32864 32946 eb70ad VariantClear 32875->32946 32877 eb7cb2 32877->32864 32947 ea7e29 32877->32947 32880 ea70e4 41 API calls 32881 eb7cd1 32880->32881 32882 ea71a5 41 API calls 32881->32882 32883 eb7cf4 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32881->32883 32882->32883 32883->32864 32884 eb7d28 32883->32884 32885 eb7d6d 32883->32885 32887 ea70e4 41 API calls 32884->32887 32952 eb6775 CharUpperW Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32885->32952 32888 eb7d30 32887->32888 32890 ea70e4 41 API calls 32888->32890 32889 eb7d78 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32953 eb66d9 42 API calls 32889->32953 32891 eb7d3e 32890->32891 32951 eb66d9 42 API calls 32891->32951 32894 eb7d97 32896 ea7204 41 API calls 32894->32896 32895 eb7d4f 32897 ea7204 41 API calls 32895->32897 32896->32864 32897->32864 32898->32784 32899->32790 32901->32739 32904->32783 32907->32843 32908->32850 32909->32850 32910->32850 32912 eb773c __EH_prolog3 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32911->32912 32913 ea7e29 41 API calls 32912->32913 32914 eb7784 32913->32914 32915 ea70e4 41 API calls 32914->32915 32916 eb7790 32915->32916 32917 ea71a5 41 API calls 32916->32917 32918 eb77b3 32916->32918 32917->32918 32954 eb87cf 32918->32954 32920 eb77d2 32921 eb782f 32920->32921 32929 eb7853 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32920->32929 32977 eb1261 41 API calls 32921->32977 32923 eb7838 32927 eb78ee std::locale::locale 32923->32927 32931 eb792f Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32923->32931 32981 eb6bee 20 API calls 32923->32981 32927->32865 32929->32923 32978 eb6775 CharUpperW Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 32929->32978 32979 eb8841 41 API calls 32929->32979 32980 eb1261 41 API calls 32929->32980 32931->32927 32934 eab92d 15 API calls 32931->32934 32936 eb7b1d 32931->32936 32938 eb7b03 32931->32938 32958 eb32d7 32931->32958 32961 eb770b 32931->32961 32964 ead3a8 32931->32964 32982 eb7527 42 API calls 2 library calls 32931->32982 32983 eb7b31 41 API calls 32931->32983 32933 eab92d 15 API calls 32933->32927 32934->32931 32937 eab92d 15 API calls 32936->32937 32937->32938 32938->32933 32941->32867 32942->32869 32943->32871 32944->32873 32945->32875 32946->32877 32948 ea7e3e 32947->32948 32949 ea7108 41 API calls 32948->32949 32950 ea7e4f 32949->32950 32950->32880 32951->32895 32952->32889 32953->32894 32955 eb87e6 32954->32955 32956 eb87de 32954->32956 32955->32920 32957 ec0c5c 41 API calls 32956->32957 32957->32955 32984 eaa541 32958->32984 32991 eb6e10 32961->32991 32963 eb771e 32963->32931 32965 ead3fb 32964->32965 33001 eadc7c 32965->33001 32967 ead42a 32968 ead44a 32967->32968 33007 eafb15 32967->33007 32971 eab92d 15 API calls 32968->32971 32970 ead446 32970->32968 32973 ead466 32970->32973 32972 ead462 32971->32972 32974 ec0b18 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 32972->32974 32976 eab92d 15 API calls 32973->32976 32975 ead4b7 32974->32975 32975->32931 32976->32972 32977->32923 32978->32929 32979->32929 32980->32929 32981->32931 32982->32931 32983->32931 32987 eb1a02 32984->32987 32985 eaa554 32985->32931 32988 eb1a34 32987->32988 32990 eb1a2d 32987->32990 32989 ea9605 SetFilePointer GetLastError SetFilePointer GetLastError SetLastError 32988->32989 32989->32990 32990->32985 32992 eb6e1c Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock __EH_prolog3_catch 32991->32992 32995 eb0046 32992->32995 32993 eb6e2e std::locale::locale 32993->32963 32996 eb0052 __EH_prolog3 32995->32996 32997 ec0cd9 std::_Facet_Register 41 API calls 32996->32997 32998 eb005c 32997->32998 32999 eace16 12 API calls 32998->32999 33000 eb006b std::locale::locale 32999->33000 33000->32993 33002 eadc93 33001->33002 33014 eb3381 33002->33014 33005 eadcb3 33005->32967 33008 eafb21 __EH_prolog3_catch 33007->33008 33036 eaf817 33008->33036 33010 eafb30 33013 eafb44 std::locale::locale 33010->33013 33061 ead734 RaiseException std::_Xinvalid_argument 33010->33061 33013->32970 33015 eb32bb SetFilePointer GetLastError SetFilePointer GetLastError SetLastError 33014->33015 33020 eb33b1 33015->33020 33016 eadca2 33016->33005 33024 eadaf4 33016->33024 33017 eb33f7 33018 eab92d 15 API calls 33017->33018 33019 eb33ff 33018->33019 33021 eaa541 SetFilePointer GetLastError SetFilePointer GetLastError SetLastError 33019->33021 33020->33016 33020->33017 33022 eb33eb 33020->33022 33021->33016 33023 eab92d 15 API calls 33022->33023 33023->33016 33025 eadb00 __EH_prolog3 33024->33025 33026 eb3484 ReadFile GetLastError 33025->33026 33028 eadb12 33026->33028 33027 eadb25 std::locale::locale 33027->33005 33028->33027 33029 ead594 16 API calls 33028->33029 33032 eadb49 ctype 33029->33032 33030 eadc63 33031 ead554 14 API calls 33030->33031 33031->33027 33032->33030 33033 eadc28 ctype 33032->33033 33035 eb18ed ReadFile GetLastError 33032->33035 33034 eaa541 SetFilePointer GetLastError SetFilePointer GetLastError SetLastError 33033->33034 33034->33030 33035->33032 33037 eaf823 __EH_prolog3 33036->33037 33056 eaf8e2 std::locale::locale 33037->33056 33060 eb1a02 SetFilePointer GetLastError SetFilePointer GetLastError SetLastError 33037->33060 33038 eaf98e 33039 eafe49 41 API calls 33038->33039 33038->33056 33040 eaf9a6 33039->33040 33041 eb3484 ReadFile GetLastError 33040->33041 33044 eaf9c7 33041->33044 33042 eafb0f 33043 ead72f RaiseException 33042->33043 33046 eafb14 __EH_prolog3_catch 33043->33046 33044->33042 33045 ead7ac RaiseException 33044->33045 33044->33056 33051 eafa08 33045->33051 33047 eaf817 90 API calls 33046->33047 33048 eafb30 33047->33048 33049 ead734 RaiseException 33048->33049 33054 eafb44 std::locale::locale 33048->33054 33052 eafb76 33049->33052 33050 eafad0 33053 eaf039 90 API calls 33050->33053 33051->33042 33051->33050 33055 eaedfb 90 API calls 33051->33055 33053->33056 33054->33010 33057 eafa59 33055->33057 33056->33010 33057->33042 33057->33056 33058 ead7ac RaiseException 33057->33058 33059 eafabe 33058->33059 33059->33042 33059->33050 33060->33038 33063 ea6ef5 41 API calls 33062->33063 33064 ea7079 33063->33064 33064->32802 33127 eac085 33065->33127 33069 eaaff4 __EH_prolog3 33068->33069 33290 eaaa08 33069->33290 33071 eab03b 33073 eab047 std::locale::locale 33071->33073 33293 eaab36 33071->33293 33073->32679 33074 eab06e 33303 eb0667 33074->33303 33076 eab079 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33076->33073 33077 ec0cd9 std::_Facet_Register 41 API calls 33076->33077 33078 eab1d3 33076->33078 33086 eab0e9 33077->33086 33078->33073 33079 eab52b 33078->33079 33095 eab610 33078->33095 33096 eab92d 15 API calls 33078->33096 33105 eab5cf 33078->33105 33106 eab5dc 33078->33106 33119 eab8fc 41 API calls 33078->33119 33120 eab5e9 33078->33120 33309 ea127e 33078->33309 33314 eb53a6 33078->33314 33344 eab96d 41 API calls 33078->33344 33081 ec0cd9 std::_Facet_Register 41 API calls 33079->33081 33082 eab557 33081->33082 33319 eab889 33082->33319 33085 eab566 33116 eab5af 33085->33116 33126 eb1a02 5 API calls 33085->33126 33086->33073 33092 eab371 33086->33092 33104 eab1c1 33086->33104 33340 eb147c 42 API calls 3 library calls 33086->33340 33341 eab852 15 API calls 33086->33341 33088 eab719 33323 eab8fc 33088->33323 33090 eab92d 15 API calls 33091 eab7ef 33090->33091 33347 eaba0c 33091->33347 33343 eab852 15 API calls 33092->33343 33093 eaa541 5 API calls 33093->33116 33100 eab92d 15 API calls 33095->33100 33096->33078 33097 eab70f 33098 eab92d 15 API calls 33097->33098 33101 eab714 33098->33101 33100->33073 33101->33090 33102 eab72c Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33102->33101 33112 eab789 33102->33112 33346 eb0865 RaiseException Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33102->33346 33342 eab865 41 API calls 33104->33342 33109 eab92d 15 API calls 33105->33109 33110 eab92d 15 API calls 33106->33110 33107 ec0cd9 41 API calls std::_Facet_Register 33107->33116 33108 eab77e 33111 ec0cd9 std::_Facet_Register 41 API calls 33108->33111 33108->33112 33109->33073 33110->33073 33111->33112 33327 eb3544 33112->33327 33331 eb0f51 33112->33331 33114 eab7ce 33115 eab92d 15 API calls 33114->33115 33115->33101 33116->33088 33116->33093 33116->33097 33116->33101 33116->33107 33117 eab92d 15 API calls 33116->33117 33345 eaba39 41 API calls std::_Facet_Register 33116->33345 33117->33116 33119->33078 33121 eab92d 15 API calls 33120->33121 33121->33073 33126->33116 33130 eac08a 33127->33130 33128 eabef6 33128->32679 33130->33128 33132 eabefa 33130->33132 33138 eac055 33130->33138 33133 eabf06 __EH_prolog3 33132->33133 33142 eb9487 33133->33142 33134 eab92d 15 API calls 33135 eac008 std::locale::locale 33134->33135 33135->33130 33136 eabf81 33136->33134 33139 eac05d 33138->33139 33270 eac012 33139->33270 33212 eb8d4a 33142->33212 33144 eb94c0 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33145 ea70e4 41 API calls 33144->33145 33157 eb94c4 33144->33157 33146 eb94de 33145->33146 33217 ead1e1 33146->33217 33147 eb94ff 33148 eb950b 33147->33148 33149 eb9519 33147->33149 33150 eb9520 33147->33150 33152 ea7204 41 API calls 33148->33152 33149->33150 33239 ea72c2 42 API calls 33149->33239 33151 eaa167 VariantClear 33150->33151 33151->33157 33153 eb9517 33152->33153 33155 ea7204 41 API calls 33153->33155 33156 eb9541 33155->33156 33158 eaa167 VariantClear 33156->33158 33157->33136 33160 eb9549 33158->33160 33159 eaa167 VariantClear 33159->33157 33160->33150 33160->33157 33161 eb9608 33160->33161 33162 eb95f0 33160->33162 33206 eb9681 33160->33206 33164 eaa167 VariantClear 33161->33164 33163 eaa167 VariantClear 33162->33163 33165 eb95f8 33163->33165 33167 eb9621 33164->33167 33166 eaa167 VariantClear 33165->33166 33166->33157 33167->33150 33168 eb9642 33167->33168 33168->33206 33225 ea7d7d 33168->33225 33170 eb9675 33171 ea717a 41 API calls 33170->33171 33170->33206 33172 eb96a7 33171->33172 33173 eb96cf 33172->33173 33240 eb9418 42 API calls 3 library calls 33172->33240 33174 ea70a2 41 API calls 33173->33174 33176 eb96de 33174->33176 33177 eb9721 33176->33177 33178 eb96e4 33176->33178 33179 ea83fd 41 API calls 33177->33179 33180 ea7204 41 API calls 33178->33180 33181 eb972c 33179->33181 33182 eb96f2 33180->33182 33185 ea8f6e 55 API calls 33181->33185 33183 eb9709 33182->33183 33184 eb96f6 33182->33184 33242 ea8326 CreateFileW SetFileTime CloseHandle Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33183->33242 33241 ea837d RemoveDirectoryW 33184->33241 33187 eb9744 33185->33187 33190 eb9748 33187->33190 33191 eb9783 33187->33191 33189 eb971c 33199 eb9704 33189->33199 33243 ea858f SetFileAttributesW DeleteFileW GetFileAttributesW 33190->33243 33192 eb97eb 33191->33192 33194 ec0cd9 std::_Facet_Register 41 API calls 33191->33194 33195 ea7204 41 API calls 33192->33195 33200 eb978e 33194->33200 33195->33199 33196 eb974f 33196->33191 33197 eb9753 33196->33197 33244 ea7320 41 API calls 33197->33244 33201 eaa167 VariantClear 33199->33201 33236 eb9251 33200->33236 33201->33157 33204 eb97b0 33245 ea7320 41 API calls 33204->33245 33206->33159 33207 eb97c0 33208 eab92d 15 API calls 33207->33208 33208->33206 33209 eb97ca 33210 eab92d 15 API calls 33209->33210 33210->33192 33246 eaa6ae 33212->33246 33252 eaa1af 33217->33252 33219 ead212 33220 ead238 33219->33220 33222 ead316 33219->33222 33224 ead247 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33219->33224 33220->33224 33256 eadfef 33220->33256 33222->33224 33261 ead027 RaiseException 33222->33261 33224->33147 33227 ea7d89 __EH_prolog3 33225->33227 33226 ea7e1b std::locale::locale 33226->33170 33227->33226 33228 ea70e4 41 API calls 33227->33228 33234 ea7dac 33228->33234 33229 ea7dfb 33264 ea7267 41 API calls 33229->33264 33231 ea7e0f 33265 ea68cc 41 API calls 33231->33265 33234->33229 33262 ea7267 41 API calls 33234->33262 33263 ea68cc 41 API calls 33234->33263 33266 ea980b 33236->33266 33239->33153 33240->33173 33241->33199 33242->33189 33243->33196 33244->33206 33245->33207 33247 eaa697 EnterCriticalSection 33246->33247 33248 eaa6be 33247->33248 33249 eaa6c5 33248->33249 33250 eaa6a7 ~refcount_ptr LeaveCriticalSection 33249->33250 33251 eaa6ec 33250->33251 33251->33144 33253 eaa1d9 VariantClear 33252->33253 33254 eaa1bd 33252->33254 33255 eaa1d2 33253->33255 33254->33253 33254->33255 33255->33219 33257 eaa1af VariantClear 33256->33257 33258 eae001 33257->33258 33259 eaa02c SysAllocStringLen 33258->33259 33260 eae057 33258->33260 33259->33260 33260->33224 33261->33224 33262->33234 33263->33234 33264->33231 33265->33226 33267 ea9818 33266->33267 33268 ea97f7 CreateFileW CloseHandle 33267->33268 33269 ea9823 33268->33269 33269->33204 33269->33209 33271 eac020 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33270->33271 33276 eb1cea 33271->33276 33279 ea836f SetFileAttributesW 33271->33279 33280 eb987e 33271->33280 33272 eac050 33272->33130 33277 ea94c0 CloseHandle 33276->33277 33278 eb1cf2 33277->33278 33279->33272 33281 eb98b2 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33280->33281 33282 eb98dc 33280->33282 33286 eb98bc 33281->33286 33288 ea7320 41 API calls 33281->33288 33284 eb1cea CloseHandle 33282->33284 33285 eb98f9 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33282->33285 33284->33285 33285->33286 33289 ea836f SetFileAttributesW 33285->33289 33286->33272 33288->33286 33289->33286 33351 eadf88 33290->33351 33292 eaaa1d 33292->33071 33294 eaab50 33293->33294 33394 eabae5 33294->33394 33297 eaabbe 33299 eabae5 41 API calls 33297->33299 33298 eaab6b 33397 eabb6c 33298->33397 33301 eaabce Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33299->33301 33300 eabb6c 41 API calls 33302 eaac3f Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33300->33302 33301->33300 33302->33074 33307 eb0673 __EH_prolog3 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33303->33307 33304 eb0708 33306 eb0727 std::locale::locale 33304->33306 33416 eb0605 41 API calls 33304->33416 33306->33076 33307->33304 33307->33306 33308 eb1261 41 API calls 33307->33308 33308->33307 33310 ea1282 33309->33310 33311 ea1285 33309->33311 33310->33078 33312 ec6367 _Yarn 15 API calls 33311->33312 33313 ea128b 33312->33313 33313->33078 33417 ea51f6 33314->33417 33316 eb53df 33317 eb53f6 33316->33317 33423 eb5367 15 API calls 33316->33423 33317->33078 33320 eab895 __EH_prolog3 33319->33320 33430 eaa650 33320->33430 33322 eab8bc std::locale::locale 33322->33085 33324 eab90c 33323->33324 33325 eab920 33323->33325 33326 ec0c5c 41 API calls 33324->33326 33325->33102 33326->33325 33329 eb354f 33327->33329 33328 eb356e 33328->33114 33329->33328 33330 eb34f5 89 API calls 33329->33330 33330->33328 33438 eb0beb 33331->33438 33333 eb0f78 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33334 eb3544 89 API calls 33333->33334 33336 eb0fbe Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33333->33336 33337 eb1067 33333->33337 33334->33333 33336->33337 33446 eb08ea 33336->33446 33337->33114 33338 eb101b Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33338->33337 33457 eb03ef 15 API calls Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33338->33457 33340->33086 33342->33078 33344->33078 33345->33116 33346->33108 33348 eaba15 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33347->33348 33349 eaba32 33348->33349 33501 eabc88 15 API calls Concurrency::wait 33348->33501 33352 eadf9d 33351->33352 33358 eadd01 33352->33358 33354 eadfc7 33355 eadfd5 33354->33355 33356 ec4f11 std::_Xinvalid_argument RaiseException 33354->33356 33355->33292 33357 eadfee 33356->33357 33385 ead9f5 RaiseException 33358->33385 33360 eadd18 33373 eadf2e 33360->33373 33386 eafcff 41 API calls 2 library calls 33360->33386 33363 eadeae 33390 eafcbc 41 API calls 33363->33390 33365 eadeff 33365->33373 33391 eafc79 41 API calls 33365->33391 33368 eadd36 33368->33363 33368->33373 33382 ead9f5 RaiseException 33368->33382 33387 ead71c RaiseException std::_Xinvalid_argument 33368->33387 33388 ea7cfa 41 API calls 33368->33388 33389 ead86a RaiseException ctype 33368->33389 33369 eadf25 33369->33373 33376 eadf5e 33369->33376 33371 ead9f5 RaiseException 33374 eadec3 33371->33374 33380 eadf55 33373->33380 33393 ead734 RaiseException std::_Xinvalid_argument 33373->33393 33374->33365 33374->33371 33376->33380 33392 ead9f5 RaiseException 33376->33392 33380->33354 33382->33368 33385->33360 33386->33368 33387->33368 33388->33368 33389->33368 33390->33374 33391->33369 33392->33376 33400 eabcbb 33394->33400 33408 eabd1e 33397->33408 33401 eabcc7 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33400->33401 33402 eabd08 33401->33402 33403 eabcd7 33401->33403 33407 eabaf5 33401->33407 33404 ec4f11 std::_Xinvalid_argument RaiseException 33402->33404 33406 ec0c5c 41 API calls 33403->33406 33405 eabd1d 33404->33405 33406->33407 33407->33298 33409 eabd2a Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33408->33409 33410 eabb7c 33409->33410 33411 eabd3a 33409->33411 33412 eabd6b 33409->33412 33410->33297 33415 ec0c5c 41 API calls 33411->33415 33413 ec4f11 std::_Xinvalid_argument RaiseException 33412->33413 33414 eabd80 33413->33414 33415->33410 33416->33306 33418 ea5209 33417->33418 33419 ea5277 33418->33419 33424 ea50b9 33418->33424 33419->33316 33422 ea127e 15 API calls 33422->33419 33423->33317 33427 ea128d 33424->33427 33428 ec634c ___vcrt_freefls@4 14 API calls 33427->33428 33429 ea1293 33428->33429 33429->33422 33433 ea66fe 33430->33433 33437 ec13d0 33433->33437 33435 ea670a InitializeCriticalSection 33436 ea6731 33435->33436 33436->33322 33437->33435 33441 eb0bf7 __EH_prolog3 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33438->33441 33439 eb1213 15 API calls 33439->33441 33440 eaba39 41 API calls 33440->33441 33441->33439 33441->33440 33445 eb0cc3 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33441->33445 33442 eb0e47 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock std::locale::locale 33442->33333 33444 eab92d 15 API calls 33444->33445 33445->33442 33445->33444 33458 eb312a 41 API calls std::_Facet_Register 33445->33458 33447 eb08fe 33446->33447 33448 eabd1e 41 API calls 33447->33448 33449 eb0920 33448->33449 33450 eabd1e 41 API calls 33449->33450 33451 eb092e Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33450->33451 33452 eb09f5 33451->33452 33453 eb099b 33451->33453 33463 eb3a1d 33452->33463 33459 eb56e6 33453->33459 33454 eb09f3 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33454->33338 33457->33338 33458->33445 33460 eb56fa 33459->33460 33461 eb56f3 33459->33461 33472 eb549e 33460->33472 33461->33454 33464 eb3a4f 33463->33464 33471 eb3c28 33463->33471 33464->33471 33486 eb37ce 33464->33486 33466 eb3a66 33467 eb3c00 33466->33467 33469 eb34a6 70 API calls 33466->33469 33466->33471 33491 eb3951 33466->33491 33470 eb34a6 70 API calls 33467->33470 33467->33471 33469->33466 33470->33471 33471->33454 33473 eb54bb 33472->33473 33475 eb568f 33472->33475 33473->33475 33477 eb2c91 33473->33477 33481 eb34a6 33473->33481 33475->33461 33478 eb2cb5 33477->33478 33479 eb2cdb 33478->33479 33480 eaaf0f 9 API calls 33478->33480 33479->33473 33480->33479 33482 eb34b5 33481->33482 33483 eb34e0 33482->33483 33484 eac0c0 70 API calls 33482->33484 33485 eac055 43 API calls 33482->33485 33483->33473 33484->33482 33485->33482 33488 eb37e5 33486->33488 33489 eb3824 33488->33489 33495 ea1295 33488->33495 33498 ea12ad 33488->33498 33489->33466 33493 eb3984 33491->33493 33492 eb39e5 33492->33466 33493->33492 33494 eb2c91 9 API calls 33493->33494 33494->33493 33496 ea1299 33495->33496 33497 ea129c VirtualAlloc 33495->33497 33496->33488 33497->33488 33499 ea12bf 33498->33499 33500 ea12b1 VirtualFree 33498->33500 33499->33488 33500->33499 33501->33348 33508 ec64ce 33503->33508 33505 ea6635 33523 ea65a6 GetLastError 33505->33523 33507 ea6641 33507->32144 33507->32148 33509 ec64ef 33508->33509 33510 ec64db 33508->33510 33524 ec647e 33509->33524 33533 ecb5b9 14 API calls __dosmaperr 33510->33533 33514 ec64e0 33534 ec69c7 39 API calls __fread_nolock 33514->33534 33515 ec6504 CreateThread 33518 ec6523 GetLastError 33515->33518 33519 ec652f 33515->33519 33554 ec6372 33515->33554 33517 ec64eb 33517->33505 33535 ecb55f 14 API calls __dosmaperr 33518->33535 33536 ec63f0 33519->33536 33523->33507 33544 ecc381 33524->33544 33527 ecc2f9 ___free_lconv_mon 14 API calls 33528 ec649c 33527->33528 33529 ec64c0 33528->33529 33530 ec64a3 GetModuleHandleExW 33528->33530 33531 ec63f0 16 API calls 33529->33531 33530->33529 33532 ec64c8 33531->33532 33532->33515 33532->33519 33533->33514 33534->33517 33535->33519 33537 ec63fc 33536->33537 33543 ec6420 33536->33543 33538 ec640b 33537->33538 33539 ec6402 CloseHandle 33537->33539 33540 ec641a 33538->33540 33541 ec6411 FreeLibrary 33538->33541 33539->33538 33542 ecc2f9 ___free_lconv_mon 14 API calls 33540->33542 33541->33540 33542->33543 33543->33505 33545 ecc38e 33544->33545 33546 ecc3ce 33545->33546 33547 ecc3b9 HeapAlloc 33545->33547 33551 ecc3a2 __dosmaperr 33545->33551 33553 ecb5b9 14 API calls __dosmaperr 33546->33553 33548 ecc3cc 33547->33548 33547->33551 33550 ec648f 33548->33550 33550->33527 33551->33546 33551->33547 33552 ec81ae std::_Facet_Register 2 API calls 33551->33552 33552->33551 33553->33550 33555 ec637e ___scrt_is_nonwritable_in_current_image 33554->33555 33556 ec6385 GetLastError ExitThread 33555->33556 33557 ec6392 33555->33557 33570 ecc71c GetLastError 33557->33570 33562 ec63ae 33601 eb3507 33562->33601 33571 ecc738 33570->33571 33572 ecc732 33570->33572 33576 ecc73c SetLastError 33571->33576 33611 eccee1 6 API calls std::_Lockit::_Lockit 33571->33611 33610 eccea2 6 API calls std::_Lockit::_Lockit 33572->33610 33575 ecc754 33575->33576 33578 ecc381 __dosmaperr 14 API calls 33575->33578 33580 ec6397 33576->33580 33581 ecc7d1 33576->33581 33579 ecc769 33578->33579 33582 ecc771 33579->33582 33583 ecc782 33579->33583 33597 ecd1e3 33580->33597 33616 ecb4d8 39 API calls std::locale::_Setgloballocale 33581->33616 33612 eccee1 6 API calls std::_Lockit::_Lockit 33582->33612 33613 eccee1 6 API calls std::_Lockit::_Lockit 33583->33613 33588 ecc77f 33594 ecc2f9 ___free_lconv_mon 14 API calls 33588->33594 33589 ecc78e 33590 ecc7a9 33589->33590 33591 ecc792 33589->33591 33615 ecc54a 14 API calls __dosmaperr 33590->33615 33614 eccee1 6 API calls std::_Lockit::_Lockit 33591->33614 33594->33576 33595 ecc7b4 33596 ecc2f9 ___free_lconv_mon 14 API calls 33595->33596 33596->33576 33598 ecd1f3 std::locale::_Setgloballocale 33597->33598 33599 ec63a2 33597->33599 33598->33599 33617 eccd71 33598->33617 33599->33562 33608 ecd0ee 5 API calls std::_Lockit::_Lockit 33599->33608 33603 eb3517 33601->33603 33602 eb353b 33605 ec6551 33602->33605 33603->33602 33635 eb08b5 33603->33635 33639 ec6427 33605->33639 33608->33562 33610->33571 33611->33575 33612->33588 33613->33589 33614->33588 33615->33595 33620 ecccac 33617->33620 33621 ecccdc 33620->33621 33625 ecccd8 33620->33625 33621->33625 33627 eccbe1 33621->33627 33624 ecccf6 GetProcAddress 33624->33625 33626 eccd06 std::_Lockit::_Lockit 33624->33626 33625->33599 33626->33625 33633 eccbf2 ___vcrt_FlsFree 33627->33633 33628 eccc88 33628->33624 33628->33625 33629 eccc10 LoadLibraryExW 33630 eccc8f 33629->33630 33631 eccc2b GetLastError 33629->33631 33630->33628 33632 eccca1 FreeLibrary 33630->33632 33631->33633 33632->33628 33633->33628 33633->33629 33634 eccc5e LoadLibraryExW 33633->33634 33634->33630 33634->33633 33636 eb08c1 __EH_prolog3_catch 33635->33636 33637 eb08ea 78 API calls 33636->33637 33638 eb08cf std::locale::locale 33637->33638 33638->33603 33648 ecc86d GetLastError 33639->33648 33641 ec6474 ExitThread 33642 ec644b 33645 ec6457 CloseHandle 33642->33645 33646 ec645e 33642->33646 33643 ec6432 33643->33641 33643->33642 33671 ecd129 5 API calls std::_Lockit::_Lockit 33643->33671 33645->33646 33646->33641 33647 ec646a FreeLibraryAndExitThread 33646->33647 33647->33641 33649 ecc889 33648->33649 33650 ecc883 33648->33650 33654 ecc88d SetLastError 33649->33654 33673 eccee1 6 API calls std::_Lockit::_Lockit 33649->33673 33672 eccea2 6 API calls std::_Lockit::_Lockit 33650->33672 33653 ecc8a5 33653->33654 33655 ecc381 __dosmaperr 12 API calls 33653->33655 33654->33643 33657 ecc8ba 33655->33657 33658 ecc8c2 33657->33658 33659 ecc8d3 33657->33659 33674 eccee1 6 API calls std::_Lockit::_Lockit 33658->33674 33675 eccee1 6 API calls std::_Lockit::_Lockit 33659->33675 33662 ecc8df 33664 ecc8fa 33662->33664 33665 ecc8e3 33662->33665 33663 ecc8d0 33667 ecc2f9 ___free_lconv_mon 12 API calls 33663->33667 33677 ecc54a 14 API calls __dosmaperr 33664->33677 33676 eccee1 6 API calls std::_Lockit::_Lockit 33665->33676 33667->33654 33669 ecc905 33670 ecc2f9 ___free_lconv_mon 12 API calls 33669->33670 33670->33654 33671->33642 33672->33649 33673->33653 33674->33663 33675->33662 33676->33663 33677->33669 33679 eaa8cc 33678->33679 33680 eaa8c3 33678->33680 33679->32168 33688 eab9b2 33680->33688 33707 eb370b 33682->33707 33684 eb36f8 Concurrency::wait 33684->32168 33715 eb52c6 33685->33715 33687 eb51f8 Concurrency::wait 33687->32168 33690 eab9bb Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33688->33690 33689 eab9d8 33690->33689 33692 eb037c 33690->33692 33695 eb030a 33692->33695 33696 eb033a 33695->33696 33697 eaba0c 15 API calls 33696->33697 33698 eb0342 33697->33698 33699 eaba0c 15 API calls 33698->33699 33700 eb034a 33699->33700 33703 eb03a1 33700->33703 33704 eb03ac 33703->33704 33705 eab92d 15 API calls 33704->33705 33706 eb03bc 33705->33706 33708 eb3745 33707->33708 33711 eb3760 33708->33711 33712 eb3784 33711->33712 33713 ea12ad VirtualFree 33712->33713 33714 eb374d 33712->33714 33713->33712 33714->33684 33716 eb532f 33715->33716 33717 ea128d 14 API calls 33716->33717 33718 eb5337 33717->33718 33719 eab92d 15 API calls 33718->33719 33720 eb5342 33719->33720 33720->33687 33721 ea65c3 33722 ea65cb CloseHandle 33721->33722 33723 ea65dd 33721->33723 33722->33723 33724 ea65a6 GetLastError 33722->33724 33726 ea9844 33729 ea9827 SetFileTime 33726->33729 33728 ea9851 33730 ea9840 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock 33729->33730 33730->33728

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 00EBEE57 Relevance: 49.5, APIs: 9, Strings: 19, Instructions: 498COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 0 ebee57-ebee75 call ebdf9d 3 ebee8b-ebef20 call ea1c57 call ea70e4 * 4 GetCommandLineW call ea7108 call ea67ec call ea675d call ea70e4 call ea80d2 call ea67dc call ea6c5a 0->3 4 ebee77-ebee86 call ebdfe6 0->4 32 ebef3f-ebef69 call ea6dd7 call ea6788 call ebe84b 3->32 33 ebef22-ebef3a call ebde28 call ea71a5 call ea67dc 3->33 9 ebf61d-ebf623 4->9 45 ebef6f-ebef7d call ea6774 32->45 46 ebf5c3-ebf5c8 32->46 33->32 45->46 54 ebef83-ebefae call ea70e4 * 2 call ea68f7 call ea77ee 45->54 47 ebf5ca-ebf5d1 call ebdfe6 46->47 48 ebf5d6-ebf61b call ea675d * 6 46->48 47->48 48->9 71 ebefcb-ebf024 call ea7a12 * 3 call ea7d57 call ea6774 54->71 72 ebefb0-ebefb4 54->72 96 ebf026-ebf02b 71->96 97 ebf055-ebf0fa call ea7a12 call ea7204 call ea675d call ea7a12 call ea7204 call ea675d call ea7a12 call ea7204 call ea675d call ea7a12 call ea7204 call ea675d call ebeafd 71->97 75 ebefba-ebefc6 call ebdfe6 72->75 76 ebf129-ebf132 call eb69df 72->76 75->76 84 ebf5af-ebf5c1 call ea675d * 2 76->84 84->48 96->97 98 ebf02d-ebf04c call ea6788 * 2 MessageBoxW 96->98 136 ebf0fc-ebf100 97->136 137 ebf137-ebf172 call ea675d * 3 call eb69df call ebde90 call ea6774 97->137 98->97 109 ebf04e-ebf050 98->109 111 ebf10e-ebf124 call ea675d * 3 109->111 111->76 136->111 139 ebf102-ebf109 call ebdfe6 136->139 152 ebf1ae-ebf1d5 call ec0cd9 call ebe00f call eabbca call eb6898 137->152 153 ebf174-ebf17c call ea8a77 137->153 139->111 173 ebf1e8-ebf21b call ea70e4 call eb9f5b 152->173 174 ebf1d7-ebf1e3 call ebdfe6 152->174 156 ebf181-ebf183 153->156 158 ebf198-ebf1a9 call ebdcba call ea7204 156->158 159 ebf185-ebf193 call ebdfe6 156->159 158->152 168 ebf5a3-ebf5aa call ebdeaa 159->168 168->84 183 ebf2b2-ebf2d9 call ea675d call ebdef0 call ea6788 call ea87b9 173->183 184 ebf221-ebf226 173->184 179 ebf597-ebf59e call eab92d 174->179 179->168 208 ebf58b-ebf592 call ebdf1d 183->208 209 ebf2df-ebf2f8 call ea6774 183->209 186 ebf228-ebf22a 184->186 187 ebf2a4-ebf2ad call ea675d 184->187 190 ebf23d-ebf249 call eaa3de 186->190 191 ebf22c-ebf231 186->191 187->179 199 ebf24e-ebf259 call ea6774 190->199 191->190 195 ebf233-ebf239 191->195 195->187 196 ebf23b 195->196 196->199 206 ebf25b-ebf272 call ebde7b call ea7204 call ea675d 199->206 207 ebf277-ebf29f call eaa2bf call ea6788 * 2 MessageBoxW call ea675d 199->207 206->207 207->187 208->179 220 ebf2fe-ebf34e call eab92a call ea717a call ea6788 call ea6774 209->220 221 ebf417-ebf422 call ea6774 209->221 245 ebf36d-ebf38e call eab92a call ea717a call ea6774 220->245 246 ebf350-ebf368 call ea739a call ea73e4 220->246 232 ebf42b-ebf483 call ea7108 call ea758c call ea675d call ea717a call ebebdb call ea6774 221->232 233 ebf424-ebf426 221->233 262 ebf49c-ebf511 call eab92a call ea717a call ea6788 CreateProcessW 232->262 263 ebf485-ebf497 call ea7392 call ea73e4 232->263 233->208 264 ebf39a-ebf3a3 call ea6788 245->264 265 ebf390-ebf398 245->265 246->245 291 ebf513-ebf517 262->291 292 ebf536-ebf549 CloseHandle call ea675d 262->292 263->262 267 ebf3aa-ebf3d7 ShellExecuteExW 264->267 265->267 272 ebf3d9-ebf3de 267->272 273 ebf3fe-ebf412 call ea675d 267->273 277 ebf3ec-ebf3f9 call ea675d 272->277 278 ebf3e0-ebf3e7 call ebdfe6 272->278 286 ebf54d-ebf554 call ea675d 273->286 288 ebf52f-ebf534 call ea675d 277->288 278->277 294 ebf587 286->294 295 ebf556-ebf582 WaitForSingleObject GetExitCodeProcess CloseHandle call ebe3f8 call ebfeb6 286->295 288->208 296 ebf519-ebf51d call ebea71 291->296 297 ebf522-ebf52b call ea675d 291->297 292->286 294->208 295->294 296->297 297->288
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBDF9D: GetVersionExW.KERNEL32(?), ref: 00EBDFC1
                                                                                                                                                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 00EBEEBD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CommandLineVersion
                                                                                                                                                                                                                                                                                    • String ID: $%%T$<$BeginPrompt$Can't load config info$Cannot create temp folder archive$Cannot load codecs$Cannot open file$Config failed$D$ExecuteFile$ExecuteParameters$Install path is incorrect$InstallPath$Progress$RunProgram$Title$Unsupported Windows version$yes
                                                                                                                                                                                                                                                                                    • API String ID: 3524817977-283479591
                                                                                                                                                                                                                                                                                    • Opcode ID: 6911b59c445c9676ea600961534d13b0d4168dd177cfde08faf3843c237ab92f
                                                                                                                                                                                                                                                                                    • Instruction ID: f6983202159ab6df0c11708578d768ba4ce83c4cdfdaaccea92b0cb30fae4648
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6911b59c445c9676ea600961534d13b0d4168dd177cfde08faf3843c237ab92f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C612457111C3409BD724FB60DC91AEFB3E4AF96308F44692EF18676192EF70A909CB52
                                                                                                                                                                                                                                                                                    Function 00EA8D20 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8D01: FindClose.KERNEL32(?,?,00EA8D4A,?,00000000,?), ref: 00EA8D0B
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(00000001,?,?,00000000,?), ref: 00EA8D54
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 53c89b1f1b45c9581f6b3ef6a79d846b4d1b8d7b1ec8683e7621e0dac657c9ba
                                                                                                                                                                                                                                                                                    • Instruction ID: 651605f74b7940c55a31a477b306ab1de51694a1252ef332f96ddabcd901105a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53c89b1f1b45c9581f6b3ef6a79d846b4d1b8d7b1ec8683e7621e0dac657c9ba
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19F0C2321046048BC220EF249D458EBB3DCEB9A320F101A1AA8A5AB2D1EB31AD09C791
                                                                                                                                                                                                                                                                                    Function 00ED72BE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 307 ed72be-ed72ee call ed709a 310 ed7309-ed7315 call ed16e2 307->310 311 ed72f0-ed72fb call ecb5a6 307->311 316 ed732e-ed7377 call ed7005 310->316 317 ed7317-ed732c call ecb5a6 call ecb5b9 310->317 318 ed72fd-ed7304 call ecb5b9 311->318 327 ed7379-ed7382 316->327 328 ed73e4-ed73ed GetFileType 316->328 317->318 325 ed75e3-ed75e7 318->325 332 ed73b9-ed73df GetLastError call ecb55f 327->332 333 ed7384-ed7388 327->333 329 ed73ef-ed7420 GetLastError call ecb55f CloseHandle 328->329 330 ed7436-ed7439 328->330 329->318 346 ed7426-ed7431 call ecb5b9 329->346 336 ed743b-ed7440 330->336 337 ed7442-ed7448 330->337 332->318 333->332 338 ed738a-ed73b7 call ed7005 333->338 341 ed744c-ed749a call ed162d 336->341 337->341 342 ed744a 337->342 338->328 338->332 349 ed749c-ed74a8 call ed7214 341->349 350 ed74b9-ed74e1 call ed6daf 341->350 342->341 346->318 349->350 356 ed74aa 349->356 357 ed74e6-ed7527 350->357 358 ed74e3-ed74e4 350->358 359 ed74ac-ed74b4 call ecfa35 356->359 360 ed7529-ed752d 357->360 361 ed7548-ed7556 357->361 358->359 359->325 360->361 365 ed752f-ed7543 360->365 362 ed755c-ed7560 361->362 363 ed75e1 361->363 362->363 366 ed7562-ed7595 CloseHandle call ed7005 362->366 363->325 365->361 370 ed75c9-ed75dd 366->370 371 ed7597-ed75c3 GetLastError call ecb55f call ed17f5 366->371 370->363 371->370
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ED7005: CreateFileW.KERNELBASE(00000000,00000000,?,00ED7367,?,?,00000000,?,00ED7367,00000000,0000000C), ref: 00ED7022
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00ED73D2
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00ED73D9
                                                                                                                                                                                                                                                                                    • GetFileType.KERNELBASE(00000000), ref: 00ED73E5
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00ED73EF
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00ED73F8
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00ED7418
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00ED7565
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00ED7597
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00ED759E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                    • String ID: TP
                                                                                                                                                                                                                                                                                    • API String ID: 4237864984-3029302127
                                                                                                                                                                                                                                                                                    • Opcode ID: 35f67bb649c108af63e77ba7d337d7b9379bb83102248fd477c2c90241d88810
                                                                                                                                                                                                                                                                                    • Instruction ID: b760f7a87d8cdcd52b672334eb1ce61d7584c81d7f52698839a67a1cc682afc6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35f67bb649c108af63e77ba7d337d7b9379bb83102248fd477c2c90241d88810
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CA11632A081559FCF19AF68DC92BAE3BA1EB46324F14114EF851BF391EB358817CB51
                                                                                                                                                                                                                                                                                    Function 00EA8946 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00EA894D
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00EA8958
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00EA8963
                                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000018,00EBF181), ref: 00EA8970
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00EA89BE
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(000000B7,?,00000018,00EBF181), ref: 00EA8A06
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA838A: CreateDirectoryW.KERNELBASE(00000000,00000000,00EB9462,?,0000000C,00EB96CF,?,?), ref: 00EA838D
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000018,00EBF181), ref: 00EA8A21
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EA8A7E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CountCurrentErrorLastTick$CreateDirectoryH_prolog3H_prolog3_ProcessThread
                                                                                                                                                                                                                                                                                    • String ID: 7zS
                                                                                                                                                                                                                                                                                    • API String ID: 2326608673-4191664949
                                                                                                                                                                                                                                                                                    • Opcode ID: 9c933464c18ade36185b5c6e0e44e8e9d72e76c3bbf3ce07b7946cac8e6e7d10
                                                                                                                                                                                                                                                                                    • Instruction ID: 72e3deddfe1e6d6f0a5b05f7a85ba569ce0c090025ef663410480349640e1ce9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c933464c18ade36185b5c6e0e44e8e9d72e76c3bbf3ce07b7946cac8e6e7d10
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C941A031A002048BCF14FBB0DA966ED77F1EF5B344F15246AF442BB292DE316E4AC661
                                                                                                                                                                                                                                                                                    Function 00EAA44A Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 00EAA478
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00EAA47F
                                                                                                                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 00EAA48D
                                                                                                                                                                                                                                                                                    • GlobalMemoryStatus.KERNEL32(?), ref: 00EAA4B4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: GlobalMemoryStatus$AddressHandleModuleProc
                                                                                                                                                                                                                                                                                    • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 180289352-802862622
                                                                                                                                                                                                                                                                                    • Opcode ID: 998a9d422d02d416d2b42f5718fb14c5b3d18336f59972ad8d06a35d1b5a22e3
                                                                                                                                                                                                                                                                                    • Instruction ID: 1691c78da4964f375968d38508d477aa69197c2259d03468f5829e9525b1fd6b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 998a9d422d02d416d2b42f5718fb14c5b3d18336f59972ad8d06a35d1b5a22e3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C115770900309EFCB10DFA1D949A9EBBF4AF08304F209429E515BB290DB75A909CB54
                                                                                                                                                                                                                                                                                    Function 00ECF4CB Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 466 ecf4cb-ecf4db 467 ecf4dd-ecf4f0 call ecb5a6 call ecb5b9 466->467 468 ecf4f5-ecf4f7 466->468 485 ecf84f 467->485 470 ecf4fd-ecf503 468->470 471 ecf837-ecf844 call ecb5a6 call ecb5b9 468->471 470->471 474 ecf509-ecf532 470->474 490 ecf84a call ec69c7 471->490 474->471 477 ecf538-ecf541 474->477 478 ecf55b-ecf55d 477->478 479 ecf543-ecf556 call ecb5a6 call ecb5b9 477->479 483 ecf833-ecf835 478->483 484 ecf563-ecf567 478->484 479->490 487 ecf852-ecf855 483->487 484->483 489 ecf56d-ecf571 484->489 485->487 489->479 492 ecf573-ecf58a 489->492 490->485 495 ecf58c-ecf58f 492->495 496 ecf5bf-ecf5c5 492->496 499 ecf5b5-ecf5bd 495->499 500 ecf591-ecf597 495->500 497 ecf599-ecf5b0 call ecb5a6 call ecb5b9 call ec69c7 496->497 498 ecf5c7-ecf5ce 496->498 529 ecf76a 497->529 502 ecf5d0 498->502 503 ecf5d2-ecf5f0 call ecc333 call ecc2f9 * 2 498->503 501 ecf632-ecf651 499->501 500->497 500->499 505 ecf70d-ecf716 call ed601e 501->505 506 ecf657-ecf663 501->506 502->503 539 ecf60d-ecf630 call ece719 503->539 540 ecf5f2-ecf608 call ecb5b9 call ecb5a6 503->540 518 ecf718-ecf72a 505->518 519 ecf787 505->519 506->505 510 ecf669-ecf66b 506->510 510->505 514 ecf671-ecf692 510->514 514->505 520 ecf694-ecf6aa 514->520 518->519 524 ecf72c-ecf73b GetConsoleMode 518->524 522 ecf78b-ecf7a1 ReadFile 519->522 520->505 525 ecf6ac-ecf6ae 520->525 527 ecf7ff-ecf80a GetLastError 522->527 528 ecf7a3-ecf7a9 522->528 524->519 530 ecf73d-ecf741 524->530 525->505 531 ecf6b0-ecf6d3 525->531 533 ecf80c-ecf81e call ecb5b9 call ecb5a6 527->533 534 ecf823-ecf826 527->534 528->527 535 ecf7ab 528->535 537 ecf76d-ecf777 call ecc2f9 529->537 530->522 536 ecf743-ecf75b ReadConsoleW 530->536 531->505 538 ecf6d5-ecf6eb 531->538 533->529 546 ecf82c-ecf82e 534->546 547 ecf763-ecf769 call ecb55f 534->547 542 ecf7ae-ecf7c0 535->542 544 ecf77c-ecf785 536->544 545 ecf75d GetLastError 536->545 537->487 538->505 549 ecf6ed-ecf6ef 538->549 539->501 540->529 542->537 552 ecf7c2-ecf7c6 542->552 544->542 545->547 546->537 547->529 549->505 556 ecf6f1-ecf708 549->556 560 ecf7df-ecf7ec 552->560 561 ecf7c8-ecf7d8 call ecf1dd 552->561 556->505 566 ecf7ee call ecf334 560->566 567 ecf7f8-ecf7fd call ecf023 560->567 571 ecf7db-ecf7dd 561->571 572 ecf7f3-ecf7f6 566->572 567->572 571->537 572->571
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 0-3907804496
                                                                                                                                                                                                                                                                                    • Opcode ID: 5d2372904c7a4c8f88cf6b3238e4c59566d81466c602d7c7d98e365131e3974f
                                                                                                                                                                                                                                                                                    • Instruction ID: 29e895c5d3ddbe003cf8260e1015ad4d79efba480c96366d681d2c559191230b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d2372904c7a4c8f88cf6b3238e4c59566d81466c602d7c7d98e365131e3974f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAB10270A042499FDB05DFA8CA81FAD7BB6AF49308F14516EE510BB392C772D947CB60
                                                                                                                                                                                                                                                                                    Function 00ECCBE1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 574 eccbe1-eccbed 575 eccc7f-eccc82 574->575 576 eccc88 575->576 577 eccbf2-eccc03 575->577 578 eccc8a-eccc8e 576->578 579 eccc05-eccc08 577->579 580 eccc10-eccc29 LoadLibraryExW 577->580 581 eccc0e 579->581 582 eccca8-ecccaa 579->582 583 eccc8f-eccc9f 580->583 584 eccc2b-eccc34 GetLastError 580->584 586 eccc7c 581->586 582->578 583->582 585 eccca1-eccca2 FreeLibrary 583->585 587 eccc6d-eccc7a 584->587 588 eccc36-eccc48 call ecc256 584->588 585->582 586->575 587->586 588->587 591 eccc4a-eccc5c call ecc256 588->591 591->587 594 eccc5e-eccc6b LoadLibraryExW 591->594 594->583 594->587
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,67A2E0D3,?,00ECCCF0,?,?,00000000), ref: 00ECCCA2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                    • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                                    • Opcode ID: c51b1268c3830b162d329c853f7a72e2cda47f7e6589292c375c0e5326551634
                                                                                                                                                                                                                                                                                    • Instruction ID: efad3179985d09f7b590a939fa6815e8caeaa393cd3039aad8116b8c270f8feb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c51b1268c3830b162d329c853f7a72e2cda47f7e6589292c375c0e5326551634
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76210571A01211ABCB219B65EE85F5AB758DB417A4B312119F81DBB290D631ED07C6E0
                                                                                                                                                                                                                                                                                    Function 00EBC921 Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EBC928
                                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00EBC932
                                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 00EBC949
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBA795: std::_Lockit::_Lockit.LIBCPMT ref: 00EBA7A6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBA795: std::_Lockit::~_Lockit.LIBCPMT ref: 00EBA7C0
                                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00EBC989
                                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00EBC9AF
                                                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00EBC9BC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 55977855-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ee5b748c9fe66c8b43da1f1134c378fddfe1c62433b1df0dfcfb9191bb883d62
                                                                                                                                                                                                                                                                                    • Instruction ID: 0219bd327335e99c76eb8856379a2928149472eb8b782f5ea0704a3c43ff2be8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee5b748c9fe66c8b43da1f1134c378fddfe1c62433b1df0dfcfb9191bb883d62
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6021AC30A041299FCB15EF64C846AEE77E5AF84314F24545DF415BB382EB71AE06C792
                                                                                                                                                                                                                                                                                    Function 00EA8F6E Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 301COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 631 ea8f6e-ea8f96 call ed9103 call ea9b96 636 ea8f9c-ea8fa3 631->636 637 ea913d-ea9168 call ea8794 call ea9b32 call ea9a21 631->637 636->637 639 ea8fa9-ea8fd8 call ea7108 * 2 call ea80b8 call ea6770 636->639 650 ea916a-ea9171 637->650 651 ea91bc 637->651 661 ea8fda-ea8fef call ea8b38 call ea6cb0 639->661 662 ea8ff1-ea8ff9 call ea741c 639->662 654 ea91be-ea91c7 650->654 655 ea9173-ea9180 call ea8f5c 650->655 651->654 657 ea91c9-ea91cc 654->657 658 ea91d2-ea91d8 654->658 663 ea92c5-ea92ca call ea8d20 655->663 667 ea9186-ea9188 655->667 657->658 657->663 664 ea91da-ea91e5 call ea8f5c 658->664 665 ea920d-ea9214 call ea9ac1 658->665 661->662 675 ea8ffe-ea900f call ea6788 call ea9b17 661->675 662->675 677 ea92cf-ea92d5 663->677 664->663 678 ea91eb-ea91ed 664->678 665->663 682 ea921a-ea9222 665->682 667->663 673 ea918e-ea91b7 call ea8c32 call ea71a5 call ea8b65 call ea9353 667->673 693 ea9327-ea932a call ea87af 673->693 708 ea9011-ea9014 675->708 709 ea9046-ea9053 call ea8f6e 675->709 683 ea9322 677->683 684 ea92d7-ea92d9 677->684 678->663 686 ea91f3-ea9208 call ea8c32 call ea677c 678->686 682->663 690 ea9228-ea9231 call ea99d4 682->690 685 ea9324 683->685 684->683 691 ea92db-ea92e4 call ea8310 684->691 685->693 686->693 690->663 710 ea9237-ea9247 call ea9353 690->710 691->683 704 ea92e6-ea92ef call ea9353 691->704 705 ea932f-ea9337 call ed90e0 693->705 704->693 717 ea9016-ea9019 708->717 718 ea9024-ea9036 call ea8c32 call ea677c 708->718 730 ea9059-ea907f call ea8c03 call ea933a 709->730 731 ea912d-ea9138 call ea675d * 2 709->731 726 ea9249-ea9252 call ea71a5 710->726 727 ea9257-ea9289 call ea7108 call ea7d4f call ea8b4a call ea6788 call ea8d20 710->727 717->709 719 ea901b-ea9022 717->719 718->730 743 ea9038-ea9044 call ea7204 718->743 719->709 719->718 726->693 766 ea928b-ea929a call ea7d68 727->766 767 ea92a0-ea92ae call ea8f5c 727->767 749 ea90b0-ea90c6 call ea8f0b 730->749 731->637 743->730 757 ea90c8 749->757 758 ea9081-ea9085 749->758 762 ea9105 757->762 759 ea90fd-ea90ff SetLastError 758->759 760 ea9087-ea909d call ea6788 call ea8b54 758->760 759->762 782 ea90ca-ea90d2 call ea6770 760->782 783 ea909f-ea90ab call ea934e call ea933a 760->783 764 ea9108-ea9128 call ea934e call ea879c call ea675d * 2 762->764 764->705 778 ea930c-ea9320 call ea71a5 call ea675d 766->778 779 ea929c 766->779 780 ea92b0-ea92b3 767->780 781 ea92f1-ea92fe call ea8c32 767->781 778->685 779->767 787 ea92b9-ea92c0 call ea675d 780->787 788 ea92b5-ea92b7 780->788 801 ea9300-ea9303 781->801 802 ea9305-ea9307 call ea8be3 781->802 799 ea90e0-ea90fb call ea73e4 782->799 800 ea90d4-ea90db call ea80b8 782->800 783->749 787->663 788->781 788->787 799->764 800->799 801->778 802->778
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EA8F75
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000002,?,00EA8BF8,?,?,?,?,?,00000050), ref: 00EA90FF
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8D20: FindFirstFileW.KERNELBASE(00000001,?,?,00000000,?), ref: 00EA8D54
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFileFindFirstH_prolog3Last
                                                                                                                                                                                                                                                                                    • String ID: :$DATA$h5
                                                                                                                                                                                                                                                                                    • API String ID: 544173094-1486835412
                                                                                                                                                                                                                                                                                    • Opcode ID: 01fbdeed3502b85160f02d3f0e4a5512bf0195e3a44f72452661a9933cf28baf
                                                                                                                                                                                                                                                                                    • Instruction ID: 92877d78730f928ffb6b4a059164c45946a3c33b7485423e453397e92b73bcde
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01fbdeed3502b85160f02d3f0e4a5512bf0195e3a44f72452661a9933cf28baf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9B19D309041059ACF14EBB4C991AEDB7B1AF2F308F546519E4567F193EF30BA4ACB61
                                                                                                                                                                                                                                                                                    Function 00EB9D32 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EB9D3C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8F6E: __EH_prolog3.LIBCMT ref: 00EA8F75
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID: Cannot find archive file$Cannot open the file as archive$Default
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-3394896130
                                                                                                                                                                                                                                                                                    • Opcode ID: bd390c14028890f42bc55a2176dd3022c611b4b69bd24a99b9e3eeaecc8ea0ee
                                                                                                                                                                                                                                                                                    • Instruction ID: 545e2470490b8e0386f6182476f113ea26df564217f5fc9ff523e081eb5506e6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd390c14028890f42bc55a2176dd3022c611b4b69bd24a99b9e3eeaecc8ea0ee
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D4140719001049ADF09EFA0CD92BEE77F4AF2A304F5451A9E5467B192EF306A49CBA1
                                                                                                                                                                                                                                                                                    Function 00EB7DC5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EB7DCC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB7B8F: __EH_prolog3.LIBCMT ref: 00EB7B96
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID: .001$.exe
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-2923188627
                                                                                                                                                                                                                                                                                    • Opcode ID: 8a61aea22074a892d2b183f559bcb4257103eb76fae52732b813c097dec534c1
                                                                                                                                                                                                                                                                                    • Instruction ID: ba2649db13f9e821c642c24d998063c55d88aae62a602b63cccf4697465e06e4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a61aea22074a892d2b183f559bcb4257103eb76fae52732b813c097dec534c1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D7192709002059BCB14FFA0C5929EEB7F9AF5A304F04656DE5427B592DF30BE49CB91
                                                                                                                                                                                                                                                                                    Function 00EA9605 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 1006 ea9605-ea964a SetFilePointer 1007 ea964c-ea9656 GetLastError 1006->1007 1008 ea966d-ea967f 1006->1008 1007->1008 1009 ea9658-ea966b call ea9584 SetLastError 1007->1009 1010 ea9681-ea9690 1008->1010 1009->1010
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNELBASE(?,?,?,?,67A2E0D3,?,?,?,?,?,00ED9BC6,000000FF), ref: 00EA963F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,67A2E0D3,?,?,?,?,?,00ED9BC6,000000FF), ref: 00EA964C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA9584: SetFilePointer.KERNEL32(?,00000000,?,00000001,67A2E0D3,?,?,?,?,?,00ED9BC6,000000FF), ref: 00EA95B8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA9584: GetLastError.KERNEL32(?,00000000,?,00000001,67A2E0D3,?,?,?,?,?,00ED9BC6,000000FF), ref: 00EA95C5
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,67A2E0D3,?,?,?,?,?,00ED9BC6,000000FF), ref: 00EA9663
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$FilePointer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1156039329-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 87c992a68bd8be0f6ff4a47c356d77096b3311cc4c7982e4538a6eb1f642f3bc
                                                                                                                                                                                                                                                                                    • Instruction ID: de143019426d7524929823c3faad3901f3b584ac3dced960448f31b8773a4b47
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87c992a68bd8be0f6ff4a47c356d77096b3311cc4c7982e4538a6eb1f642f3bc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A611C271900109EFCB058F55EC44FAEBBE8FF49324F10862AF811EB350D735AC049A60
                                                                                                                                                                                                                                                                                    Function 00EC64CE Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 1013 ec64ce-ec64d9 1014 ec64ef-ec6502 call ec647e 1013->1014 1015 ec64db-ec64ee call ecb5b9 call ec69c7 1013->1015 1020 ec6504-ec6521 CreateThread 1014->1020 1021 ec6530 1014->1021 1024 ec653f-ec6544 1020->1024 1025 ec6523-ec652f GetLastError call ecb55f 1020->1025 1026 ec6532-ec653e call ec63f0 1021->1026 1029 ec654b-ec654f 1024->1029 1030 ec6546-ec6549 1024->1030 1025->1021 1029->1026 1030->1029
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(?,00000000,Function_00026372,00000000,00000000,?), ref: 00EC6517
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00EA6635,00000000,00000000,00EA61F7,?,00000000,?,?,?,?,00EA5394,?,?,00EA5B43,00000000), ref: 00EC6523
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00EC652A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2744730728-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e2b3e7ef0d9f9d01c5c444aef17d5ea1b7253e687c0e2f03aa80df4a7ccc3294
                                                                                                                                                                                                                                                                                    • Instruction ID: 78eee5d488109f68e2d2efc264443dbe326e81ae65973f16c929b7c0e627e8c1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2b3e7ef0d9f9d01c5c444aef17d5ea1b7253e687c0e2f03aa80df4a7ccc3294
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44018C7250021AAFCF15AFA5EE06FAF7BA5EF40754F10506CB801B6261DB72CA12DB90
                                                                                                                                                                                                                                                                                    Function 00EC6427 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 1033 ec6427-ec6434 call ecc86d 1036 ec6474-ec6477 ExitThread 1033->1036 1037 ec6436-ec643e 1033->1037 1037->1036 1038 ec6440-ec6444 1037->1038 1039 ec644b-ec6451 1038->1039 1040 ec6446 call ecd129 1038->1040 1042 ec645e-ec6464 1039->1042 1043 ec6453-ec6455 1039->1043 1040->1039 1042->1036 1045 ec6466-ec6468 1042->1045 1043->1042 1044 ec6457-ec6458 CloseHandle 1043->1044 1044->1042 1045->1036 1046 ec646a-ec646e FreeLibraryAndExitThread 1045->1046 1046->1036
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC86D: GetLastError.KERNEL32(00000000,?,00ECB5BE,00ECC3D3,?,?,00ECC769,00000001,00000364,?,00000005,000000FF,?,00EC6397,00EE9388,0000000C), ref: 00ECC871
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC86D: SetLastError.KERNEL32(00000000), ref: 00ECC913
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00EC655E,?,?,00EC63D0,00000000), ref: 00EC6458
                                                                                                                                                                                                                                                                                    • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00EC655E,?,?,00EC63D0,00000000), ref: 00EC646E
                                                                                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 00EC6477
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1991824761-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b3f01e92e782335b327020797885b07fb29538a4ee44755fe0a6f4f77f747181
                                                                                                                                                                                                                                                                                    • Instruction ID: 77f89b48eaa5eeb30b2013d9eb73117973e6d34485514a2b2610516f0fed9549
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3f01e92e782335b327020797885b07fb29538a4ee44755fe0a6f4f77f747181
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEF05E30005A056BCB295B7ADE09F2B3BA9BF01768B185718B875F61A2D723DC47C690
                                                                                                                                                                                                                                                                                    Function 00EA8A77 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EA8A7E
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA88DE: GetTempPathW.KERNEL32(00000114,?), ref: 00EA890C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8946: __EH_prolog3_GS.LIBCMT ref: 00EA894D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8946: GetCurrentThreadId.KERNEL32 ref: 00EA8958
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8946: GetTickCount.KERNEL32 ref: 00EA8963
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8946: GetCurrentProcessId.KERNEL32(?,00000018,00EBF181), ref: 00EA8970
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8946: GetTickCount.KERNEL32 ref: 00EA89BE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8946: SetLastError.KERNEL32(000000B7,?,00000018,00EBF181), ref: 00EA8A06
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CountCurrentTick$ErrorH_prolog3H_prolog3_LastPathProcessTempThread
                                                                                                                                                                                                                                                                                    • String ID: 7zS
                                                                                                                                                                                                                                                                                    • API String ID: 1281145416-4191664949
                                                                                                                                                                                                                                                                                    • Opcode ID: 874765a8bbffcb959426303d27cf27e8a1ef3083cdeffcfdca15fdadcd6069ff
                                                                                                                                                                                                                                                                                    • Instruction ID: 661165126c4743b997cf4adfb97eb7b8c028a7581ac0adb1fcfc1bcca12782bb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 874765a8bbffcb959426303d27cf27e8a1ef3083cdeffcfdca15fdadcd6069ff
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A50152749002048ACF14FBA0C9529EE77F59F5B304F44249AB5417F2D2DF657E09C6A0
                                                                                                                                                                                                                                                                                    Function 00EAF817 Relevance: 3.2, APIs: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 1081 eaf817-eaf855 call ed9103 call eacb9b 1086 eaf85b-eaf8a9 1081->1086 1087 eaf96c-eaf96e 1081->1087 1086->1087 1089 eaf8af 1086->1089 1088 eaf96f-eaf974 call ed90e0 1087->1088 1091 eaf8b9-eaf8c2 1089->1091 1092 eaf8b1-eaf8b3 1089->1092 1091->1087 1094 eaf8c8 1091->1094 1092->1087 1092->1091 1095 eaf8ca-eaf8cc 1094->1095 1096 eaf8d2-eaf8e0 1094->1096 1095->1087 1095->1096 1097 eaf908-eaf90f 1096->1097 1098 eaf8e2-eaf8e5 1096->1098 1099 eaf918-eaf95c 1097->1099 1100 eaf911 1097->1100 1098->1087 1101 eaf8eb-eaf906 1098->1101 1102 eaf95e 1099->1102 1103 eaf977-eaf990 call ea6788 call eb1a02 1099->1103 1100->1099 1101->1088 1104 eaf960-eaf963 1102->1104 1105 eaf965 1102->1105 1103->1088 1109 eaf992-eaf997 1103->1109 1104->1103 1104->1105 1105->1087 1110 eaf99d-eaf9c9 call eafe49 call ea6788 * 2 call eb3484 1109->1110 1111 eafb05-eafb0a 1109->1111 1120 eafa8e 1110->1120 1121 eaf9cf-eaf9dc call ea10e5 1110->1121 1111->1088 1123 eafa90-eafa9a call ea675d 1120->1123 1126 eafb0f-eafb2b call ead72f call ed916c call eaf817 1121->1126 1127 eaf9e2-eaf9e9 1121->1127 1123->1088 1143 eafb30-eafb34 1126->1143 1129 eaf9eb 1127->1129 1130 eaf9f2-eafa20 call ead747 call ead7ac call ea68f7 call ead683 1127->1130 1129->1130 1150 eafa2a-eafa2d 1130->1150 1151 eafa22-eafa24 1130->1151 1145 eafb3d-eafb42 1143->1145 1146 eafb36 1143->1146 1148 eafb71-eafb76 call ead734 1145->1148 1149 eafb44-eafb6e call ed90e0 1145->1149 1146->1145 1150->1126 1155 eafa33-eafa35 1150->1155 1151->1150 1154 eafad0-eafb03 call eaf039 call eafb7c call ead750 1151->1154 1154->1123 1155->1126 1159 eafa3b-eafa60 call eaedfb 1155->1159 1166 eafa62-eafa71 call eafb7c call ead750 1159->1166 1167 eafa73-eafa7a call ea68ff 1159->1167 1166->1123 1174 eafa9f-eafaa2 1167->1174 1175 eafa7c-eafa8c call eafb7c call ead750 1167->1175 1174->1126 1178 eafaa4-eafac8 call ead755 call eafbd8 call ead7ac call ead683 1174->1178 1175->1120 1178->1126 1191 eafaca-eaface 1178->1191 1191->1126 1191->1154
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3H_prolog3_catch
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1882928916-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5d284a0809ec6d7170edfb251c94ed8c82dcf92e16c9492412b320158e1219df
                                                                                                                                                                                                                                                                                    • Instruction ID: ec373d3e0154885d04d848c4fca578a5aef7eec77fb4c1d163f081699f5de3e9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d284a0809ec6d7170edfb251c94ed8c82dcf92e16c9492412b320158e1219df
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF918C70A00645ABCB29DBB4C8917EEB7F1AF5E304F10542EE05AFB651EB74B940CB91
                                                                                                                                                                                                                                                                                    Function 00ECD4BB Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00ECD507
                                                                                                                                                                                                                                                                                    • GetFileType.KERNELBASE(00000000), ref: 00ECD519
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileHandleType
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3000768030-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e6b6b56d245952e3f5edfd94c7211787a31db77e06c32c9032ec58356f420365
                                                                                                                                                                                                                                                                                    • Instruction ID: 1291b86c78289df72c48ebc75f3d8ffe9b571da40c553b218c4ba7f2c6604e57
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6b6b56d245952e3f5edfd94c7211787a31db77e06c32c9032ec58356f420365
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1118B7110C751CACB344E3E9E88B22BA94A75633C734172ED1B6A65F1D333E947D540
                                                                                                                                                                                                                                                                                    Function 00EC6372 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00EE9388,0000000C), ref: 00EC6385
                                                                                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 00EC638C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1611280651-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e8858aa829d951819aaae2c4a7d1f175c0d1f1edd77543092464f11adb18be7c
                                                                                                                                                                                                                                                                                    • Instruction ID: e76cdce9bc56861a79e4b9cbaa07df09236eabc246013e4b195ae1888b292cad
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8858aa829d951819aaae2c4a7d1f175c0d1f1edd77543092464f11adb18be7c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08F0AF709006099FDB10AFB4CA0AF6E3BB4EF80750F20514EF405B72A2CB769903CB60
                                                                                                                                                                                                                                                                                    Function 00ECC2F9 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000000,?,00ED2004,?,00000000,?,?,00ED22A5,?,00000007,?,?,00ED289A,?,?), ref: 00ECC30F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00ED2004,?,00000000,?,?,00ED22A5,?,00000007,?,?,00ED289A,?,?), ref: 00ECC31A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0eaf34195b127e236f714c7218f5f127319366afddf2af79060847fc3904b37a
                                                                                                                                                                                                                                                                                    • Instruction ID: 97548f479423f83707984de9f33452a433f05499cfd28f9b48ef6ebfc51dfd82
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0eaf34195b127e236f714c7218f5f127319366afddf2af79060847fc3904b37a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42E08672101214AFCF112BA6BD49F893BA9DB04795F244055F508FA171C7328843C794
                                                                                                                                                                                                                                                                                    Function 00EAA406 Relevance: 3.0, APIs: 2, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00EAA427), ref: 00EAA40B
                                                                                                                                                                                                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000), ref: 00EAA412
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1231390398-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c8a2f053aa2cb352e4f5fc7bc8a3e25429aeb1c092ff93203867f9aa867387ee
                                                                                                                                                                                                                                                                                    • Instruction ID: fba8859938c7a5f64719db5c1931df6be06ed1f13058c5f7861609faab6fb4c4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8a2f053aa2cb352e4f5fc7bc8a3e25429aeb1c092ff93203867f9aa867387ee
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81B092B2401102EFCF009BA1EE0C8163B2CEB442413208646B105D2010C637C009CB20
                                                                                                                                                                                                                                                                                    Function 00ECFA65 Relevance: 2.6, APIs: 2, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,00ECF94C,00000000,CF830579,00EE9870,0000000C,00ECFA08,00EC806C,?), ref: 00ECFABB
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00ECF94C,00000000,CF830579,00EE9870,0000000C,00ECFA08,00EC806C,?), ref: 00ECFAC5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 76284e576483d358932ad312264e402a72a32b2267402e2b97e957b1c7f8077e
                                                                                                                                                                                                                                                                                    • Instruction ID: 90b20e15b27fa674439c05bbb663714dd4bbaa0b70aa16e05837b47c081c9fb5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76284e576483d358932ad312264e402a72a32b2267402e2b97e957b1c7f8077e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A911EC335051105AC6285674A945F6DB78A8B81778F35127FF81DBE2D1DA738C479150
                                                                                                                                                                                                                                                                                    Function 00EA65C3 Relevance: 2.5, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00EA5411,00000000,?,00EA6576), ref: 00EA65A6
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,00EA53F5,00000020,?,?,00EA5411,00000000,?,00EA6576), ref: 00EA65CD
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8d1577a8067905d2c3b3db6d88a246c79b21c981a6cfa241e6eff98862b944b7
                                                                                                                                                                                                                                                                                    • Instruction ID: 181985596917db74c850b139595f5a05d1496f45db05388155340f8395a1fb2d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1577a8067905d2c3b3db6d88a246c79b21c981a6cfa241e6eff98862b944b7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01E01731715122CFEB291E39A8087A672E8AF0E396F24183EE083E5064EB609C80DA40
                                                                                                                                                                                                                                                                                    Function 00EAAFE5 Relevance: 2.2, APIs: 1, Instructions: 654COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 17b537f22a988009b7775f8f4caab4ba1483773e29019e4bcb14c5d12f8a27b4
                                                                                                                                                                                                                                                                                    • Instruction ID: 8cdd93b32734e658beb25b534352398eecc5ad3c158d0ae9b83efe2500cd000a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17b537f22a988009b7775f8f4caab4ba1483773e29019e4bcb14c5d12f8a27b4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5426A75D002199BCB14EFA4C891AEEB7F1AF5A304F186159F805BF252DB30BE46CB91
                                                                                                                                                                                                                                                                                    Function 00EB8087 Relevance: 1.9, APIs: 1, Instructions: 393COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7882b2e01802cb3c76e080d43c585ea9cee164190febf490c226a6e7461737e1
                                                                                                                                                                                                                                                                                    • Instruction ID: cf9eb8ee32cdf9191587605cb67697ed8c948a7b976255ac563cca214509f931
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7882b2e01802cb3c76e080d43c585ea9cee164190febf490c226a6e7461737e1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45E1B271D012198BCF25EFA4C991AEEB3F9AF5A300F546199E4057B292DF30AE45CF90
                                                                                                                                                                                                                                                                                    Function 00EB7730 Relevance: 1.8, APIs: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 435ed6281ad27475a0dfeaa7fd05e998fc302781e5abc8ffaf28f9c20371c2c0
                                                                                                                                                                                                                                                                                    • Instruction ID: 02cc749d043b4c42a61f95a09f9626bc697a38753d942747f3ab208dc67171da
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 435ed6281ad27475a0dfeaa7fd05e998fc302781e5abc8ffaf28f9c20371c2c0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83D19570D042169FDF19EFA0C891AEEB7F5BF59304F146169E841BB642DB30AE45CB90
                                                                                                                                                                                                                                                                                    Function 00EB7B8F Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EB7B96
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB7730: __EH_prolog3.LIBCMT ref: 00EB7737
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 225f9ee96fc3d9ad2c5c3e2ba2326822b924382a7f7b34eed2171600040ce3d4
                                                                                                                                                                                                                                                                                    • Instruction ID: 6dffb611c13994e860f3e4b8e491d3dd6eb11cf966d5a687b0fcfb75d4c9ca0c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 225f9ee96fc3d9ad2c5c3e2ba2326822b924382a7f7b34eed2171600040ce3d4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B51A770B042059BDB04FB71C855AFFB7E9AF9A344F04652AF442BB291EF34AD45C6A0
                                                                                                                                                                                                                                                                                    Function 00EBEBDB Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2427045233-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f4094340a7b496fd5ded443747cb514a490041aa61cd26806ea8872bf41f63bb
                                                                                                                                                                                                                                                                                    • Instruction ID: 19941193b7e5dbf43780171637af8ded3faaf6072cebe8dbb1eb8ccd341d4f9c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4094340a7b496fd5ded443747cb514a490041aa61cd26806ea8872bf41f63bb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A516E309001589ACF19FB64CC51BEEB7F56F29304F0461A9E05A77292EF706E89CF51
                                                                                                                                                                                                                                                                                    Function 00EB08EA Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EB0A61
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::_Lock::_ReaderScoped_lockScoped_lock::~_Writer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3530792890-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c8a2067e0543b184bb5e9924c89bd7e2d72e45fe24a6dd511f32dd3d5bc77a0d
                                                                                                                                                                                                                                                                                    • Instruction ID: c42aa2a48a3251d89f845d74cb5dc5eb7c1d5c2469dc0b40c730533603863c08
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8a2067e0543b184bb5e9924c89bd7e2d72e45fe24a6dd511f32dd3d5bc77a0d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5516B759007059FCB11EFA4C8819EFBBF8BF8A304B14592DE5427B652EB30B945CB90
                                                                                                                                                                                                                                                                                    Function 00EADAF4 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f44122b9f626287241aecf7cb6797cc6c5f5bfa0326b43b9a63de80fd1954b8c
                                                                                                                                                                                                                                                                                    • Instruction ID: 281914774aa3f294a4a0896d3884d370ff679bffb13ac02d3ef57eeec3eb6fbc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f44122b9f626287241aecf7cb6797cc6c5f5bfa0326b43b9a63de80fd1954b8c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8518D71A042159BCB14DFA4CC80AEEB3B5AF4D724F15A519E906BF641DB71BE01CBA0
                                                                                                                                                                                                                                                                                    Function 00EB8643 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EB864A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB6CB7: __EH_prolog3.LIBCMT ref: 00EB6CBE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB5A9E: __EH_prolog3.LIBCMT ref: 00EB5AA5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7326e79121bc4fec169fa5c91e78ef63385aefb666e6fe6943122933ea86775f
                                                                                                                                                                                                                                                                                    • Instruction ID: 21115236f09fd2dfe225f4b39910e83f822b5ec34027bab59f428dfc9d286813
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7326e79121bc4fec169fa5c91e78ef63385aefb666e6fe6943122933ea86775f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5417C719002059FCB15EFA0C9919EEB7F8BF1A304F14646EE5427B642EF74BA08CB60
                                                                                                                                                                                                                                                                                    Function 00EABEFA Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4261a2e6a4db96bba321eee909119014ba9d9a86891163ea8f14b6dc267306aa
                                                                                                                                                                                                                                                                                    • Instruction ID: 72e69a02b623f26cabf728dbd30c64728f5854df6c7dac37c97dcaf326f1b3bd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4261a2e6a4db96bba321eee909119014ba9d9a86891163ea8f14b6dc267306aa
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4031F375600642AFDB15DF30CC80AA5B7A0BF5E354F189269E409AF683DB20FD95CBC0
                                                                                                                                                                                                                                                                                    Function 00EB9F5B Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EB9F65
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBA0BC: __EH_prolog3.LIBCMT ref: 00EBA0C3
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBA13B: __EH_prolog3.LIBCMT ref: 00EBA142
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 812a70296fa4a4484fcea25a3c2d054b388d84592ca89983a72a21097854434d
                                                                                                                                                                                                                                                                                    • Instruction ID: 8a89470bc54c2319e4aea20a373d1c0af43b07599a7a7781d7be8e097fe3aa7a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 812a70296fa4a4484fcea25a3c2d054b388d84592ca89983a72a21097854434d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A318D709042999ACF11EFA4C952BDE77F4AF1A304F0890E9F5497B283DB306E45CB62
                                                                                                                                                                                                                                                                                    Function 00EAAF0F Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ~refcount_ptr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2759025673-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0005fb896a5b104e09a0b913c1e469301463ae6c56d157f4ad201ef6f73e11e8
                                                                                                                                                                                                                                                                                    • Instruction ID: 4286eae94819563bc95ca49c37da9b089092097a9dd232b70b6c96139f9fe0ba
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0005fb896a5b104e09a0b913c1e469301463ae6c56d157f4ad201ef6f73e11e8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19318DB56007059FCB28CF18C890A6AB7F5FF89314F048A2DE8569B751DB30F905CBA1
                                                                                                                                                                                                                                                                                    Function 00EBD42E Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 5c64130900ef5e18ec07641c7a6c8ea4d08e24161c81495888bca584b405fe17
                                                                                                                                                                                                                                                                                    • Instruction ID: 0626ce2348518e5cf2221325fecd87968d64d9a70452b8d1ced6ffc14dce1ea1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c64130900ef5e18ec07641c7a6c8ea4d08e24161c81495888bca584b405fe17
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 020147B1501208668F247775AD22DEF77998E80319B20257DF612F7652FB32C9128291
                                                                                                                                                                                                                                                                                    Function 00ECCCAC Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: d5e705702b8c1a45605caa1e00ba3e985f7a0e74b15a370d0a82e46dcc2df7d6
                                                                                                                                                                                                                                                                                    • Instruction ID: 980830edfe9c0696fdf220ba445c56ca00e86c77925cda939404fd2258bec414
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5e705702b8c1a45605caa1e00ba3e985f7a0e74b15a370d0a82e46dcc2df7d6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF01D23360025A9F9B128F69ED81F573BA5BB807643351128F51DFF094EB32AD06C650
                                                                                                                                                                                                                                                                                    Function 00ED5015 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8c211fff9e710c4e5dacb2eb83c54a7668696547b50ee1bd3decd66ba7016f49
                                                                                                                                                                                                                                                                                    • Instruction ID: 6e7946e635576c2dcf9f819e1c4cd437171aca8738d8d5ba08232c95331450b1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c211fff9e710c4e5dacb2eb83c54a7668696547b50ee1bd3decd66ba7016f49
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC112A71A0420AAFCF05DF58E94199F7BF5EF48304F04405AF909EB351D631E912CBA5
                                                                                                                                                                                                                                                                                    Function 00EC0CD9 Relevance: 1.5, APIs: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 00EBA21D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC4F11: RaiseException.KERNEL32(E06D7363,00000001,00000003,?), ref: 00EC4F71
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionRaisestd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 187513147-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c323180cc9cea3c4d3e0f85515789fa78a412fc9fbaafdf156ad544842486e37
                                                                                                                                                                                                                                                                                    • Instruction ID: a42874c13f5b95e3cf0c35b75f9e61140e8f67d2f9353e7698f37eb462c827d9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c323180cc9cea3c4d3e0f85515789fa78a412fc9fbaafdf156ad544842486e37
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E01D6B050030DB7CF04BAA9FF06EDEB7ECAA10360B506139F924B6592EF72D55686D1
                                                                                                                                                                                                                                                                                    Function 00EBCF90 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EBCF97
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBD143: __EH_prolog3.LIBCMT ref: 00EBD14A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 74e28972c6db847d019e1deadde6cea589a04895d3ec880bfa6f82bdf4ca2a07
                                                                                                                                                                                                                                                                                    • Instruction ID: ffe8289f8ac2c4be2957348ceb24b53faf2e240bd87cc2f2ce105bbb24c40080
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74e28972c6db847d019e1deadde6cea589a04895d3ec880bfa6f82bdf4ca2a07
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6113970A152069FDB05EF68C886BAEB7F9BF88304F145119F505AB342DBB09A11DB91
                                                                                                                                                                                                                                                                                    Function 00EBAE06 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3_align
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4143553397-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b52753d155a70e35390078770fb0c8cb9062c6476361dd55a70c4d3d11c88697
                                                                                                                                                                                                                                                                                    • Instruction ID: 07b61b687ae49201f75ab599f7e67dd807a17c961c3d18a4325b9825cb8727e1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b52753d155a70e35390078770fb0c8cb9062c6476361dd55a70c4d3d11c88697
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF012C716041145BDF14E754CC52AFF73A59F94300F4891AAB10977292CF34AE898BA2
                                                                                                                                                                                                                                                                                    Function 00EBDA85 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EBDA8C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBAE06: __EH_prolog3_align.LIBCMT ref: 00EBAE12
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3H_prolog3_align
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1633742011-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 185e9a84478b2bdd360ad0b4ceff5a931fb758f1aba9a818f674b36249a895fd
                                                                                                                                                                                                                                                                                    • Instruction ID: 7931e578fa5322109009bed2e40c498f01278df10fde077ebd6d0916e51482b2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 185e9a84478b2bdd360ad0b4ceff5a931fb758f1aba9a818f674b36249a895fd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72016270E0815A9ACF14F7A4CC567EFB7E59F90304F14A565A401B3242EFB48A06C6A2
                                                                                                                                                                                                                                                                                    Function 00EB5A9E Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EB5AA5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA9474: GetLastError.KERNEL32(00EB1CD1,67A2E0D3,?,?,00ED9B8C,000000FF,?,00EB1AE3,?), ref: 00EA9474
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorH_prolog3Last
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 685212868-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 62337984cca326aab36dba5ebd84c8891d3a9415ff1cb419627cd6f9d146ae96
                                                                                                                                                                                                                                                                                    • Instruction ID: b7a9f41cd32f459a9d8f0f74c1d7824237add04c56cd81b1f6816741175e887b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62337984cca326aab36dba5ebd84c8891d3a9415ff1cb419627cd6f9d146ae96
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A016731611506ABCB08FF70C9929DDB3B0BF6B314B446225B1563B5D2DF31B61AC790
                                                                                                                                                                                                                                                                                    Function 00EA96AF Relevance: 1.5, APIs: 1, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA948B: CreateFileW.KERNELBASE(?,?,?,00000000,?,?,00000000,?,?,00EA8BC5,?,00000000,00000001,00000003,02000000), ref: 00EA94AD
                                                                                                                                                                                                                                                                                    • SetFileTime.KERNEL32(?,00000000,000000FF,00000000,?,80000100,?,00000003,00000080), ref: 00EA96FC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$CreateTime
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1043708186-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e37e33d9124ed8bbff96c7fd6b3fdcef5cfaed2554934473922f81bc1d9be5c7
                                                                                                                                                                                                                                                                                    • Instruction ID: 30e69e67c1c4ff977aaa27cd523e11806c0d9c3092877ad32b9ca359a21fc2b5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e37e33d9124ed8bbff96c7fd6b3fdcef5cfaed2554934473922f81bc1d9be5c7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1F0B471681204BFFB258A14DC07B9A7FD8DB06760F24820AF4E6AA1E1C7A1AD459664
                                                                                                                                                                                                                                                                                    Function 00EBD143 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EBD14A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBCA91: __EH_prolog3.LIBCMT ref: 00EBCA98
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBCA91: std::_Lockit::_Lockit.LIBCPMT ref: 00EBCAA2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBCA91: int.LIBCPMT ref: 00EBCAB9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBCA91: std::_Lockit::~_Lockit.LIBCPMT ref: 00EBCB1F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1538362411-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d41a390c9281e03ecd6c78c496ffe50bd536cef5e9b93371165d51863879f42f
                                                                                                                                                                                                                                                                                    • Instruction ID: e2d9cafdb7d75e263d38eec3d8a454da7d0c4f6a897e5dd7bb0c891a12455456
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d41a390c9281e03ecd6c78c496ffe50bd536cef5e9b93371165d51863879f42f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CF0B470A04204AADF14F7748C07BEF23D49B00700F106029B509B6181EBB9DA028792
                                                                                                                                                                                                                                                                                    Function 00ECC333 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,00EA128B,?,00EA12CB), ref: 00ECC365
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9f75dbbdfd43f1a77114b6db5ce2e9100fe93f68fd19ea54e4b2331866b336a3
                                                                                                                                                                                                                                                                                    • Instruction ID: 42431808fae59a18bfe94c863c40fedd47cd3ba829819a91dfafd884d78f78a1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f75dbbdfd43f1a77114b6db5ce2e9100fe93f68fd19ea54e4b2331866b336a3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECE0EC321012A05ADA20266EBF01F5636989B463A4F35A199FC0CF6191CB13CC4382D1
                                                                                                                                                                                                                                                                                    Function 00EBC9FE Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 06ef6b42065a7f6643e75fecf2141a897fd409d14c67708ab6874f6d075347b2
                                                                                                                                                                                                                                                                                    • Instruction ID: 4a42433a18e5b679efe3434c24b1ab0c4ed125e068dd9e07dd2d7f69a49aa9f4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06ef6b42065a7f6643e75fecf2141a897fd409d14c67708ab6874f6d075347b2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66F058769101059FCB04EF50CC06AFF37B2EF84311F049018F1012B2A3DB75AA12DB51
                                                                                                                                                                                                                                                                                    Function 00EAA02C Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00EAA032
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocString
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2525500382-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2ff444633f810ff8828af10388e11c7436c53a935f889b4cc738a21f815a6c8a
                                                                                                                                                                                                                                                                                    • Instruction ID: e3ed705f0f383fece966ca2c45b7aec1fa4ed7cbc2b4d6321f3ee3e294c77f8b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ff444633f810ff8828af10388e11c7436c53a935f889b4cc738a21f815a6c8a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAD017322947529EE7708F39B85078267E4EF45B24F21D82FE488DA2A4E675D8808381
                                                                                                                                                                                                                                                                                    Function 00EA948B Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA94C0: CloseHandle.KERNELBASE(?,67A2E0D3,?,00000000,00ED9B8C,000000FF,?,00EA9496,?,?,00EA8BC5,?,00000000,00000001,00000003,02000000), ref: 00EA94EC
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,?,?,00000000,?,?,00EA8BC5,?,00000000,00000001,00000003,02000000), ref: 00EA94AD
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3498533004-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 77ad3aa6f2ce7df437a15f08c0cd7cca1a2474bdff8fefdff605d4b4e950f045
                                                                                                                                                                                                                                                                                    • Instruction ID: 78d56b9788e55b45cbcca4bed0ab8b8da08dda4f306cda342098930e88af28a4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77ad3aa6f2ce7df437a15f08c0cd7cca1a2474bdff8fefdff605d4b4e950f045
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4E0EC32040219BBCF215FA49C06FC93F6AAF09760F148615FA64A91E1C77298B1EB90
                                                                                                                                                                                                                                                                                    Function 00EA9855 Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00EA9875
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 35cb301850b9b349476d3b9e9aafb2b816a3a4e7f9428feae8eb8dfa914a510f
                                                                                                                                                                                                                                                                                    • Instruction ID: bbca3b7fee6b8228b981d2e3288a9db40374a025c995a18adbef46b100232991
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35cb301850b9b349476d3b9e9aafb2b816a3a4e7f9428feae8eb8dfa914a510f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47E0E575500208EFCB01DFA0D805B9E7BB9EB49344F10C069E905AB290D635AE14DB65
                                                                                                                                                                                                                                                                                    Function 00EA972D Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00EA9743
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5f5a22bfdde7a0550f5bdfaf19ea0114a1ff3a99522bbf6a4a6742dfa0b85a20
                                                                                                                                                                                                                                                                                    • Instruction ID: 32ab4389617d736071c637210ee7a4d43de7672c4bb3e87376122be3174a8c4f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f5a22bfdde7a0550f5bdfaf19ea0114a1ff3a99522bbf6a4a6742dfa0b85a20
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BE0EC75500208FFDF05DF90CC15F9EBBBAEB49344F208059F901AA250D775AE14DB61
                                                                                                                                                                                                                                                                                    Function 00EA93C0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EA93C7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8F6E: __EH_prolog3.LIBCMT ref: 00EA8F75
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ae7bb52f1535200847d135589690ab911691f2eeb6fe1dbdc16ee38854b9e565
                                                                                                                                                                                                                                                                                    • Instruction ID: 91f325e55789c6dde28cadf0d98421e48868946891cf15a96625e910aab0cf57
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae7bb52f1535200847d135589690ab911691f2eeb6fe1dbdc16ee38854b9e565
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5ED01735A511049ADB05FBA08D52BDC77E0AF1A340F84205AF2213B3829E682A0FC754
                                                                                                                                                                                                                                                                                    Function 00EAFB15 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 00EAFB1C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAF817: __EH_prolog3.LIBCMT ref: 00EAF81E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3H_prolog3_catch
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1882928916-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 58573e0ce5d491fdf7fd0c5e68698e88cffc4b35ecb6328e791f343964aa0a6b
                                                                                                                                                                                                                                                                                    • Instruction ID: 841b22d3b0a0337532e02a6b29d39a673b2a8e4ca0af14fbacae8fe727758b6a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58573e0ce5d491fdf7fd0c5e68698e88cffc4b35ecb6328e791f343964aa0a6b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36E02B714441445ADB25B3B4C8063AC75F09B06304F18A16BE2043E252C7B9F882C33F
                                                                                                                                                                                                                                                                                    Function 00ED7005 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNELBASE(00000000,00000000,?,00ED7367,?,?,00000000,?,00ED7367,00000000,0000000C), ref: 00ED7022
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 911fc01c7b607b865a20452847408065e013a46899e74306c081c43ebd52f2ff
                                                                                                                                                                                                                                                                                    • Instruction ID: 83ad3f8337c18e534b743d5a51aa34e38c5cf4fdbd981526c674d3ac9d2e9402
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 911fc01c7b607b865a20452847408065e013a46899e74306c081c43ebd52f2ff
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23D06C3204010DFFDF028F85EC06EDA3BAAFB48754F114100BA1866020C732E861EB90
                                                                                                                                                                                                                                                                                    Function 00EB6E10 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3886170330-0
                                                                                                                                                                                                                                                                                    • Opcode ID: aaf6ac0291393f63f2b1283f10c447b33fd86c3ec538e58ce53e34cc5a22f6c9
                                                                                                                                                                                                                                                                                    • Instruction ID: 352a8053be52fbb8dd962a4f8c867608f9388a7c8b1ad5a198937019406c11f9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaf6ac0291393f63f2b1283f10c447b33fd86c3ec538e58ce53e34cc5a22f6c9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65D05EB5504100ABCB00BBB0CC0AB5E76A4EF45312F04A415B2066A253CA34C600D632
                                                                                                                                                                                                                                                                                    Function 00EB0046 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6da0225f0f974b2aedb95c8755f7f98950755fe250522bac64f03d7fed7a45f0
                                                                                                                                                                                                                                                                                    • Instruction ID: 0cd515f2d42eb351e9b41a44d808160969a9af3d80a2ad5db08d32582eb27aa6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6da0225f0f974b2aedb95c8755f7f98950755fe250522bac64f03d7fed7a45f0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CC01265641201C6DF04B7F469177AC51E0DB40350F50A02AF2057A2C2CE7A06029156
                                                                                                                                                                                                                                                                                    Function 00EA9827 Relevance: 1.5, APIs: 1, Instructions: 11timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,00000000,00000000,?), ref: 00EA9833
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileTime
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1425588814-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e34d555dcb318dbdcd6d7d58b2656a675025c2ef7eec299b844fa8207a05f57b
                                                                                                                                                                                                                                                                                    • Instruction ID: 6bcae73fd7805e41a412295710329ceee3e173f70ac96a37322c4f9a1f8d4540
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e34d555dcb318dbdcd6d7d58b2656a675025c2ef7eec299b844fa8207a05f57b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AC08C31280308EBCF006FA1AC06F1B7F9AAB46B00F20801AFA00292A099726830A624
                                                                                                                                                                                                                                                                                    Function 00EB08B5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 00EB08BC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB08EA: Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EB0A61
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::_H_prolog3_catchLock::_ReaderScoped_lockScoped_lock::~_Writer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1114368199-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f7a2d78441695d596ea66774e60e6b8fb02f41831b58c807079363b9e29d9373
                                                                                                                                                                                                                                                                                    • Instruction ID: 00f6dd4fbd6ffcc93413b56b8d66a09c7cd364f00a1017e5fa472e08fced963b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7a2d78441695d596ea66774e60e6b8fb02f41831b58c807079363b9e29d9373
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7C04C7095620596EB44B7A09D0779E65A0EB41B05F90A09AA20079383C96857055766
                                                                                                                                                                                                                                                                                    Function 00EA8F5C Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00EA92A7,00000000,?,?,?,00000050,00EA8BF8,?,00000001), ref: 00EA8F5D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f63a758b4d54844e93bcfb25ec109d0ebd38d8677dd05a80cfa8fb8c34d5e0a2
                                                                                                                                                                                                                                                                                    • Instruction ID: b38119dbe36b5cd12875db57f6e3621cb8ca26a836b8c1c1b9bbb69c5965f1f7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f63a758b4d54844e93bcfb25ec109d0ebd38d8677dd05a80cfa8fb8c34d5e0a2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCB011B03028808F8B2C83382C2A22832C2AA802B23300B2FB233C02E0CB20C8008202
                                                                                                                                                                                                                                                                                    Function 00EA838A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,00000000,00EB9462,?,0000000C,00EB96CF,?,?), ref: 00EA838D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4241100979-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4cc7f1c9e7b2a48a1c63c4fa3a82d9ae6f8f9e7aa886b7dc21fce32b184b4fd0
                                                                                                                                                                                                                                                                                    • Instruction ID: 3001e6e52d763df0a155e01bd102efba9e6338f5e851c05786b27a2e0e1dd52e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cc7f1c9e7b2a48a1c63c4fa3a82d9ae6f8f9e7aa886b7dc21fce32b184b4fd0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AA00270352302DBF6281B327E4AF0E275DAF42AD2F2D47597505F80E0DA69D4D8A515
                                                                                                                                                                                                                                                                                    Function 00EA836F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNELBASE(00000000,00000000,00EA85B2,?,00EB974F,00000000,00000000,?), ref: 00EA8371
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b941e9dc69d5c166e662c106f4dda6d80905de0b95ba4b2065e040fff4dc97ed
                                                                                                                                                                                                                                                                                    • Instruction ID: 9500f5f72204d8ba9050a69a92528a5c212287080b09f695bd2482e3db79f831
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b941e9dc69d5c166e662c106f4dda6d80905de0b95ba4b2065e040fff4dc97ed
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42A002A0212202DFA6181B327E09B2F266DFEC2AD5715C65D7401D50A0DA29C8959521
                                                                                                                                                                                                                                                                                    Function 00EA87B9 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(00000000,00EBDF7B,67A2E0D3), ref: 00EA87BA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1611563598-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 442b4a5188e8b8fead6d0cece93178d5a32c3369a4504c1234449db80dc0b513
                                                                                                                                                                                                                                                                                    • Instruction ID: 47f8a0e054f714d329140dba80cd6901b096f4210980988dabb4201dd55a281d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 442b4a5188e8b8fead6d0cece93178d5a32c3369a4504c1234449db80dc0b513
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62A00274219102DF8A1867716D2846A2E969B8D281320D95E5543E9250F97598149530
                                                                                                                                                                                                                                                                                    Function 00EB18ED Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(67A2E0D3,?,?,?,00ED9BA9,000000FF), ref: 00EB193A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6c0ac1f50f45a31d7ce036f09c4072d3bbe5f46d5a7a9b00f88e3f7dac5de4b9
                                                                                                                                                                                                                                                                                    • Instruction ID: ab30134987344fbb88a7bce66d36e5c9a582893e91fcd12ffb9a98635e78b893
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c0ac1f50f45a31d7ce036f09c4072d3bbe5f46d5a7a9b00f88e3f7dac5de4b9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F11AD7160424AEFDF14CF55DC60BAB73B9FB85368F10456AE816BB250D730A900CB60
                                                                                                                                                                                                                                                                                    Function 00EA94C0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,67A2E0D3,?,00000000,00ED9B8C,000000FF,?,00EA9496,?,?,00EA8BC5,?,00000000,00000001,00000003,02000000), ref: 00EA94EC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                    • Opcode ID: dd36c538b439b0a19b21e66dad5b5f9046f97321a331a71f0d30271a4bb3500f
                                                                                                                                                                                                                                                                                    • Instruction ID: 1b3bb21831c655ca1d6ef77a52aa0da0d005ba5033284991cc8852d82a58bb16
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd36c538b439b0a19b21e66dad5b5f9046f97321a331a71f0d30271a4bb3500f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCF0A731504646EFC7208F19DC81B52B7E8F70EB34F10072AE872E72D0E7396801CA40
                                                                                                                                                                                                                                                                                    Function 00EA1295 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00EA12E9), ref: 00EA12A6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1c4ed89bda4fcb3deabed68d9bef8ef8111f5397783b03f89fc0bc1ffc26e757
                                                                                                                                                                                                                                                                                    • Instruction ID: 88e70b8471c0f8d1e8c7fd03fa071ced437dc22d4f3c5f399e0c62f200f3e663
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c4ed89bda4fcb3deabed68d9bef8ef8111f5397783b03f89fc0bc1ffc26e757
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AB092B03A220169FE6803669D0AB6612018784B9BF101498B305E80D4E6D0A400A028
                                                                                                                                                                                                                                                                                    Function 00EA12AD Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000,00EA12F8), ref: 00EA12B9
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                    • Opcode ID: a8275eb378982547cd91fb9290cff9be1dc19f10246e2667f2ee3fd6a6ae2341
                                                                                                                                                                                                                                                                                    • Instruction ID: fe8cb453f6f4e58cd947a9b3afccbf831c3e946240bb59cf21e4916dd4fcd897
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8275eb378982547cd91fb9290cff9be1dc19f10246e2667f2ee3fd6a6ae2341
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EB0123024220165EE3803111C09B1531056700B05F3441483501FC0D04550E0049514

                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                    Function 00EA1C57 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 00EA1C6A
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00EA1C80
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00EA1C87
                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000106), ref: 00EA1CAC
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00EA1D2D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemVersion
                                                                                                                                                                                                                                                                                    • String ID: SetDefaultDllDirectories$kernel32.dll$userenv
                                                                                                                                                                                                                                                                                    • API String ID: 2515194075-1199472412
                                                                                                                                                                                                                                                                                    • Opcode ID: 71c6bd66dc276cd9cdf0c1ed873c12db28eab0c73c8e8a87875d9cce574c968b
                                                                                                                                                                                                                                                                                    • Instruction ID: 105cbb2f060401103796a8ab57ab0f906ee6411d6b48aed7a997121a1ac44a51
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71c6bd66dc276cd9cdf0c1ed873c12db28eab0c73c8e8a87875d9cce574c968b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A21063120034ADBD721EBB9A919BA6F3B4EF09749F206997E944FF190E7709D48C790
                                                                                                                                                                                                                                                                                    Function 00ED38B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 00ED3949
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 00ED3972
                                                                                                                                                                                                                                                                                    • GetACP.KERNEL32 ref: 00ED3987
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                    • Opcode ID: f371049a96bae2fa4a6f2dc81f3fefd02df40ca9dec96712dcbd5c508505dd8d
                                                                                                                                                                                                                                                                                    • Instruction ID: eb021edaeb5d6a80154784aad4f5cf15d0c820936732910fb13ac1e3d3033f0a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f371049a96bae2fa4a6f2dc81f3fefd02df40ca9dec96712dcbd5c508505dd8d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA210826601105AADB348F35C911AD7B3B6EBD0F58B665126E909FB308E7B2CF43C341
                                                                                                                                                                                                                                                                                    Function 00ED3A8C Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: GetLastError.KERNEL32(?,?,00EC6397,00EE9388,0000000C), ref: 00ECC720
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: SetLastError.KERNEL32(00000000), ref: 00ECC7C2
                                                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32 ref: 00ED3B94
                                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 00ED3BD2
                                                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 00ED3BE5
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 00ED3C2D
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 00ED3C48
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 415426439-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 794257334ebb12cbec8f1da4a9aa27129bd93db3ef4036718b4a9eefdcd757cc
                                                                                                                                                                                                                                                                                    • Instruction ID: e73f48e41c8a678759b38f5d9d5333b98f190ca1e11f97908d3649ff50a0ed56
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 794257334ebb12cbec8f1da4a9aa27129bd93db3ef4036718b4a9eefdcd757cc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C251A071A00619AFDB10DFB5CC85BAAB7B8EF04704F14546BE511FB291E7B09E06CB62
                                                                                                                                                                                                                                                                                    Function 00EAE24E Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 652COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID: g$g
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-2456562930
                                                                                                                                                                                                                                                                                    • Opcode ID: 45abad180e384870c05cd9281a1310fd6448c4a77c54390193f8e755a94273a5
                                                                                                                                                                                                                                                                                    • Instruction ID: 12def5543e0962d22f73dc7bc189f7b4368892835232c684f68d14e2919d1643
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45abad180e384870c05cd9281a1310fd6448c4a77c54390193f8e755a94273a5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3325B71E002159BCB18EFA4C9919ADB7F6BF8E314B14A52AE416BF741DB30BD41CB90
                                                                                                                                                                                                                                                                                    Function 00ECFF9C Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00ED008C
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00ED0180
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00ED01BF
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00ED01F2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1164774033-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8eb301d881780b6b5b8943297d33e3ca2c2cf2220e19acb4afa6fb94c9ab99de
                                                                                                                                                                                                                                                                                    • Instruction ID: 5ee1d7fb25a8f985c24917293c055156dffa84de737df8d9b32db06b118d934c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8eb301d881780b6b5b8943297d33e3ca2c2cf2220e19acb4afa6fb94c9ab99de
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C771E57194516CAFDF20AF289C99FAAB7B5EB09304F1851DEE00DB7251DA314E869F10
                                                                                                                                                                                                                                                                                    Function 00EC162A Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00EC1636
                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00EC1702
                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00EC171B
                                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00EC1725
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f741148ce8921833a0c6c177692545639a9bebbee908fa413cc072ccf03a90de
                                                                                                                                                                                                                                                                                    • Instruction ID: 720b8440a19e06b16f56125886c977da6b46729053c925a4cd1ff6267e2aa041
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f741148ce8921833a0c6c177692545639a9bebbee908fa413cc072ccf03a90de
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 343118B5C05229DBDF20DFA5D949BCDBBB8AF08304F1041EAE40CAB251EB719A85CF45
                                                                                                                                                                                                                                                                                    Function 00EC239E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00EE9C38,00000002,?,?,00EBE2A0,?,?,?,?,?,00EE9C38), ref: 00EC23B2
                                                                                                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001300,00000000,?,00EE9C38,?,00000000,00000000,?,?,?,00EBE2A0,?,?,?,?,?), ref: 00EC23D9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                                                                                                                    • String ID: !x-sys-default-locale
                                                                                                                                                                                                                                                                                    • API String ID: 4235545615-2729719199
                                                                                                                                                                                                                                                                                    • Opcode ID: dc3e533e10558a4f6fb8b8c695ea583db0bf795ff796c6ad7d1dae1f58a42056
                                                                                                                                                                                                                                                                                    • Instruction ID: bb414238a0d6c52db2f8c6937087c8620f4ab27e721b56ae37bcd3f897021108
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc3e533e10558a4f6fb8b8c695ea583db0bf795ff796c6ad7d1dae1f58a42056
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21F0A071105115FFEF049B98DD0AEAE3BACEB09380F10411EFA01F6040E6B1AE008770
                                                                                                                                                                                                                                                                                    Function 00ED3534 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: GetLastError.KERNEL32(?,?,00EC6397,00EE9388,0000000C), ref: 00ECC720
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: SetLastError.KERNEL32(00000000), ref: 00ECC7C2
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00ED3588
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00ED35D2
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00ED3698
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 661929714-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e59a148a5c2cdcf1219bc3a186ad2968947f3567b84fe179bdc23d5735c71a78
                                                                                                                                                                                                                                                                                    • Instruction ID: ff37ad19919d3c17ad2ccf4873c7585cff13db16bec2e0aa96d71d39a1e4cee3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e59a148a5c2cdcf1219bc3a186ad2968947f3567b84fe179bdc23d5735c71a78
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E461B0B1500607AFDB28DF38CD92BBA77A8EF04304F2051ABE915E6385E774DA42DB51
                                                                                                                                                                                                                                                                                    Function 00EC67CB Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00EC68C3
                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00EC68CD
                                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00EC68DA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 96ac7b4f1e26f42e5d703470b3867aad9abfc50cf723a8f2fa4dea43490459ca
                                                                                                                                                                                                                                                                                    • Instruction ID: 4078716ad3223150fec02f295922f257147f21be6224ff0ddf7d410be3a72352
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96ac7b4f1e26f42e5d703470b3867aad9abfc50cf723a8f2fa4dea43490459ca
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D131F6B590122D9BCB21DF64D988BCDB7B8BF08310F6051EAE41CA7251E7709F858F45
                                                                                                                                                                                                                                                                                    Function 00EA4606 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: yN$yN
                                                                                                                                                                                                                                                                                    • API String ID: 0-2724679315
                                                                                                                                                                                                                                                                                    • Opcode ID: 21199bde0d7b33e53811178655ffdef7ef202ae270428169c13316e390da4c79
                                                                                                                                                                                                                                                                                    • Instruction ID: da578a1737fbceb1bdee9e0bc0f6921a99c8c11d3e07fbd7d0c646de2b362fdf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21199bde0d7b33e53811178655ffdef7ef202ae270428169c13316e390da4c79
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81028272B002658FDB04CE7CC8C06BDBBF2EB8A345F115579E456EB680E7B4A941CB94
                                                                                                                                                                                                                                                                                    Function 00EAF039 Relevance: 2.0, APIs: 1, Instructions: 533COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EAF043
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAED62: __EH_prolog3.LIBCMT ref: 00EAED69
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d29e5124b5605b2a83c7b19fd0292b55abff690635a32b5e0e3dbe634966200f
                                                                                                                                                                                                                                                                                    • Instruction ID: 6e54ea7c665a8792a64e57877c736d70afa47d6c8d0c4cebf72a857487de4a7e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d29e5124b5605b2a83c7b19fd0292b55abff690635a32b5e0e3dbe634966200f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B222B70D042198BCF15EFA4C891AEEB7F5AF9E304F149069E44ABF252DB306D45CBA0
                                                                                                                                                                                                                                                                                    Function 00ED555C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,00ED5557,?,?,?,?,?,?,00000000), ref: 00ED5789
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 48e0b4971d775cdb78946909030e219d3afa1c1181285c4ce8d3a6e675b061d0
                                                                                                                                                                                                                                                                                    • Instruction ID: c629442f4edc827e2495b2ad240f61e760c254dd02a2c538f68c4189f38fb212
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48e0b4971d775cdb78946909030e219d3afa1c1181285c4ce8d3a6e675b061d0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACB15F36510A08CFD719CF28C486B647BE0FF45368F65965AE8A9DF3A1C735D982CB40
                                                                                                                                                                                                                                                                                    Function 00EC144A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00EC1460
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b59e8675e3db4b820e80aa23e558e3e53326c094f96c03d41086a53df318173e
                                                                                                                                                                                                                                                                                    • Instruction ID: 563d8874a00e4cb56599e5fab5321c9c98d22e0bb90ffed34452a69225b73554
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b59e8675e3db4b820e80aa23e558e3e53326c094f96c03d41086a53df318173e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B519EB1A002098FDB24CF69D981BAEBBF1FB89304F2495ADE415FB251E3769D05CB50
                                                                                                                                                                                                                                                                                    Function 00ED3787 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: GetLastError.KERNEL32(?,?,00EC6397,00EE9388,0000000C), ref: 00ECC720
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: SetLastError.KERNEL32(00000000), ref: 00ECC7C2
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00ED37DB
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e2cbc380878c381141219b72324cef8269da2ead8255f273da435a5c1250b728
                                                                                                                                                                                                                                                                                    • Instruction ID: 09af79d9c58105036481bb07dc7d1031c2b7a57c104d0faeefdb9a75318f7eed
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2cbc380878c381141219b72324cef8269da2ead8255f273da435a5c1250b728
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A221D076611206AFDB289B35DC41ABB33A8EF04304B10107BF805F7281EB75EE02DA51
                                                                                                                                                                                                                                                                                    Function 00ED340E Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: GetLastError.KERNEL32(?,?,00EC6397,00EE9388,0000000C), ref: 00ECC720
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: SetLastError.KERNEL32(00000000), ref: 00ECC7C2
                                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00ED3534,00000001), ref: 00ED3480
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4d318bc376e824668f8f4aa33a2795ac2119beabe422aa7a15a88832e8252cb7
                                                                                                                                                                                                                                                                                    • Instruction ID: 8157945acd898869eb70ef2b89d5d0b899d4756f00dd9802de5a96094a7562b2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d318bc376e824668f8f4aa33a2795ac2119beabe422aa7a15a88832e8252cb7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE11C63A6007055FDB189F39D89157ABB92FF80368B14442EE59657740D375AA43CB40
                                                                                                                                                                                                                                                                                    Function 00ED39B6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: GetLastError.KERNEL32(?,?,00EC6397,00EE9388,0000000C), ref: 00ECC720
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: SetLastError.KERNEL32(00000000), ref: 00ECC7C2
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00ED3750,00000000,00000000,?), ref: 00ED39E2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 93f521fa594e3815c2b3f1e9731eef449d4c626a0ab228ae6339089785ec5a5b
                                                                                                                                                                                                                                                                                    • Instruction ID: 27a2b71b36a3a4ae26cbef9bba70441c6b294de459e653f473221cdade2eb359
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93f521fa594e3815c2b3f1e9731eef449d4c626a0ab228ae6339089785ec5a5b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF01DB36B101166BDB285B358D05BFA77A4EB40358F15642AEC46B3280DA75FF42C591
                                                                                                                                                                                                                                                                                    Function 00ED34A9 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: GetLastError.KERNEL32(?,?,00EC6397,00EE9388,0000000C), ref: 00ECC720
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: SetLastError.KERNEL32(00000000), ref: 00ECC7C2
                                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00ED3787,00000001), ref: 00ED34F3
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 313ea6845c06d0f6dcb2005159f78b9fcafdc8651fc87b5c2cfecd1de1c8c68e
                                                                                                                                                                                                                                                                                    • Instruction ID: 385fef22e0c637ed16226106e5fc4daa7f77f841ff9b1f623e80e2438a32053b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 313ea6845c06d0f6dcb2005159f78b9fcafdc8651fc87b5c2cfecd1de1c8c68e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3F0F6762003045FDB245F359C81A7A7BD5EF8036CF15446EF90AAB780C6B6AD03CA50
                                                                                                                                                                                                                                                                                    Function 00ECCA14 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECAAC4: EnterCriticalSection.KERNEL32(?,?,00ECC3F4,?,00EE96F0,00000008,00ECC5B8,?,?,?), ref: 00ECAAD3
                                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(Function_0002CA07,00000001,00EE9770,0000000C,00ECCE1F,?), ref: 00ECCA4C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b64fb404516782e95fd1151ef75704aea921e063b49e0b424e6c9999f8c5bb94
                                                                                                                                                                                                                                                                                    • Instruction ID: b004d188bde5a7f2307590d5dfa2e34b6233b4cf58a2154bff87c0ad7e9ccd19
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b64fb404516782e95fd1151ef75704aea921e063b49e0b424e6c9999f8c5bb94
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F03C72A10348EFD700DF59E946B9977F0EB08725F10512AF411AB291CB765909CF50
                                                                                                                                                                                                                                                                                    Function 00ED33C1 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: GetLastError.KERNEL32(?,?,00EC6397,00EE9388,0000000C), ref: 00ECC720
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: SetLastError.KERNEL32(00000000), ref: 00ECC7C2
                                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00ED331C,00000001), ref: 00ED33FA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 091ac8223b31929fb3b685f505430b95646a7cf4ef50c577ad39ac8247d532a2
                                                                                                                                                                                                                                                                                    • Instruction ID: e6cf2f3bba73f9ba3b2c31f8f63dda72abfe51f2707502aa63b6d957f493cb6e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 091ac8223b31929fb3b685f505430b95646a7cf4ef50c577ad39ac8247d532a2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDF0553A3002055BCB049F39D845B6A7F90EFC1764B0A405AEA099B382C6719943C790
                                                                                                                                                                                                                                                                                    Function 00ED33C3 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: GetLastError.KERNEL32(?,?,00EC6397,00EE9388,0000000C), ref: 00ECC720
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC71C: SetLastError.KERNEL32(00000000), ref: 00ECC7C2
                                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00ED331C,00000001), ref: 00ED33FA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 832ac60b9352b98fe955287457a36827723174a43c67c0737088b1790ad6cbf4
                                                                                                                                                                                                                                                                                    • Instruction ID: d7fa0d8a2f533540a1f10e3f49ac3dca9ee1167166fb6e1422971f3c64232056
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 832ac60b9352b98fe955287457a36827723174a43c67c0737088b1790ad6cbf4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9F0553A30020557CB049F39D805B6A7F90EFC1764B0A405AEA099B281C6719943C750
                                                                                                                                                                                                                                                                                    Function 00ECCF23 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00ECA5DE,?,20001004,00000000,00000002,?,?,00EC9BD0), ref: 00ECCF57
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c9aa25ac7e9e6440def3949f8da0c703f82e1585b86ff9974b767fa10d53e8e9
                                                                                                                                                                                                                                                                                    • Instruction ID: 44f610c704b81624fd343f1b509f2e20defdf5a86eaa7f90fe18019eee0cc078
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9aa25ac7e9e6440def3949f8da0c703f82e1585b86ff9974b767fa10d53e8e9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1E01A32505129BBCF123F61ED15F9E7F66EF44790F205419FD09751218B328922AAA1
                                                                                                                                                                                                                                                                                    Function 00EAA419 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAA406: GetCurrentProcess.KERNEL32(?,?,00EAA427), ref: 00EAA40B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAA406: GetProcessAffinityMask.KERNEL32(00000000), ref: 00EAA412
                                                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 00EAA43F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$AffinityCurrentInfoMaskSystem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3251479945-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 702a6bca7cb5c8105de3f02a5373746d2080a9af27f512db39251731cbcab15f
                                                                                                                                                                                                                                                                                    • Instruction ID: f70cc6f271b43cfb76a513d83b1d87c73873c1d04270aaa61f931b75891f01dd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 702a6bca7cb5c8105de3f02a5373746d2080a9af27f512db39251731cbcab15f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FE0EC309003099ACF14E7A5E48AADDB7B8AB1D34CF485074E411B6090EBB4E98AC652
                                                                                                                                                                                                                                                                                    Function 00EC17B7 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_000217C3,00EC1237), ref: 00EC17BC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 020aba31dcbe96b3c2adc777aa3a863f883efdddd72f209738b2594a436a8354
                                                                                                                                                                                                                                                                                    • Instruction ID: f7264c48cfac743d08751f1e88e2ab2a093b306836b407f8778276e4cbff5c17
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 020aba31dcbe96b3c2adc777aa3a863f883efdddd72f209738b2594a436a8354
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                    Function 00ED0FB7 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 18424d67a1d30e58173bdbca069d9eb3dc123a91fba87469c5d9a582f1d7004c
                                                                                                                                                                                                                                                                                    • Instruction ID: 942316cd30c8800fe54230ffeb792b9ce1256b999d2546a9417e3b4376e16964
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18424d67a1d30e58173bdbca069d9eb3dc123a91fba87469c5d9a582f1d7004c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5A01230101102CF83004F326D4420937D8A7091C030502156004E5120E72040889608
                                                                                                                                                                                                                                                                                    Function 00EA55BB Relevance: .9, Instructions: 866COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterErrorLastLeaveObjectSingleWait
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1001467830-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e4aa398bbef9d417785d21dfdcdc0fea03492318237b18c50179ac7e4adfb9dd
                                                                                                                                                                                                                                                                                    • Instruction ID: 797bf7408dd8b7aada94dc3f46996fc2669bda2b664b6628c1d3a8ca9dcee3da
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4aa398bbef9d417785d21dfdcdc0fea03492318237b18c50179ac7e4adfb9dd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB82C275A097419FC768CF29C580A6ABBE1BFC9744F14992EF9999B210D730A844CF82
                                                                                                                                                                                                                                                                                    Function 00EA115B Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 021a92b14dfa77c8e179fb2b85306cb1d10b34f6f6001ecb8844a991a8867def
                                                                                                                                                                                                                                                                                    • Instruction ID: 8315fc4c2aa8826887246e454c28bf86f5318f74a622a3ede522aa6a7ca902be
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 021a92b14dfa77c8e179fb2b85306cb1d10b34f6f6001ecb8844a991a8867def
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF21CD316101259BC716CE5DC8845BAB7A0FB4E349F82826AED41DF385C638FD25D7E0
                                                                                                                                                                                                                                                                                    Function 00EC2722 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00EC2728
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00EC2736
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00EC2747
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00EC2758
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                    • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 667068680-1247241052
                                                                                                                                                                                                                                                                                    • Opcode ID: 3a94288f9c731749b77d1f1e69e639171d6a91961e5c5f33f8a51fcddff76fe8
                                                                                                                                                                                                                                                                                    • Instruction ID: dc9cedfbff8731fce332eec7d2488669bb48ede86ac76ee2e77ade2db4a67513
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a94288f9c731749b77d1f1e69e639171d6a91961e5c5f33f8a51fcddff76fe8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08E08C7194B319EFC3207FB2BC4D8867BA8EB057813201013F509F32A8D6B0040ACBA1
                                                                                                                                                                                                                                                                                    Function 00EC54FF Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 00EC561E
                                                                                                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 00EC572C
                                                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00EC587E
                                                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 00EC5899
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 2751267872-393685449
                                                                                                                                                                                                                                                                                    • Opcode ID: 97fe3a530514a49ce6e77013782c197f2418708b3bf6f4934c8b4a7f8fae7f1e
                                                                                                                                                                                                                                                                                    • Instruction ID: 91206427027375cb15e8589d61a5e76e32f988bda59abc88aab8d97797e2fa32
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97fe3a530514a49ce6e77013782c197f2418708b3bf6f4934c8b4a7f8fae7f1e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17B13B73800A09EFCF19DF94CA41EAEBBB5AF04314B14516EE8117B212D732E992CF91
                                                                                                                                                                                                                                                                                    Function 00EC2D30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00EC2D67
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00EC2D6F
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00EC2DF8
                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00EC2E23
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00EC2E78
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: =2$csm
                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-722315007
                                                                                                                                                                                                                                                                                    • Opcode ID: 9cdeca0b1ed8198bbb82bf8fe85e826e32d94db324fc93e97803856b36d12302
                                                                                                                                                                                                                                                                                    • Instruction ID: 5e63c9e379285fd77f1707c03cfdc23df6320af110b575644fb5eb414006f6df
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cdeca0b1ed8198bbb82bf8fe85e826e32d94db324fc93e97803856b36d12302
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2841A134A002099FCF10DF69C984F9EBBA5EF44318F14915DE915BB362D772EA46CB90
                                                                                                                                                                                                                                                                                    Function 00EC2538 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00EC2581
                                                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00EC25AD
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00EC25EC
                                                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EC2609
                                                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00EC2648
                                                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00EC2665
                                                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EC26A7
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00EC26CA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2040435927-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d71f6ba3847341025d9833628f011537f5e0143ada48f5d331f848f36c2a7f9b
                                                                                                                                                                                                                                                                                    • Instruction ID: 4eefde925780590b0585310fd787a48f36a00665b2583e41ab26ef95f0bfebdc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d71f6ba3847341025d9833628f011537f5e0143ada48f5d331f848f36c2a7f9b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0351907250121AAFEF209F64DE45FAB7BA9EF40744F14502DFA00B6190E772CD12CB60
                                                                                                                                                                                                                                                                                    Function 00EBA686 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EBA68D
                                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00EBA699
                                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EBA6E0
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC1E15: _Yarn.LIBCPMT ref: 00EC1E34
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC1E15: _Yarn.LIBCPMT ref: 00EC1E58
                                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00EBA722
                                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00EBA75A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: std::_$Locinfo::_LockitYarn$H_prolog3Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                                                    • API String ID: 2469272659-1405518554
                                                                                                                                                                                                                                                                                    • Opcode ID: e17b71607eac011f2cf4c96b73188433863c5d579564d60b9fb452cdfbf9207e
                                                                                                                                                                                                                                                                                    • Instruction ID: 87c3cdcd1a94d28f8a129632ad9650fbf7e5e2cf0f507485001a8a5400334cb3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e17b71607eac011f2cf4c96b73188433863c5d579564d60b9fb452cdfbf9207e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1217132800604DFC724FB20E992FEFB3E0EF14710F50556EF416A6992EFB5AA05C645
                                                                                                                                                                                                                                                                                    Function 00EA1005 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00EA8DDB
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FindFirstStreamW), ref: 00EA8DE9
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FindNextStreamW), ref: 00EA8DFA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                    • String ID: FindFirstStreamW$FindNextStreamW$kernel32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 667068680-4044117955
                                                                                                                                                                                                                                                                                    • Opcode ID: 6ff8ed715b44b35901418613f7e11544d0f99b10a79ed2478c64f4580b1242c3
                                                                                                                                                                                                                                                                                    • Instruction ID: b768dbb8bdbbbcd9a5f3b8b801d49a9ddfa85ab58f2060231d4822388412cb7b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ff8ed715b44b35901418613f7e11544d0f99b10a79ed2478c64f4580b1242c3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BD01771549388EF83105BBBBC0D8267BB4EBD9B91310202AB40AF76A4DB704209DA21
                                                                                                                                                                                                                                                                                    Function 00EBE54C Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • std::_Is_slash_oper::operator.LIBCPMT ref: 00EBE57B
                                                                                                                                                                                                                                                                                    • std::_Is_slash_oper::operator.LIBCPMT ref: 00EBE594
                                                                                                                                                                                                                                                                                    • std::_Is_slash_oper::operator.LIBCPMT ref: 00EBE5A7
                                                                                                                                                                                                                                                                                    • std::_Is_slash_oper::operator.LIBCPMT ref: 00EBE5B5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Is_slash_oper::operatorstd::_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2479866829-0
                                                                                                                                                                                                                                                                                    • Opcode ID: cf28c7defbcde89bf5220ed5fbf0d20ad6c50358b73b630a06ee0e7002090c64
                                                                                                                                                                                                                                                                                    • Instruction ID: 4aa1585a6f9a5ed2822a5ff670a2de8b0bdb1fe1c21c49624ff9c83156969332
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf28c7defbcde89bf5220ed5fbf0d20ad6c50358b73b630a06ee0e7002090c64
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0215791A0132051CE349BA998495FB73D99E65B5CB0474AAF4C2FB386FA30FC40D261
                                                                                                                                                                                                                                                                                    Function 00EC5191 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00EC5188,00EC33E9,00EC1807), ref: 00EC519F
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00EC51AD
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00EC51C6
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00EC5188,00EC33E9,00EC1807), ref: 00EC5218
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 35192c5191623d66f7a37cfc0e1f74a54063130d0993e5ecd07abd50c0865845
                                                                                                                                                                                                                                                                                    • Instruction ID: 78ccd3095a66dc58cc5d66be90d2f974ceabb64ab0b990452c7465721455bca1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35192c5191623d66f7a37cfc0e1f74a54063130d0993e5ecd07abd50c0865845
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F401F53310AA1A5E9A2826B5AD99F6727E5DB61778730222DF424780F1EF131C479140
                                                                                                                                                                                                                                                                                    Function 00EBCA91 Relevance: 9.1, APIs: 6, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EBCA98
                                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00EBCAA2
                                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 00EBCAB9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBA795: std::_Lockit::_Lockit.LIBCPMT ref: 00EBA7A6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EBA795: std::_Lockit::~_Lockit.LIBCPMT ref: 00EBA7C0
                                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00EBCAF9
                                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00EBCB1F
                                                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00EBCB2C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 55977855-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 89465226a1dd147bb833b588cae18fec61aebc2404d8a9670a5e4ca4b78e42eb
                                                                                                                                                                                                                                                                                    • Instruction ID: 46c4873751731d4d684e5fbae2d0175ea53824c6340edd2c163b496f730376a5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89465226a1dd147bb833b588cae18fec61aebc2404d8a9670a5e4ca4b78e42eb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C811793190812A9FCB15EBA0C856AFF77B5BF40314F252959F0157B292EF349A06C792
                                                                                                                                                                                                                                                                                    Function 00ECE9A7 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ECEA44
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ECEB4B
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ECEB5E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: }$}
                                                                                                                                                                                                                                                                                    • API String ID: 885266447-1924074795
                                                                                                                                                                                                                                                                                    • Opcode ID: 7cd7175b7c8caa07f00fd258e3779e8faaf9a3c4f07af38ff5a8a42e013e8a8f
                                                                                                                                                                                                                                                                                    • Instruction ID: ec181715bba930145ff7369dd179c453a140055200882f34bd75fab7799ebbb7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cd7175b7c8caa07f00fd258e3779e8faaf9a3c4f07af38ff5a8a42e013e8a8f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D516F71A00249EFCF24CF98CA81EEEBBB6EB88314F149159E855B7351D231DE42CB50
                                                                                                                                                                                                                                                                                    Function 00ECB849 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe, xrefs: 00ECB865
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe
                                                                                                                                                                                                                                                                                    • API String ID: 0-811367275
                                                                                                                                                                                                                                                                                    • Opcode ID: 3642e91e2ff72d32b16b9d97f72a0779b1f7c653a419dbd74f8a760f33662aef
                                                                                                                                                                                                                                                                                    • Instruction ID: 1b9dad3d25101aee4e4fab15f551abc36907350e5b4d7e885394248c4d1f02f4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3642e91e2ff72d32b16b9d97f72a0779b1f7c653a419dbd74f8a760f33662aef
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65219272A00209AFDB10AF61DE82EAA77ADEF94368F10551DF925F7151D732EC1287A0
                                                                                                                                                                                                                                                                                    Function 00EC85AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,67A2E0D3,?,?,00000000,00ED9BA9,000000FF,?,00EC8588,00000002,?,00EC855C,00ECB51B), ref: 00EC85E1
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00EC85F3
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000,00ED9BA9,000000FF,?,00EC8588,00000002,?,00EC855C,00ECB51B), ref: 00EC8615
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                    • Opcode ID: 2d190b88e25a2bf539636a8832e4f495c7b544fb9df1bc5a782015c19d030b0c
                                                                                                                                                                                                                                                                                    • Instruction ID: 8bc7e17423b942dc31f49e5af9ba5b2a06dada6ca3f2de18560d748f4bb03f6c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d190b88e25a2bf539636a8832e4f495c7b544fb9df1bc5a782015c19d030b0c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD01F731914659EFCB118B41DD08FAFBBB8FB04B54F00062AF821B22A0DB759804CA94
                                                                                                                                                                                                                                                                                    Function 00ED4B72 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00ED4BF7
                                                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00ED4CC0
                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00ED4D27
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECC333: RtlAllocateHeap.NTDLL(00000000,?,?,?,00EA128B,?,00EA12CB), ref: 00ECC365
                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00ED4D3A
                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00ED4D47
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1423051803-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 346a4e842ffa7a7ddeb50a6dcbb4adac8d0ddece0d04fb8e47847a98e135695f
                                                                                                                                                                                                                                                                                    • Instruction ID: 527c05b2288257a69e758ae922f7a6799553969d52f1454ec656ee0135c391dc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 346a4e842ffa7a7ddeb50a6dcbb4adac8d0ddece0d04fb8e47847a98e135695f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA51D7B150010AAFEB119E60DC85EAB76AADF54714F19142EFD08FB280E771CC53C661
                                                                                                                                                                                                                                                                                    Function 00EA85C6 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EA85CD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8F6E: __EH_prolog3.LIBCMT ref: 00EA8F75
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(0000010B,00000000,00000000,0000005C,00EA8B2F,?,00EBDED5,67A2E0D3,?,?,?,00ED9BA9,000000FF), ref: 00EA860A
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,0000005C,00EA8B2F,?,00EBDED5,67A2E0D3,?,?,?,00ED9BA9,000000FF), ref: 00EA86C8
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,0000005C,00EA8B2F,?,00EBDED5,67A2E0D3,?,?,?,00ED9BA9,000000FF), ref: 00EA86E2
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,00000000,0000005C,00EA8B2F,?,00EBDED5,67A2E0D3,?,?,?,00ED9BA9,000000FF), ref: 00EA8704
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$H_prolog3
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3502553090-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 090840a67a176f72552600a92927a81c5239f70f8f6ee416e7a11700ac77018c
                                                                                                                                                                                                                                                                                    • Instruction ID: 7924c5a41cbde7bf32b764c1bf057210ef7ee339fdd32564f151616e5ef27d2e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 090840a67a176f72552600a92927a81c5239f70f8f6ee416e7a11700ac77018c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E414B319102189BDF04FBA0DE51AEDB7B4AF6F348F542069F4027F192EF243A0ACA51
                                                                                                                                                                                                                                                                                    Function 00EC1D17 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EC1D1E
                                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00EC1D29
                                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00EC1D97
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC1E7A: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00EC1E92
                                                                                                                                                                                                                                                                                    • std::locale::_Setgloballocale.LIBCPMT ref: 00EC1D44
                                                                                                                                                                                                                                                                                    • _Yarn.LIBCPMT ref: 00EC1D5A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1088826258-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c366854d48acd515208c08f2c260bcc8171e5ea5c561c1040845a337d581c8f5
                                                                                                                                                                                                                                                                                    • Instruction ID: fa654f353afd66ded5547aca25f17b56cc5121ad547798e0d621e871bdc7d41c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c366854d48acd515208c08f2c260bcc8171e5ea5c561c1040845a337d581c8f5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8019A716016619FCB05EB20DD95A7C7BB2FB81380F18508EE8027B392CB35AA07CBC1
                                                                                                                                                                                                                                                                                    Function 00EBE462 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00EBE469
                                                                                                                                                                                                                                                                                    • ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 00EBE4B1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC240F: MultiByteToWideChar.KERNEL32(?,00000008,00000000,?,00000001,?,?,?,00EBE4B6,?,00000000,?,00000000,00000000,00000014,00EC0867), ref: 00EC2424
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC240F: GetLastError.KERNEL32(?,?,00EBE4B6,?,00000000,?,00000000,00000000,00000014,00EC0867,00000000,?,?,?,?), ref: 00EC2430
                                                                                                                                                                                                                                                                                    • ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 00EBE4E8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ___std_fs_convert_narrow_to_wide@20$ByteCharErrorH_prolog3_LastMultiWide
                                                                                                                                                                                                                                                                                    • String ID: /
                                                                                                                                                                                                                                                                                    • API String ID: 627721728-2043925204
                                                                                                                                                                                                                                                                                    • Opcode ID: 72244796beef77715259081ab6cda5bdb1f6a9c1cead30f17b09ecf2e30a9c97
                                                                                                                                                                                                                                                                                    • Instruction ID: 83970ebecf097327321837238c13aadfb915ef6b7f69ae41b409c9d049da2258
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72244796beef77715259081ab6cda5bdb1f6a9c1cead30f17b09ecf2e30a9c97
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD11C1709002046BCB14BBB04C86AFF75F99FD2748F10A02DB5147B252DE304D4282B1
                                                                                                                                                                                                                                                                                    Function 00EC6183 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00EC6134,00000000,?,00EED1B4,?,?,?,00EC62D7,00000004,InitializeCriticalSectionEx,00EDDD8C,InitializeCriticalSectionEx), ref: 00EC6190
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00EC6134,00000000,?,00EED1B4,?,?,?,00EC62D7,00000004,InitializeCriticalSectionEx,00EDDD8C,InitializeCriticalSectionEx,00000000,?,00EC6056), ref: 00EC619A
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00EC61C2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                                                    • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                                    • Opcode ID: 9355dddaf98bf500332090ab18b8d061e26f10cdf8d38a4b5f5d03641d709cb9
                                                                                                                                                                                                                                                                                    • Instruction ID: 71e7216203b8a3ed17b65e3c95c265609ee89e5b99b4a376d0cdc340bfc96e1e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9355dddaf98bf500332090ab18b8d061e26f10cdf8d38a4b5f5d03641d709cb9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EE01230281205FADF211B61ED06F1D7B55EB10BD5F245025F90DF41E1D762D8169554
                                                                                                                                                                                                                                                                                    Function 00ECD9CA Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(67A2E0D3,00000000,00000000,0000000C), ref: 00ECDA2D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ED0E07: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00ED4D1D,?,00000000,-00000008), ref: 00ED0E68
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00ECDC7F
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00ECDCC5
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00ECDD68
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ce64e4654961339a6755ad3264ec4f6b2744ff88d136ceb1b87f6a520a398e96
                                                                                                                                                                                                                                                                                    • Instruction ID: e54f7e31f51239b565dfb4ef0dc423c79701795379cd931238e44e1614c3fbc4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce64e4654961339a6755ad3264ec4f6b2744ff88d136ceb1b87f6a520a398e96
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77D179B5D082489FCB15CFA8D980AEDBBB4FF48314F24416EE816FB351D632A946CB50
                                                                                                                                                                                                                                                                                    Function 00EC52A8 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e663ddb797606854074aee16e7653c0f5ffdca2f235688d52088ef72197c11d1
                                                                                                                                                                                                                                                                                    • Instruction ID: a8703aee7b1752a6b0e271fe575c7ab231316bab74090c740406788ad4b01f66
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e663ddb797606854074aee16e7653c0f5ffdca2f235688d52088ef72197c11d1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B251D373601A829FDB298F18DA41FAA73E4FF10744F24512DE902A7595E7B2BCC2CB50
                                                                                                                                                                                                                                                                                    Function 00EBE0B8 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC233D: QueryPerformanceFrequency.KERNEL32(?,?,?,?,00EBE0CB), ref: 00EC235B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC2326: QueryPerformanceCounter.KERNEL32(?,?,?,?,00EBE0D7), ref: 00EC232F
                                                                                                                                                                                                                                                                                    • __alldvrm.LIBCMT ref: 00EBE120
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EBE143
                                                                                                                                                                                                                                                                                    • __alldvrm.LIBCMT ref: 00EBE159
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EBE17B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PerformanceQueryUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@$CounterFrequency
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1598812886-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2849ccb78b75a35d90957aba88905b6d81808ec158a9820cda9bb51a1c5d1353
                                                                                                                                                                                                                                                                                    • Instruction ID: 274a36fc79be2f3b4e0e863c01af2463be8c09fad280efef59645a92d5038a37
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2849ccb78b75a35d90957aba88905b6d81808ec158a9820cda9bb51a1c5d1353
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58218FB5D022097EDB24EAA94C86EFF7AFDDAC4754F21606AB505B3302E9305D018AB0
                                                                                                                                                                                                                                                                                    Function 00ECFCA8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ED0E07: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00ED4D1D,?,00000000,-00000008), ref: 00ED0E68
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00ECFD0C
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00ECFD13
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 00ECFD4D
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00ECFD54
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1913693674-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 91eb29ccfa9787ed484422d4c40b7b6c2ac6c425cec852a4d55ad00c8439311c
                                                                                                                                                                                                                                                                                    • Instruction ID: 8eac9ffa1edafc4914a84580e2fc71219f8ec797cd79591a64d16aebc0d66be5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91eb29ccfa9787ed484422d4c40b7b6c2ac6c425cec852a4d55ad00c8439311c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81219871600215AFDB20AF65CA81F6BBBAAFF00364B14992DF956B7251D732EC138790
                                                                                                                                                                                                                                                                                    Function 00ED0EAA Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00ED0EB2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ED0E07: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00ED4D1D,?,00000000,-00000008), ref: 00ED0E68
                                                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ED0EEA
                                                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ED0F0A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 158306478-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9250ff45ed567123a7b2e2e9680018425fc4e70b68a37fe39f964015d6af319e
                                                                                                                                                                                                                                                                                    • Instruction ID: c3ab8bfdec7f48ad8444f2595d8fefd63fb742c583b40f793766b6a0798d6c78
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9250ff45ed567123a7b2e2e9680018425fc4e70b68a37fe39f964015d6af319e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F11DFF1605516BE5B3127B66C89E7F6A9CDE493D4B341417F805F1201F931CD0391B1
                                                                                                                                                                                                                                                                                    Function 00EA8E25 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA8D01: FindClose.KERNEL32(?,?,00EA8D4A,?,00000000,?), ref: 00EA8D0B
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,?,00000000,00000000), ref: 00EA8E57
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,00000000), ref: 00EA8E72
                                                                                                                                                                                                                                                                                    • FindFirstStreamW.KERNELBASE(00000001,00000000,?,00000000), ref: 00EA8E84
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000), ref: 00EA8E91
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$Find$CloseFirstStream
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4071060300-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f8263aea0c3e490a61297cc275bf9bb66a4381fc33bf43f2a3cb629819343b42
                                                                                                                                                                                                                                                                                    • Instruction ID: cc324ecaab2d407ea6b988224987483fe4e076f100fb7ca572d11fbdecebed01
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8263aea0c3e490a61297cc275bf9bb66a4381fc33bf43f2a3cb629819343b42
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5801D631604208DFCB20AF75AD4879977A4AF0A718F20996AF556FF1D0CF71AD49CB10
                                                                                                                                                                                                                                                                                    Function 00ED7BAA Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00ED6209,00000000,00000001,?,0000000C,?,00ECDDBC,0000000C,00000000,00000000), ref: 00ED7BC1
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00ED6209,00000000,00000001,?,0000000C,?,00ECDDBC,0000000C,00000000,00000000,0000000C,0000000C,?,00ECE399,?), ref: 00ED7BCD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ED7B93: CloseHandle.KERNEL32(FFFFFFFE,00ED7BDD,?,00ED6209,00000000,00000001,?,0000000C,?,00ECDDBC,0000000C,00000000,00000000,0000000C,0000000C), ref: 00ED7BA3
                                                                                                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 00ED7BDD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ED7B55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00ED7B84,00ED61F6,0000000C,?,00ECDDBC,0000000C,00000000,00000000,0000000C), ref: 00ED7B68
                                                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00ED6209,00000000,00000001,?,0000000C,?,00ECDDBC,0000000C,00000000,00000000,0000000C), ref: 00ED7BF2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9980d17df3ae9a7079f26af3d54fe3e37cf1a70e93b1d579380bcc3ec980fcb2
                                                                                                                                                                                                                                                                                    • Instruction ID: 4de31a9e76ca0b797cc36b1d95fcefce62c3ec109a532d9af1bbd39abd4815d7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9980d17df3ae9a7079f26af3d54fe3e37cf1a70e93b1d579380bcc3ec980fcb2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1F01C3650116ABFCF221F92EC08D8A3F77EF497A1F504112FA19A6220E7328865DB90
                                                                                                                                                                                                                                                                                    Function 00EAE725 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 459COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID: g$g
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-2456562930
                                                                                                                                                                                                                                                                                    • Opcode ID: c17d01a17c4d3c190f1f0ac264bdf32bbe9d64001a7a5094dfd4eee7cff5547a
                                                                                                                                                                                                                                                                                    • Instruction ID: 404beace1230d95c41f9a106c23801a0de428c2708a712e30ceac12956412f96
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c17d01a17c4d3c190f1f0ac264bdf32bbe9d64001a7a5094dfd4eee7cff5547a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81023C70A002169BCB18EF64C9915AEB7F6FF8E314B15A529E416BF351DB30BD01CBA1
                                                                                                                                                                                                                                                                                    Function 00ECE2B7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00ECD9CA: GetConsoleOutputCP.KERNEL32(67A2E0D3,00000000,00000000,0000000C), ref: 00ECDA2D
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,00000000,?,?,00000000,?,?,?,00EC7203,00EE9468,0000000C), ref: 00ECE43C
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00EC7203,00EE9468,0000000C,00EC736B,?,?,?,?,00EC73C8), ref: 00ECE446
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                                                    • String ID: ks
                                                                                                                                                                                                                                                                                    • API String ID: 2915228174-628708584
                                                                                                                                                                                                                                                                                    • Opcode ID: 0f7636af84342deb33a99a7f0291599cb382bf321baa3dbd13a2aa5215e73599
                                                                                                                                                                                                                                                                                    • Instruction ID: c3ca127faecab83e1ab7027e1083289ab5283ffb6a78de0f04b7340fa372050f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f7636af84342deb33a99a7f0291599cb382bf321baa3dbd13a2aa5215e73599
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06619071904159AEDF159FA8CA85FEEBBB9BB49308F141149E814B7342D333D906CB50
                                                                                                                                                                                                                                                                                    Function 00EB7527 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID: Unknown error$Unknown warning
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-4291957651
                                                                                                                                                                                                                                                                                    • Opcode ID: f7978b20ee2631a5d49a3cafd1a5f56a5f4e00568f89a13dd4ef05effac1064f
                                                                                                                                                                                                                                                                                    • Instruction ID: 96c52e22d0b0ae306de05a72d092eb546d3068ed02f754db233fecf62699cc80
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7978b20ee2631a5d49a3cafd1a5f56a5f4e00568f89a13dd4ef05effac1064f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C516970A04B048BDB25DF78C884ADFB7F5BF98304F10582EE586A7A91EB74B904CB10
                                                                                                                                                                                                                                                                                    Function 00EC58A4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?), ref: 00EC58C9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                                    • Opcode ID: a56ba1dbf51b56dbda4938d0edb3271432ee30453bedb2af150a01b6cf1e4470
                                                                                                                                                                                                                                                                                    • Instruction ID: e78f7e07c492df3d9d4eb1c7f814c3bbf58331828797c48e3a5b6c2878cd77bf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a56ba1dbf51b56dbda4938d0edb3271432ee30453bedb2af150a01b6cf1e4470
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E417A32900609EFDF15DF94CA81FAEBBB5FF88314F185099F91576211D332A992CB50
                                                                                                                                                                                                                                                                                    Function 00EBEAFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                                                    • String ID: %%C$%%S
                                                                                                                                                                                                                                                                                    • API String ID: 431132790-1134302098
                                                                                                                                                                                                                                                                                    • Opcode ID: 393d56a6e488f95ea05310a9e7a01401094a7c710e5fbe97be11fb882b846317
                                                                                                                                                                                                                                                                                    • Instruction ID: 4542df136e4619593cd3e2f7ff427075be8d283dd9a1d8c71c6aab765008661d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 393d56a6e488f95ea05310a9e7a01401094a7c710e5fbe97be11fb882b846317
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C215374D05248DACB05FBA0C9929EDBBF49F2B304F5460AAF15277282DF246F09CA61
                                                                                                                                                                                                                                                                                    Function 00EAC8BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: 3333
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-2924271548
                                                                                                                                                                                                                                                                                    • Opcode ID: c0575dcc85efdda72f897d78d55e77028e17041725bf866b8b6e5601d9d9548f
                                                                                                                                                                                                                                                                                    • Instruction ID: 102485f2823d1a2f18d3c9b1407ffcdc84fee5bb9c068316a2de28caf8cc4161
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0575dcc85efdda72f897d78d55e77028e17041725bf866b8b6e5601d9d9548f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FF09632340208BADF18595DDD06BAE7A99DB85775F08D026B708AE2E0C57069008BC5
                                                                                                                                                                                                                                                                                    Function 00EBA26C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 00EBA271
                                                                                                                                                                                                                                                                                      • Part of subcall function 00EC1B04: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00EC1B10
                                                                                                                                                                                                                                                                                    • std::exception::exception.LIBCONCRT ref: 00EBA288
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.4163317332.0000000000EA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163172608.0000000000EA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163402578.0000000000EDC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163447422.0000000000EEB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.4163499096.0000000000EF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_ea0000_OperaGXSetup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Xinvalid_argumentstd::_std::exception::exceptionstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                    • String ID: string too long
                                                                                                                                                                                                                                                                                    • API String ID: 1004629840-2556327735
                                                                                                                                                                                                                                                                                    • Opcode ID: 116ff24c1c6e86eec2eb06f1debf54aa82bb8142c5f67134a75c8a90672c259e
                                                                                                                                                                                                                                                                                    • Instruction ID: 57ece737e7c48c3924dc315d0b9a617d21f6ab34223a9ebd54fe723f620e3103
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 116ff24c1c6e86eec2eb06f1debf54aa82bb8142c5f67134a75c8a90672c259e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1ED0A9723002292742087A99A802CCEB6CC8B447A1700202AFA08E7342DBA22D0187E8

                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                    Execution Coverage:2.8%
                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                                                    Total number of Nodes:331
                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:11
                                                                                                                                                                                                                                                                                    execution_graph 27367 69316530 49 API calls 2 library calls 27368 69214fa0 GetModuleHandleW GetProcAddress 27369 693167f0 47 API calls 2 library calls 27370 69223b20 260 API calls 27371 78ca7c GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 27372 6930807d 46 API calls CallUnexpected 27373 691f5e10 106 API calls 2 library calls 26945 69276cb0 26946 69276cba 26945->26946 26949 69276cd2 26945->26949 26947 69276cc4 26946->26947 26948 69276ce8 26946->26948 26947->26949 26958 691d5200 115 API calls CatchIt 26947->26958 26952 691d50d0 26948->26952 26955 691d50f0 26952->26955 26957 691d510a CatchIt 26955->26957 26959 692f1939 26955->26959 26969 693244c0 106 API calls _ValidateLocalCookies 26955->26969 26970 693244a0 106 API calls _ValidateLocalCookies 26955->26970 26957->26949 26958->26949 26961 692f193e 26959->26961 26962 692f1958 26961->26962 26964 692f195a 26961->26964 26971 691f92a0 26961->26971 26975 69300ab9 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 26961->26975 26962->26955 26965 692f21dc 26964->26965 26976 692f331c RaiseException 26964->26976 26977 692f331c RaiseException 26965->26977 26968 692f21f9 26968->26955 26969->26955 26970->26955 26973 691f92af 26971->26973 26972 691f92dc 26972->26961 26973->26972 26978 69224c50 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 26973->26978 26975->26961 26976->26965 26977->26968 26978->26973 27376 69278070 5 API calls 2 library calls 26998 691dc4c0 26999 691dc5f7 26998->26999 27000 691dc4e7 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 26998->27000 27045 692155d0 26999->27045 27029 69215660 27000->27029 27003 691dc51e 27035 692156d0 27003->27035 27006 691dc5d9 27010 691dc5e1 27006->27010 27050 692801a0 27006->27050 27008 691dc53f GetLastError 27011 691dc550 27008->27011 27009 691dc55c 27053 692127b0 213 API calls 27009->27053 27056 692f1fe3 27010->27056 27013 691dc555 SetLastError 27011->27013 27013->27009 27015 691dc5eb 27016 691dc561 GetCurrentThreadId 27054 69212810 11 API calls _ValidateLocalCookies 27016->27054 27018 691dc5bc 27020 69215660 6 API calls 27018->27020 27019 691dc572 27019->27018 27063 692127b0 213 API calls 27019->27063 27022 691dc5c1 27020->27022 27055 69215740 261 API calls _ValidateLocalCookies 27022->27055 27023 691dc61d GetCurrentThreadId 27064 69212dc0 129 API calls _ValidateLocalCookies 27023->27064 27026 691dc5c8 GetCurrentThread GetThreadPriority 27026->27006 27027 691dc63e 27026->27027 27065 69215580 220 API calls 27027->27065 27030 69215687 27029->27030 27034 69215680 27029->27034 27066 692f19a1 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 27030->27066 27032 69215691 27032->27034 27067 692f1a1b AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27032->27067 27034->27003 27068 691966f0 GetCurrentThreadId 27035->27068 27037 692156ed TryAcquireSRWLockExclusive 27038 69215701 27037->27038 27039 692156fa 27037->27039 27041 69215b50 259 API calls 27038->27041 27040 692246d0 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 27039->27040 27040->27038 27042 69215718 ReleaseSRWLockExclusive 27041->27042 27043 692f1fe3 _ValidateLocalCookies 5 API calls 27042->27043 27044 691dc52d 27043->27044 27044->27008 27044->27009 27044->27019 27046 69215600 27045->27046 27047 692155dc 27045->27047 27046->27006 27069 691dc370 27047->27069 27087 692a69a0 27050->27087 27052 692801ae 27052->27010 27053->27016 27054->27019 27055->27026 27057 692f1fec IsProcessorFeaturePresent 27056->27057 27058 692f1feb 27056->27058 27060 692f2653 27057->27060 27058->27015 27090 692f2738 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 27060->27090 27062 692f2736 27062->27015 27063->27023 27064->27018 27065->27006 27066->27032 27067->27034 27070 691dc45e 27069->27070 27071 691dc39a GetCurrentThread 27069->27071 27070->27071 27072 691dc46b 27070->27072 27073 691dc3bb SetThreadPriority 27071->27073 27074 691dc3ab 27071->27074 27075 691dc3fc GetCurrentThread SetThreadInformation 27072->27075 27079 691dc3eb 27073->27079 27080 691dc3e3 27073->27080 27074->27073 27076 691dc3af SetThreadPriority 27074->27076 27077 692f1fe3 _ValidateLocalCookies 5 API calls 27075->27077 27076->27073 27081 691dc42f 27077->27081 27079->27075 27086 6934a100 213 API calls 27079->27086 27080->27079 27082 691dc49a SetThreadInformation 27080->27082 27081->27006 27082->27079 27084 691dc484 27084->27075 27085 691dc48c SetThreadPriority 27084->27085 27085->27075 27086->27084 27088 692a69a9 27087->27088 27089 692a69af GetModuleHandleW GetProcAddress 27087->27089 27088->27052 27089->27088 27090->27062 27377 692f3bb0 6 API calls 4 library calls 27378 6930fed0 41 API calls CallUnexpected 27379 69316910 46 API calls 2 library calls 27381 69300952 45 API calls 27382 69351d90 213 API calls _ValidateLocalCookies 26991 6927e8c0 26992 6927e8d6 26991->26992 26994 6927e957 26992->26994 26995 6927e8fa CatchIt CallUnexpected 26992->26995 26997 693244a0 106 API calls _ValidateLocalCookies 26992->26997 26996 692f1939 3 API calls 26994->26996 26996->26995 26997->26994 27385 692fc804 11 API calls 27091 691f0cf0 27094 691f0d50 27091->27094 27093 691f0d02 ___std_exception_copy 27141 692b0890 27094->27141 27096 691f0d75 27097 691f0da9 27096->27097 27098 691f10a2 27096->27098 27110 691f0dae CatchIt 27096->27110 27131 691f102a 27096->27131 27102 692f1939 3 API calls 27097->27102 27097->27110 27201 693244a0 106 API calls _ValidateLocalCookies 27098->27201 27101 691f1035 27107 691f103f 27101->27107 27205 693538c0 112 API calls 3 library calls 27101->27205 27102->27110 27103 691f10aa 27202 693244a0 106 API calls _ValidateLocalCookies 27103->27202 27106 691f11d1 WriteFile 27106->27101 27153 692b08c0 SetLastError 27107->27153 27109 691f10b2 27203 693244d0 106 API calls _ValidateLocalCookies 27109->27203 27112 691f0eb7 CatchIt 27110->27112 27110->27131 27146 6927d390 27110->27146 27112->27101 27112->27109 27116 691f0f0a 27112->27116 27112->27131 27115 691f10ba 27204 693244a0 106 API calls _ValidateLocalCookies 27115->27204 27116->27115 27120 691f0f1b 27116->27120 27119 692f1fe3 _ValidateLocalCookies 5 API calls 27121 691f1062 27119->27121 27123 692f1939 3 API calls 27120->27123 27126 691f0f2d CatchIt 27120->27126 27121->27093 27122 691f10d0 OutputDebugStringA 27138 691f0fb0 27122->27138 27123->27126 27124 691f0e33 27199 690ed780 36 API calls 27124->27199 27126->27131 27126->27138 27208 69353e20 137 API calls _ValidateLocalCookies 27126->27208 27128 691f0e62 27200 690ec660 36 API calls 27128->27200 27131->27101 27160 69353540 27131->27160 27134 691f0e69 27134->27103 27134->27112 27134->27131 27135 691f0ea6 27134->27135 27135->27112 27137 692f1939 3 API calls 27135->27137 27137->27112 27138->27101 27138->27122 27138->27131 27156 6930a2d1 27138->27156 27206 69353810 109 API calls 2 library calls 27138->27206 27207 69213b00 RaiseException EnterCriticalSection LeaveCriticalSection 27138->27207 27209 692f19a1 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 27138->27209 27210 69213ae0 RaiseException EnterCriticalSection LeaveCriticalSection 27138->27210 27211 692f1a1b AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27138->27211 27212 693039e5 27141->27212 27144 693039e5 __dosmaperr 11 API calls 27145 692b08a4 GetLastError SetLastError 27144->27145 27145->27096 27147 6927d3b1 27146->27147 27149 6927d3ce 27147->27149 27254 691d1160 27147->27254 27270 69329b30 106 API calls 27147->27270 27151 692f1fe3 _ValidateLocalCookies 5 API calls 27149->27151 27152 6927d3d8 27151->27152 27152->27124 27154 693039e5 __dosmaperr 11 API calls 27153->27154 27155 691f1058 27154->27155 27155->27119 27157 6930a2e4 CallUnexpected 27156->27157 27278 6930a524 27157->27278 27159 6930a2f6 CallUnexpected 27159->27138 27161 69353578 27160->27161 27174 69353561 27160->27174 27163 69353586 27161->27163 27164 69353618 27161->27164 27162 692f1fe3 _ValidateLocalCookies 5 API calls 27165 691f11c9 27162->27165 27166 692f1939 3 API calls 27163->27166 27168 6935362d CreateFileW 27164->27168 27164->27174 27165->27101 27165->27106 27167 6935358d CallUnexpected 27166->27167 27169 693535a8 GetModuleFileNameW 27167->27169 27170 69353664 CallUnexpected 27168->27170 27168->27174 27351 69277e10 110 API calls CatchIt 27169->27351 27172 6935367a GetCurrentDirectoryW 27170->27172 27173 693536a5 27172->27173 27172->27174 27359 691d5040 106 API calls 27173->27359 27174->27162 27176 69353604 27353 6927eb90 27176->27353 27177 693536b1 27179 69353756 27177->27179 27180 693536cb 27177->27180 27360 69353dd0 126 API calls 27179->27360 27185 693536e1 27180->27185 27188 6927eb90 106 API calls 27180->27188 27183 69353781 27361 69325100 119 API calls _strlen 27183->27361 27184 693535cc 27184->27176 27352 69278fe0 106 API calls 27184->27352 27189 6927eb90 106 API calls 27185->27189 27188->27185 27191 693536f3 27189->27191 27190 69353795 27362 69325100 119 API calls _strlen 27190->27362 27193 69353700 CreateFileW 27191->27193 27194 693536fe 27191->27194 27193->27174 27196 69353737 27193->27196 27194->27193 27195 6935379f 27363 69353a60 160 API calls 27195->27363 27196->27174 27199->27128 27200->27134 27201->27103 27202->27109 27203->27115 27204->27138 27205->27107 27206->27138 27207->27138 27208->27138 27209->27138 27210->27138 27211->27138 27215 69311cab GetLastError 27212->27215 27214 692b089b 27214->27144 27216 69311cc1 27215->27216 27219 69311cc7 27215->27219 27243 693123d4 6 API calls _unexpected 27216->27243 27233 69311ccb ___std_exception_copy 27219->27233 27234 69312413 27219->27234 27221 69311d50 SetLastError 27221->27214 27224 69311d11 27227 69312413 _unexpected 6 API calls 27224->27227 27225 69311d00 27226 69312413 _unexpected 6 API calls 27225->27226 27226->27233 27228 69311d1d 27227->27228 27229 69311d21 27228->27229 27230 69311d38 27228->27230 27231 69312413 _unexpected 6 API calls 27229->27231 27244 69311e9c EnterCriticalSection LeaveCriticalSection _unexpected 27230->27244 27231->27233 27233->27221 27245 69312809 27234->27245 27237 69311ce3 27237->27233 27239 691f9360 27237->27239 27238 6931244d TlsSetValue 27240 691f936f 27239->27240 27241 691f93a0 27240->27241 27253 69224c50 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 27240->27253 27241->27224 27241->27225 27243->27219 27244->27233 27246 69312839 27245->27246 27247 6931242f 27245->27247 27246->27247 27252 6931273e LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary _unexpected 27246->27252 27247->27237 27247->27238 27249 6931284d 27249->27247 27250 69312853 GetProcAddress 27249->27250 27250->27247 27251 69312863 _unexpected 27250->27251 27251->27247 27252->27249 27253->27240 27271 6927f330 AcquireSRWLockExclusive 27254->27271 27256 691d1199 27257 691d11a7 27256->27257 27277 691d57c0 SleepConditionVariableSRW 27256->27277 27259 691d123a 27257->27259 27260 691d11b1 27257->27260 27276 6927f340 ReleaseSRWLockExclusive 27259->27276 27272 6927f340 ReleaseSRWLockExclusive 27260->27272 27263 691d11d6 27273 6927f330 AcquireSRWLockExclusive 27263->27273 27264 691d1226 27264->27147 27266 691d1203 27274 6927f340 ReleaseSRWLockExclusive 27266->27274 27268 691d1219 27275 691d57b0 WakeAllConditionVariable 27268->27275 27271->27256 27272->27263 27273->27266 27274->27268 27275->27264 27276->27264 27277->27256 27280 6930a530 CatchIt 27278->27280 27279 6930a571 27318 693053bc 24 API calls CallUnexpected 27279->27318 27280->27279 27282 6930a5b7 27280->27282 27288 6930a538 27280->27288 27289 69304bd8 EnterCriticalSection 27282->27289 27284 6930a5bd 27285 6930a5db 27284->27285 27290 6930a308 27284->27290 27319 6930a62d LeaveCriticalSection 27285->27319 27288->27159 27289->27284 27291 6930a330 27290->27291 27315 6930a353 27290->27315 27292 6930a334 27291->27292 27294 6930a38f 27291->27294 27334 693053bc 24 API calls CallUnexpected 27292->27334 27295 6930a3ad 27294->27295 27335 693058a2 28 API calls 27294->27335 27320 6930a635 27295->27320 27299 6930a3c5 27301 6930a3f4 27299->27301 27302 6930a3cd 27299->27302 27300 6930a40c 27303 6930a420 27300->27303 27304 6930a475 WriteFile 27300->27304 27337 6930a6b2 49 API calls 2 library calls 27301->27337 27302->27315 27336 6930aa79 6 API calls 27302->27336 27307 6930a461 27303->27307 27308 6930a428 27303->27308 27306 6930a497 GetLastError 27304->27306 27317 6930a407 27304->27317 27306->27317 27327 6930aae1 27307->27327 27309 6930a44d 27308->27309 27310 6930a42d 27308->27310 27339 6930aca5 8 API calls _ValidateLocalCookies 27309->27339 27313 6930a436 27310->27313 27310->27315 27338 6930abbc 7 API calls _ValidateLocalCookies 27313->27338 27315->27285 27317->27315 27318->27288 27319->27288 27340 693189c2 27320->27340 27322 6930a3bf 27322->27299 27322->27300 27323 6930a675 27323->27322 27326 6930a68f GetConsoleMode 27323->27326 27324 6930a647 27324->27322 27324->27323 27349 692f6fa0 45 API calls 27324->27349 27326->27322 27332 6930aaf0 27327->27332 27328 6930aba1 27329 692f1fe3 _ValidateLocalCookies 5 API calls 27328->27329 27330 6930abba 27329->27330 27330->27315 27331 6930ab60 WriteFile 27331->27332 27333 6930aba3 GetLastError 27331->27333 27332->27328 27332->27331 27333->27328 27334->27315 27335->27295 27336->27315 27337->27317 27338->27315 27339->27317 27341 693189dc 27340->27341 27342 693189cf 27340->27342 27345 693189e8 27341->27345 27346 693039e5 __dosmaperr 11 API calls 27341->27346 27343 693039e5 __dosmaperr 11 API calls 27342->27343 27344 693189d4 27343->27344 27344->27324 27345->27324 27347 69318a09 27346->27347 27350 69305200 24 API calls CallUnexpected 27347->27350 27349->27323 27350->27344 27351->27184 27352->27176 27358 6927ebb3 CatchIt 27353->27358 27355 6927ec2e 27355->27164 27357 692f1939 3 API calls 27357->27358 27358->27355 27358->27357 27364 693244c0 106 API calls _ValidateLocalCookies 27358->27364 27365 693244a0 106 API calls _ValidateLocalCookies 27358->27365 27359->27177 27360->27183 27361->27190 27362->27195 27364->27358 27365->27358 27389 69315c40 46 API calls 3 library calls 27390 69301443 26 API calls 2 library calls 27391 692506d0 47 API calls ___from_strstr_to_strchr 26979 6927e390 26980 6927e3a6 26979->26980 26981 6927e3d1 26979->26981 26980->26981 26983 692f1939 3 API calls 26980->26983 26984 6927e3ef CatchIt 26981->26984 26989 693244a0 106 API calls _ValidateLocalCookies 26981->26989 26983->26981 26986 692f1939 3 API calls 26987 6927e44f 26986->26987 26987->26986 26988 6927e473 CatchIt 26987->26988 26990 693244a0 106 API calls _ValidateLocalCookies 26987->26990 26989->26987 26990->26987

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 69264D90 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,6925FF47,?,00000008), ref: 69264DA4
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ProcessPrng,?,?,6925FF47,?,00000008), ref: 69264DB4
                                                                                                                                                                                                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,?,7FFFFFFF,00000000), ref: 69264E13
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressCreateLibraryLoadProcSemaphore
                                                                                                                                                                                                                                                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\synchronization\semaphore_win.cc$CreateSemaphore$ProcessPrng$Semaphore$`%/i$bcryptprimitives.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4071630139-86758303
                                                                                                                                                                                                                                                                                    • Opcode ID: 4c1f01666c549d6d706e1c2580b81453ccee786f1cc7fbb78d7ae94ffaa4e5ec
                                                                                                                                                                                                                                                                                    • Instruction ID: 4d00e84d3e36aaa1d0f019dc0482b5ddc243d1d90aa6ede7be2be6936d665a3e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c1f01666c549d6d706e1c2580b81453ccee786f1cc7fbb78d7ae94ffaa4e5ec
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC210575B0024DABDB08BFA59C28D7F376DEB8A2557800429F9469B640EF30E801C7E0
                                                                                                                                                                                                                                                                                    Function 69215EB0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 410COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 110 69215eb0-69215eda 111 69215ee0-69215ef0 110->111 112 69216437-69216438 110->112 114 69215ef2-69215ef5 111->114 115 69215ef8-69215f2b 111->115 113 6921643a-6921643e 112->113 116 69216444-6921644a ReleaseSRWLockExclusive 113->116 114->115 117 69215f43-69215f4c 115->117 118 69215f2d-69215f41 115->118 123 69216451 116->123 119 69215f52-69215f68 117->119 120 6921609a-692160b2 TryAcquireSRWLockExclusive 117->120 118->117 121 69215f6a call 692f2184 119->121 122 69215f6f-69215f87 119->122 124 692160b4-692160b6 call 692246d0 120->124 125 692160bb-692160c5 120->125 121->122 127 69216064-69216070 call 692236a0 122->127 128 69215f8d-69215f90 122->128 124->125 130 69216346-69216364 call 6923b3b0 125->130 131 692160cb-692160d8 125->131 134 69215f96-69215fac 127->134 147 69216076 127->147 128->120 128->134 142 69216369-6921636f 130->142 132 69216093-69216095 131->132 133 692160da-692160eb 131->133 143 6921611c-69216165 ReleaseSRWLockExclusive 132->143 137 692160f1-692160fd 133->137 138 69216384-692163d7 call 69215ad0 call 690ec650 call 69215ad0 call 690ec650 call 6923ada0 133->138 139 69216192-6921619e 134->139 140 69215fb2-69215fb8 134->140 137->138 144 69216103-6921610f 137->144 170 692163dc-69216432 call 69215ad0 call 690ec650 call 69215ad0 call 690ec650 call 6923ada0 138->170 149 692161a2-692161bb TryAcquireSRWLockExclusive 139->149 145 6921616c-6921618a call 69223f90 140->145 146 69215fbe-69215fc2 140->146 142->113 148 69216375-6921637b 142->148 143->145 144->138 151 69216115-69216118 144->151 153 69215fc6-69215fda call 69223ab0 145->153 167 69216190 145->167 146->153 147->120 148->138 154 692161c4-692161d6 149->154 155 692161bd-692161bf call 692246d0 149->155 151->143 174 69216060-69216062 153->174 175 69215fe0-69215fee 153->175 160 692162f6-6921631c call 6923b3b0 154->160 161 692161dc-692161f5 154->161 155->154 178 69216440 160->178 179 69216322-6921632c 160->179 163 69216297-6921629d 161->163 164 692161fb-6921620d 161->164 173 6921623a-69216253 163->173 169 69216213-6921621f 164->169 164->170 167->149 169->170 176 69216225-69216231 169->176 170->112 180 69216257-6921628e ReleaseSRWLockExclusive 173->180 181 69216009-69216033 174->181 183 69215ff4-69215ffc 175->183 184 6921629f-692162f1 call 69215ad0 call 690ec650 call 69215ad0 call 690ec650 call 6923ada0 175->184 176->170 185 69216237 176->185 178->116 179->123 187 69216332-69216341 179->187 180->163 191 69216035-6921603b 181->191 192 69216049-6921605d call 692f1fe3 181->192 183->184 190 69216002-69216005 183->190 184->160 185->173 187->180 190->181 197 69216078-69216091 191->197 198 6921603d-69216040 191->198 199 69216043 197->199 198->199 199->192
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 692160AA
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000040), ref: 6921615F
                                                                                                                                                                                                                                                                                      • Part of subcall function 69223F90: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 69223FD7
                                                                                                                                                                                                                                                                                      • Part of subcall function 69223F90: ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 6922410B
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 692161B3
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,?,00000000), ref: 69216288
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 69216444
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID: 0TDi$first$second
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-1055877122
                                                                                                                                                                                                                                                                                    • Opcode ID: 9e559e265dc731d042f5a5f3db61d3ee9b0d20041f4cbfd44b435926ad08944f
                                                                                                                                                                                                                                                                                    • Instruction ID: 287845a47ed240824e37832f754e15e35db32c40e4874dfeeda7c9685a5057ec
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e559e265dc731d042f5a5f3db61d3ee9b0d20041f4cbfd44b435926ad08944f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93F1FF75A083559FDB08CF28C880B6AB7E2FFC8718F14C66CEA595B291D731E855CB81
                                                                                                                                                                                                                                                                                    Function 6923ADE0 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 215 6923ade0-6923adf0 216 6923adf2-6923adf8 215->216 217 6923ae65-6923ae6b 215->217 218 6923ae46-6923ae4c 216->218 219 6923adfa-6923ae08 216->219 220 6923ae83-6923b0f6 217->220 221 6923ae6d-6923ae73 217->221 223 6923ae4f-6923ae5f 218->223 222 6923ae0a-6923ae1a 219->222 219->223 226 6923b0f9-6923b102 220->226 224 6923ae79-6923ae7e 221->224 225 6923b1cf-6923b243 call 69314540 call 69224740 call 6923ade0 221->225 222->223 228 6923ae1c-6923ae2f 222->228 223->217 223->226 224->226 238 6923b283-6923b288 225->238 239 6923b245-6923b256 225->239 228->223 229 6923ae31-6923ae3f 228->229 229->223 231 6923ae41-6923b1ca 229->231 231->223 240 6923b2a7-6923b2aa 238->240 241 6923b28a-6923b2a2 238->241 242 6923b278 239->242 243 6923b258-6923b26e 239->243 245 6923b27a-6923b280 241->245 246 6923b2a4-6923b2a5 241->246 242->245 243->242 244 6923b270-6923b276 243->244 244->245 246->240
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: F0"i$first$second$slotsize$spansize
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-613823819
                                                                                                                                                                                                                                                                                    • Opcode ID: d89384a7464b58038fc4d68ba07be9257f298db085332084e2eeb575b198ae08
                                                                                                                                                                                                                                                                                    • Instruction ID: f87600679d5f2163a588b71ec7cbdf257f6999266be458907afd320f234cd9a2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d89384a7464b58038fc4d68ba07be9257f298db085332084e2eeb575b198ae08
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08C107B1B00A144FEB0BDA3E890535AB3E7AFE9780F14C737E81AE3245DB349C554A45
                                                                                                                                                                                                                                                                                    Function 69222E10 Relevance: 4.8, APIs: 3, Instructions: 258COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32 ref: 69222E2F
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32 ref: 69222E48
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?), ref: 692230C5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6cc30e37aa55e87db1de0fc5aa6359408b901dd3b7d7e6c77072811773a2a2c3
                                                                                                                                                                                                                                                                                    • Instruction ID: 281d65c345ebfd5a934484ff88fee9aefff61a492093d0e8de700585b6410a14
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cc30e37aa55e87db1de0fc5aa6359408b901dd3b7d7e6c77072811773a2a2c3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EB104B1818BC99AD701DF34C5453DAFBE0BF96308F14871DE8994A282EB75A2D9C7C1
                                                                                                                                                                                                                                                                                    Function 69215B50 Relevance: 3.3, APIs: 2, Instructions: 292COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4168288129-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1ecba2babf1a2c2d4726cf3cbeeda6183df35b8270fe935fb711714bd2e84678
                                                                                                                                                                                                                                                                                    • Instruction ID: 2e888590e12de0b737456bc9ed11a22b9ce33608097dc6244336c35d63a019fe
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ecba2babf1a2c2d4726cf3cbeeda6183df35b8270fe935fb711714bd2e84678
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65A1FA31B2861E8FC715CE69C980A5EF3F2BF95350728C7A9D516EB244D731E8A1CB81
                                                                                                                                                                                                                                                                                    Function 6923C950 Relevance: 37.7, APIs: 30, Instructions: 178sleepmemoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,00002000,00000000,00000000,00000000,?,6923CECE,00000000,00000000,00002000,00000001,?), ref: 6923C977
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923C991
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923C9AF
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923C9BB
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923C9CD
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923C9E7
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923C9F3
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923C9FD
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923CA17
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923CA23
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923CA2D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923CA4B
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923CA57
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923CA65
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923CA83
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923CA8F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923CA9D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923CABB
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923CAC7
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923CAD5
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923CAF3
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923CAFF
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923CB0D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923CB2B
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923CB37
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923CB45
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923CB63
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69), ref: 6923CB6F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000,?,?,?), ref: 6923CB7D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6923CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6923CCA8,6923CE69,00000000), ref: 6923CB9B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocErrorLastSleepVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2288223010-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 44da4029b5592b044c837b2a237c0fd2acdba5c45eedaf260bc0c4cd1e6e57d9
                                                                                                                                                                                                                                                                                    • Instruction ID: 7cff880edd300343b28a522442a0265c52ee0b120294b1acb0cb130719cd2cb9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44da4029b5592b044c837b2a237c0fd2acdba5c45eedaf260bc0c4cd1e6e57d9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76516F766045AEEFDF02AAA0C95EB7F3B2EFB47B56F558018FA0585050CB70C541CB62
                                                                                                                                                                                                                                                                                    Function 691DC4C0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 133threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 691DC4F6
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 691DC4FA
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 691DC502
                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000002), ref: 691DC511
                                                                                                                                                                                                                                                                                      • Part of subcall function 692156D0: TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,?,691DC52D,00000000), ref: 692156F0
                                                                                                                                                                                                                                                                                      • Part of subcall function 692156D0: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,691DC52D,00000000), ref: 69215719
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 691DC53F
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 691DC556
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32(00000000), ref: 691DC563
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32(00000000,00000000), ref: 691DC5C8
                                                                                                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 691DC5CF
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 691DC61F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Current$Thread$ErrorExclusiveLastLockProcess$AcquireDuplicateHandlePriorityRelease
                                                                                                                                                                                                                                                                                    • String ID: `%/i
                                                                                                                                                                                                                                                                                    • API String ID: 25613288-43404677
                                                                                                                                                                                                                                                                                    • Opcode ID: 9e4b6ec0a221e703b50c29fd63222fc2dc20c54930f322539877dcf480669fbe
                                                                                                                                                                                                                                                                                    • Instruction ID: 329495ff044e2583c39216c382da367d46a0c7d790d04627630f5cee8f8b1d96
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e4b6ec0a221e703b50c29fd63222fc2dc20c54930f322539877dcf480669fbe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7441D879F042099BCF01EBB4C84896F77A9AF46368B615928E516D7340EF30DD168BE1
                                                                                                                                                                                                                                                                                    Function 69353540 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 186fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 247 69353540-6935355f 248 69353561-69353577 call 692f1fe3 247->248 249 69353578-69353580 247->249 251 69353586-693535d4 call 692f1939 call 692f5a20 GetModuleFileNameW call 69277e10 249->251 252 69353618-6935361f 249->252 268 693535d6-693535d9 251->268 269 693535db-693535dd 251->269 252->248 255 69353625-69353629 252->255 257 6935362d-6935365e CreateFileW 255->257 258 6935362b 255->258 257->248 260 69353664-6935369f call 692f5a20 GetCurrentDirectoryW 257->260 258->257 266 693536a5-693536bd call 691d5040 260->266 267 69353741-69353743 260->267 274 693536c3-693536c5 266->274 275 69353748-6935374d 266->275 267->248 268->269 271 69353604-69353612 call 6927eb90 269->271 272 693535df 269->272 271->252 277 693535e1-693535e3 272->277 278 69353756-693537a9 call 69353dd0 call 69325100 * 2 call 69353a60 274->278 279 693536cb 274->279 275->278 281 6935374f-69353751 275->281 277->271 282 693535e5-693535f0 277->282 285 693536cd-693536d3 279->285 281->285 282->277 284 693535f2-693535f5 282->284 284->271 287 693535f7-693535ff call 69278fe0 284->287 288 693536d5-693536e1 call 6927eb90 285->288 289 693536e7-693536fc call 6927eb90 285->289 287->271 288->289 298 69353700-69353731 CreateFileW 289->298 299 693536fe 289->299 298->248 301 69353737 298->301 299->298 301->267
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 693535B3
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6935364F
                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 6935368F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$CreateCurrentDirectoryModuleName
                                                                                                                                                                                                                                                                                    • String ID: Check failed: false. $debug.log
                                                                                                                                                                                                                                                                                    • API String ID: 3818821825-883309970
                                                                                                                                                                                                                                                                                    • Opcode ID: c1b430294eea6fee94dd8122beff1f51a95afa929606cb7d03ab90138c2bd242
                                                                                                                                                                                                                                                                                    • Instruction ID: 1b4c8e47a013fe3d40777c811cbe9f959d6014431d20fc8d93ef1c4992cfc4af
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1b430294eea6fee94dd8122beff1f51a95afa929606cb7d03ab90138c2bd242
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67513BB0A44344DBDB20EF24C845F7ABBF8BF86708F00891CE5969B291EB719559CBD1
                                                                                                                                                                                                                                                                                    Function 691DC370 Relevance: 10.6, APIs: 7, Instructions: 100threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 304 691dc370-691dc394 305 691dc45e-691dc465 304->305 306 691dc39a-691dc3a9 GetCurrentThread 304->306 305->306 307 691dc46b 305->307 308 691dc3bb-691dc3be 306->308 309 691dc3ab-691dc3ad 306->309 310 691dc3fc-691dc42a GetCurrentThread SetThreadInformation call 692f1fe3 307->310 312 691dc46d-691dc472 308->312 313 691dc3c4 308->313 309->308 311 691dc3af-691dc3b5 SetThreadPriority 309->311 323 691dc42f-691dc436 310->323 311->308 315 691dc3ce-691dc3e1 SetThreadPriority 312->315 316 691dc43b-691dc44f 313->316 317 691dc3cb-691dc3cd 313->317 318 691dc454-691dc459 313->318 319 691dc477-691dc47a 313->319 320 691dc437-691dc439 313->320 321 691dc3eb-691dc3f2 315->321 322 691dc3e3-691dc3e5 315->322 316->315 317->315 318->315 319->315 320->315 321->310 325 691dc3f4-691dc3f6 321->325 322->321 324 691dc49a-691dc4af SetThreadInformation 322->324 324->321 325->310 326 691dc47f-691dc486 call 6934a100 325->326 326->310 329 691dc48c-691dc495 SetThreadPriority 326->329 329->310
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32(?,691DC600,?,?), ref: 691DC39A
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00020000,?,691DC600,?,?), ref: 691DC3B5
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,7FFFFFFF,?,691DC600,?,?), ref: 691DC3D0
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32(?,691DC600,?,?), ref: 691DC413
                                                                                                                                                                                                                                                                                    • SetThreadInformation.KERNEL32(00000000,00000003,?,0000000C,?,691DC600,?,?), ref: 691DC41F
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,000000FE,?,691DC600,?,?), ref: 691DC48F
                                                                                                                                                                                                                                                                                    • SetThreadInformation.KERNEL32(00000000,00000000,?,00000004,?,691DC600,?,?), ref: 691DC4A9
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$Priority$CurrentInformation
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3180331770-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 87d947f2617dcc1d4785962f0be0af25ae889bc44dfc35b033cc710bb74f0fbd
                                                                                                                                                                                                                                                                                    • Instruction ID: ef815046d988060e923633e72505105ff37f5af904816f51c1721ea75d267e2c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87d947f2617dcc1d4785962f0be0af25ae889bc44dfc35b033cc710bb74f0fbd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F313871B48244ABDF116FA48945BBA37B8EF0B35CF204919FAA197280CB7094058790
                                                                                                                                                                                                                                                                                    Function 6923CBB0 Relevance: 10.2, APIs: 8, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 330 6923cbb0-6923cbc5 VirtualFree 331 6923cbd3-6923cbea 330->331 332 6923cbc7-6923cbd2 330->332 333 6923cc60-6923cc61 331->333 334 6923cbec-6923cbf2 331->334 355 6923cc63-6923cc64 333->355 335 6923cc23-6923cc32 VirtualFree 334->335 336 6923cea3-6923cead 334->336 337 6923cc00-6923cc05 334->337 338 6923cd80-6923cd85 334->338 339 6923cf80-6923cf8a 334->339 340 6923cc07 334->340 341 6923cec5-6923cec9 call 6923c950 334->341 342 6923cd8a-6923cd9a call 6923c950 334->342 343 6923ceaf-6923ceb9 334->343 344 6923cd6e-6923cd78 334->344 345 6923cc0c-6923cc14 call 6923c950 334->345 346 6923cf8c-6923cf91 334->346 347 6923ce30-6923ce3a 334->347 348 6923ce97-6923cea1 334->348 349 6923ce16-6923ce20 334->349 350 6923cf96-6923cfa6 call 6923c950 334->350 351 6923cf74-6923cf7e 334->351 352 6923cebb-6923cec0 334->352 353 6923cbf9-6923cbfe 334->353 354 6923cfbd-6923cfc7 334->354 359 6923cc20-6923cc22 335->359 360 6923cc34-6923cc3c GetLastError 335->360 336->341 337->345 338->342 339->350 340->345 366 6923cece-6923ced3 341->366 370 6923cd62-6923cd6c 342->370 371 6923cd9c-6923cdbc GetLastError call 6923ce70 342->371 343->341 344->342 364 6923cc19-6923cc1e 345->364 346->350 347->342 348->341 349->342 376 6923ced7 350->376 377 6923cfac-6923cfb8 GetLastError 350->377 351->350 352->341 353->345 354->350 363 6923d038-6923d03d 354->363 362 6923cc66-6923cc69 355->362 360->359 367 6923cc3e 360->367 362->344 368 6923d05a-6923d062 call 6923c950 363->368 364->359 373 6923cc40-6923cc4b GetLastError 364->373 374 6923cee5-6923cef5 GetLastError 366->374 375 6923ced5 366->375 367->362 384 6923d067 368->384 370->344 378 6923cd5a-6923cd61 370->378 396 6923cd58 371->396 397 6923cdbe-6923cdde 371->397 380 6923cc5a-6923cc5b call 69215560 373->380 381 6923cc4d-6923cc52 373->381 382 6923cede-6923cee4 374->382 383 6923cef7-6923cf04 TryAcquireSRWLockExclusive 374->383 375->376 376->382 377->382 380->333 381->380 389 6923cc54-6923cc56 381->389 386 6923cf10-6923cf17 383->386 387 6923cf06-6923cf0b call 692246d0 383->387 388 6923d06a-6923d070 384->388 394 6923cf50-6923cf61 ReleaseSRWLockExclusive 386->394 395 6923cf19-6923cf2f VirtualFree 386->395 387->386 389->359 392 6923cc58 389->392 392->355 400 6923cf63-6923cf6d 394->400 401 6923cfcc-6923cfcd 394->401 398 6923cf35-6923cf46 395->398 399 6923cfcf-6923cfd2 395->399 396->378 397->378 405 6923cde4-6923cdf4 VirtualFree 397->405 398->394 399->363 400->339 400->346 400->350 400->351 400->354 400->363 400->368 402 6923d055 400->402 403 6923d03f-6923d04c VirtualFree 400->403 404 6923d04e-6923d053 400->404 401->399 402->368 403->388 404->368 406 6923cdf6-6923ce03 405->406 407 6923ce3f-6923ce40 405->407 408 6923ce42-6923ce64 call 6923cc70 406->408 409 6923ce05-6923ce0f 406->409 407->408 414 6923ce69-6923ce6d 408->414 409->336 409->338 409->339 409->341 409->342 409->343 409->344 409->346 409->347 409->348 409->349 409->350 409->351 409->352 409->354 409->363 409->368 409->402 409->403 409->404 414->348
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,6923AA7E,00000000,?,?,6923C16E,00000002,00000000,?,?,?,?,00000000), ref: 6923CBBD
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3ebb0d53ccb8623d386a10e8c7f6109eb19721b7c23c9ccb229c180aabc303b2
                                                                                                                                                                                                                                                                                    • Instruction ID: e8486bc21fefb9cdb0abb0a3aa2b7908bfc8e713b9a31bf32d6ea16324af9a69
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ebb0d53ccb8623d386a10e8c7f6109eb19721b7c23c9ccb229c180aabc303b2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED51B6B074513D9BFF09A978DD25B2B375AEB42B42F808425FF09DB2C0EA39DD014695
                                                                                                                                                                                                                                                                                    Function 691F0D50 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 415fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 415 691f0d50-691f0d7d call 692b0890 418 691f10e4-691f10ed 415->418 419 691f0d83-691f0d8b 415->419 422 691f0dae-691f0db4 418->422 423 691f10f3-691f10f9 418->423 420 691f0d8d-691f0d90 419->420 421 691f0d92-691f0d97 419->421 420->421 424 691f0d9d-691f0da3 421->424 425 691f11c2 421->425 426 691f0dd4-691f0dd9 422->426 432 691f1101-691f110a 423->432 430 691f0da9-691f0dac 424->430 431 691f10a2-691f10a5 call 693244a0 424->431 429 691f11c4-691f11cb call 69353540 425->429 427 691f0ddb-691f0ddd 426->427 428 691f0de3-691f0de5 426->428 427->425 427->428 434 691f0de7-691f0def call 692f54a0 428->434 435 691f0df2-691f0e01 428->435 453 691f1035-691f1039 429->453 454 691f11d1-691f11fc WriteFile 429->454 430->422 437 691f0db6-691f0dd1 call 692f1939 430->437 441 691f10aa-691f10ad call 693244a0 431->441 438 691f0f13-691f0f19 432->438 439 691f1110-691f1116 432->439 434->435 445 691f0e06-691f0e09 435->445 446 691f0e03 435->446 437->426 442 691f0ec9-691f0ece 438->442 448 691f111e-691f112c call 693538c0 439->448 459 691f10b2-691f10b5 call 693244d0 441->459 450 691f0ed8-691f0eda 442->450 451 691f0ed0-691f0ed2 442->451 455 691f0e0b-691f0e13 call 692f1969 445->455 456 691f0e16-691f0e2e call 69279890 call 6927d390 445->456 446->445 457 691f103f-691f1043 448->457 460 691f0edc-691f0ee4 call 692f54a0 450->460 461 691f0ee7-691f0efb 450->461 451->425 451->450 453->448 453->457 454->453 455->456 479 691f0e33-691f0e7a call 69279a20 call 690ed780 call 690ec660 456->479 465 691f1045-691f104d call 692f1969 457->465 466 691f1050-691f1069 call 692b08c0 call 692f1fe3 457->466 476 691f10ba-691f10bd call 693244a0 459->476 460->461 470 691f0efd 461->470 471 691f0f00-691f0f04 461->471 465->466 470->471 471->459 478 691f0f0a-691f0f0c 471->478 487 691f10c2-691f10c6 476->487 483 691f0f0e-691f0f11 478->483 484 691f0f47 478->484 479->432 538 691f0e80-691f0e88 479->538 485 691f0f4a-691f0f50 483->485 484->485 485->476 489 691f0f56-691f0f5b 485->489 491 691f10cd 487->491 492 691f10c8-691f10cb 487->492 493 691f0f5d-691f0f60 489->493 494 691f0f1b-691f0f45 call 692f1939 489->494 495 691f10d0-691f10df OutputDebugStringA 491->495 492->495 498 691f0f63-691f0f68 493->498 494->498 499 691f1019-691f101b 495->499 502 691f0f6a-691f0f6c 498->502 503 691f0f72-691f0f74 498->503 504 691f101d-691f1022 499->504 505 691f106a-691f107c 499->505 502->425 502->503 509 691f0f76-691f0f7e call 692f54a0 503->509 510 691f0f81-691f0faa 503->510 508 691f102a-691f102f 504->508 511 691f1024-691f1028 504->511 507 691f107e 505->507 505->508 513 691f1080-691f108b call 6930a2d1 507->513 508->429 508->453 509->510 515 691f1201-691f122c call 69353e20 510->515 516 691f0fb0-691f0fb4 510->516 511->505 511->508 528 691f1090-691f1095 513->528 535 691f1234-691f1238 515->535 517 691f0fb6-691f0fbe call 692f1969 516->517 518 691f0fc1-691f0fc5 516->518 517->518 524 691f0fcb-691f0fd3 518->524 525 691f1131-691f1139 518->525 530 691f100c-691f1013 524->530 531 691f0fd5-691f100a 524->531 525->524 532 691f113f-691f1161 525->532 534 691f109b-691f10a0 528->534 528->535 530->487 530->499 531->453 531->530 536 691f1167-691f117b call 69353810 532->536 537 691f1243-691f1257 call 692f19a1 532->537 534->508 535->513 539 691f123e 535->539 551 691f117d-691f1180 536->551 552 691f1183-691f1185 536->552 537->536 549 691f125d-691f1281 call 69213ae0 call 692f1a1b 537->549 543 691f0e8f-691f0e94 538->543 544 691f0e8a-691f0e8d 538->544 539->537 543->425 545 691f0e9a-691f0ea0 543->545 544->543 545->441 548 691f0ea6-691f0ea9 545->548 548->438 553 691f0eab-691f0ec6 call 692f1939 548->553 549->536 551->552 552->425 555 691f1187-691f1191 552->555 553->442 555->425 558 691f1193-691f11a7 call 69213b00 555->558 564 691f11a9-691f11b1 call 692f1969 558->564 565 691f11b4-691f11bd 558->565 564->565 565->524
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 692B0890: GetLastError.KERNEL32(00000000,?,691F08F8,?,?,?,0000000C,?,00000000,?,?,693566B5,?,?,?,?), ref: 692B08AA
                                                                                                                                                                                                                                                                                      • Part of subcall function 692B0890: SetLastError.KERNEL32(00000000,?,691F08F8,?,?,?,0000000C,?,00000000,?,?,693566B5,?,?,?,?), ref: 692B08B5
                                                                                                                                                                                                                                                                                    • OutputDebugStringA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,692B2A93), ref: 691F10D1
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,FFFFFFFF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 691F11F6
                                                                                                                                                                                                                                                                                      • Part of subcall function 692F19A1: AcquireSRWLockExclusive.KERNEL32(69465FE4,?,?,?,6927D29B,6946ACA4), ref: 692F19AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 692F19A1: ReleaseSRWLockExclusive.KERNEL32(69465FE4,?,6927D29B,6946ACA4), ref: 692F19E6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorExclusiveLastLock$AcquireDebugFileOutputReleaseStringWrite
                                                                                                                                                                                                                                                                                    • String ID: LOG_FATAL$W$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 11340718-55338372
                                                                                                                                                                                                                                                                                    • Opcode ID: 7a8688136dbbf1e9de43cdd6010287b68fdda7991f3fcd93ee4ec2c21d3429a0
                                                                                                                                                                                                                                                                                    • Instruction ID: 45e5327be9235e93f442e0b6d97247c7c59808db1b92b6276ada8ef6ad2efd0f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a8688136dbbf1e9de43cdd6010287b68fdda7991f3fcd93ee4ec2c21d3429a0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33F1D2B5E0825CCFDF10CFA4C990AAEBBF5BF45318F248029D856A7241E771A907CB91
                                                                                                                                                                                                                                                                                    Function 6923CE70 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 568 6923ce70-6923ce7e 569 6923ce84-6923ce90 568->569 570 6923cfc9-6923cfca 568->570 572 6923cea3-6923cead 569->572 573 6923cf80-6923cf8a 569->573 574 6923cec5-6923cec9 call 6923c950 569->574 575 6923ceaf-6923ceb9 569->575 576 6923d04e-6923d053 569->576 577 6923cf8c-6923cf91 569->577 578 6923ce97-6923cea1 569->578 579 6923cf96-6923cfa6 call 6923c950 569->579 580 6923d055 569->580 581 6923cf74-6923cf7e 569->581 582 6923cebb-6923cec0 569->582 583 6923d05a-6923d062 call 6923c950 569->583 584 6923d038-6923d03d 569->584 585 6923d03f-6923d04c VirtualFree 569->585 586 6923cfbd-6923cfc7 569->586 571 6923cfcc-6923cfcd 570->571 590 6923cfcf-6923cfd2 571->590 572->574 573->579 592 6923cece-6923ced3 574->592 575->574 576->583 577->579 578->574 597 6923ced7 579->597 598 6923cfac-6923cfb8 GetLastError 579->598 580->583 581->579 582->574 594 6923d067 583->594 584->583 587 6923d06a-6923d070 585->587 586->579 586->584 590->584 595 6923cee5-6923cef5 GetLastError 592->595 596 6923ced5 592->596 594->587 599 6923cede-6923cee4 595->599 600 6923cef7-6923cf04 TryAcquireSRWLockExclusive 595->600 596->597 597->599 598->599 601 6923cf10-6923cf17 600->601 602 6923cf06-6923cf0b call 692246d0 600->602 604 6923cf50-6923cf61 ReleaseSRWLockExclusive 601->604 605 6923cf19-6923cf2f VirtualFree 601->605 602->601 604->571 607 6923cf63-6923cf6d 604->607 605->590 606 6923cf35-6923cf46 605->606 606->604 607->573 607->576 607->577 607->579 607->580 607->581 607->583 607->584 607->585 607->586
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,6923B834,?,?), ref: 6923CEE5
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6947C2D8,?,?,?,?,?,?,00000000,?,6923B834,?,?), ref: 6923CEFC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,?,?,00000000,?,6923B834,?,?), ref: 6923CF27
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6947C2D8,?,?,?,?,?,?,00000000,?,6923B834,?,?), ref: 6923CF55
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6923CFAC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00003000,00000040,00004000), ref: 6923D046
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorExclusiveFreeLastLockVirtual$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1130761037-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f657f3c337800a626d21043ca65d98243a7d3b3dca8e5dc58dedd92a41a870b8
                                                                                                                                                                                                                                                                                    • Instruction ID: d3d73f4f29f12776ea710f56b7afcd38204ac89d4301cb47c5f80d7efb7324a6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f657f3c337800a626d21043ca65d98243a7d3b3dca8e5dc58dedd92a41a870b8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B731EAB17452799BFF19AA98D928B2B371AE782B46F40802AFB049B3C0DA75CC014794
                                                                                                                                                                                                                                                                                    Function 6923CC70 Relevance: 7.7, APIs: 6, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 608 6923cc70-6923cc86 609 6923cc9b-6923ccad call 6923ce70 608->609 610 6923cc88-6923cc8a call 692593a0 608->610 615 6923ccb3-6923ccba 609->615 616 6923cd4f-6923cd56 609->616 614 6923cc8f-6923cc98 610->614 614->609 619 6923ccc0-6923ccd4 VirtualFree 615->619 620 6923cd5a-6923cd61 615->620 617 6923cce6-6923cd02 call 6923ce70 616->617 618 6923cd58 616->618 627 6923cd43-6923cd4b 617->627 628 6923cd04-6923cd0a 617->628 618->620 621 6923ce45-6923ce46 619->621 622 6923ccda-6923cce4 619->622 624 6923ce48-6923ce64 call 6923cc70 621->624 622->617 633 6923ce69-6923ce6d 624->633 631 6923cd2f-6923cd3c 627->631 632 6923cd4d 627->632 628->620 630 6923cd0c-6923cd1c VirtualFree 628->630 630->621 634 6923cd22-6923cd28 630->634 635 6923cdab-6923cdbc call 6923ce70 631->635 636 6923cd3e 631->636 632->618 638 6923ce97-6923cea1 633->638 634->631 635->618 642 6923cdbe-6923cdde 635->642 636->624 640 6923cec5-6923cec9 call 6923c950 638->640 643 6923cece-6923ced3 640->643 642->620 644 6923cde4-6923cdf4 VirtualFree 642->644 645 6923cee5-6923cef5 GetLastError 643->645 646 6923ced5 643->646 647 6923cdf6-6923ce03 644->647 648 6923ce3f-6923ce40 644->648 651 6923cef7-6923cf04 TryAcquireSRWLockExclusive 645->651 652 6923cede-6923cee4 645->652 650 6923ced7 646->650 649 6923ce42-6923ce43 647->649 653 6923ce05-6923ce0f 647->653 648->649 649->621 650->652 654 6923cf10-6923cf17 651->654 655 6923cf06-6923cf0b call 692246d0 651->655 653->638 653->640 656 6923cea3-6923cead 653->656 657 6923cd80-6923cd85 653->657 658 6923cf80-6923cf8a 653->658 659 6923cd8a-6923cd9a call 6923c950 653->659 660 6923ceaf-6923ceb9 653->660 661 6923cd6e-6923cd78 653->661 662 6923d04e-6923d053 653->662 663 6923cf8c-6923cf91 653->663 664 6923ce30-6923ce3a 653->664 665 6923ce16-6923ce20 653->665 666 6923cf96-6923cfa6 call 6923c950 653->666 667 6923d055 653->667 668 6923cf74-6923cf7e 653->668 669 6923cebb-6923cec0 653->669 670 6923d05a-6923d062 call 6923c950 653->670 671 6923d038-6923d03d 653->671 672 6923d03f-6923d04c VirtualFree 653->672 673 6923cfbd-6923cfc7 653->673 677 6923cf50-6923cf61 ReleaseSRWLockExclusive 654->677 678 6923cf19-6923cf2f VirtualFree 654->678 655->654 656->640 657->659 658->666 688 6923cd62-6923cd6c 659->688 689 6923cd9c-6923cda8 GetLastError 659->689 660->640 661->659 662->670 663->666 664->659 665->659 666->650 690 6923cfac-6923cfb8 GetLastError 666->690 667->670 668->666 669->640 687 6923d067 670->687 671->670 676 6923d06a-6923d070 672->676 673->666 673->671 685 6923cf63-6923cf6d 677->685 686 6923cfcc-6923cfcd 677->686 683 6923cf35-6923cf46 678->683 684 6923cfcf-6923cfd2 678->684 683->677 684->671 685->658 685->662 685->663 685->666 685->667 685->668 685->670 685->671 685->672 685->673 686->684 687->676 688->620 688->661 689->635 690->652
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,00000000,?,6923B834,?,?), ref: 6923CCCC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,00000000,?,6923B834,?,?), ref: 6923CD14
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6923B834), ref: 6923CD9C
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,00000000,?,6923B834,?), ref: 6923CDEC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4230811426-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2c3a1de236447b4b730acb5dc1a4c9131749ef30308a657fb86103893fa55a24
                                                                                                                                                                                                                                                                                    • Instruction ID: 29cb6c12c7d189c4abf41d6f5562445ec220f305df34d02cd329896c7cdbc5dc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c3a1de236447b4b730acb5dc1a4c9131749ef30308a657fb86103893fa55a24
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E371F5B174023E9BEF08DE68DD65B6B375AEB85B45F448039FE198B280EA75DC018790
                                                                                                                                                                                                                                                                                    Function 692A69A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 691 692a69a0-692a69a7 692 692a69a9-692a69ae 691->692 693 692a69af-692a69c8 GetModuleHandleW GetProcAddress 691->693 694 692a69ca-692a69d1 693->694 695 692a69ef-692a69f2 693->695 697 692a69e9-692a69ed 694->697 698 692a69d3-692a69db 694->698 696 692a69dd 695->696 699 692a69de call 69215380 696->699 697->699 698->696 702 692a69e3-692a69e7 699->702 702->692
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,692801AE,?,00000000,693535CC,?,69277EF8,?,?,00000000,?,00000001,?,693535CC,?), ref: 692A69B4
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier,?,692801AE,?,00000000,693535CC,?,69277EF8,?,?,00000000,?,00000001,?,693535CC), ref: 692A69C0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                    • String ID: GetHandleVerifier$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 1646373207-245874586
                                                                                                                                                                                                                                                                                    • Opcode ID: 423d9ba1eb9211d81a390782f841469fa3f33f1a53e863c3485004a6aa6d8036
                                                                                                                                                                                                                                                                                    • Instruction ID: c68fcaccc26b6a7b7a6ed4bbe3a8733dcc78a3e00cee8b2e2943b18dbf8a29a2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 423d9ba1eb9211d81a390782f841469fa3f33f1a53e863c3485004a6aa6d8036
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42E0653326435EEFFF0076AE9E9AF653689A701742F500425B511DA180DF61E440C565
                                                                                                                                                                                                                                                                                    Function 6923D020 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00003000,00000040,00004000), ref: 6923D046
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6947C2D8,-00000100,?,00000000,?,?,6923BDF4,?,00000000,00000003,00000000,?,00000000), ref: 6923D08B
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,6923BDF4,?,00000000,00000003,00000000,?,00000000,?,?,?,?), ref: 6923D0B7
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6947C2D8,?,?,6923BDF4,?,00000000,00000003,00000000,?,00000000,?,?,?,?,?), ref: 6923D0E6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveFreeLockVirtual$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 448536242-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 63c0da94b23efdce10ce766244081d2b6aa62d7059d755bbcb223f200fa83b61
                                                                                                                                                                                                                                                                                    • Instruction ID: e1cb97f18e3d803ad6c227d2332d65aa0b3d96862f7bb5a3fa8dc81b9ae93a6f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63c0da94b23efdce10ce766244081d2b6aa62d7059d755bbcb223f200fa83b61
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C32107B1A463ACABEF106AA59C04F6B775DEB92B56F40C516FE045F780C771AC02C7A0
                                                                                                                                                                                                                                                                                    Function 6923B3B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 726 6923b3b0-6923b3dc 727 6923b3e2-6923b3e8 726->727 728 6923b81b-6923b822 726->728 729 6923b6b5-6923b6bc 727->729 730 6923b3ee-6923b3f0 call 6923b2b0 727->730 731 6923b489-6923b49d call 692f1fe3 728->731 732 6923b828-6923b83b call 6923bbe0 728->732 729->731 736 6923b6c2-6923b6f8 729->736 730->731 741 6923b840-6923b843 732->741 742 6923b83d 732->742 739 6923ba97-6923bafc call 69215ad0 call 690ec650 call 69215ad0 call 690ec650 736->739 740 6923b6fe-6923b739 736->740 762 6923bba2-6923bba7 739->762 763 6923bb02-6923bb07 call 6923bfb0 739->763 743 6923b746-6923b7af call 69224750 740->743 744 6923b73b-6923b744 740->744 741->739 742->741 750 6923b7b1-6923b7cb 743->750 751 6923b7e8-6923b802 743->751 744->743 744->744 755 6923b7cd-6923b7df 750->755 753 6923bbd8-6923bbd9 751->753 754 6923b808-6923b814 751->754 758 6923bbdb-6923bbdf 753->758 754->728 755->755 759 6923b7e1-6923b7e5 755->759 759->751 762->763 765 6923bb0c-6923bb15 763->765 766 6923bb1b-6923bb28 765->766 767 6923bbac-6923bbb1 765->767 770 6923bb37-6923bb3f 766->770 771 6923bb2a-6923bb2e 766->771 768 6923bbb3-6923bbd6 ReleaseSRWLockExclusive call 6923c170 767->768 769 6923bb41-6923bb50 767->769 776 6923bb8a-6923bb97 768->776 770->769 773 6923bb55-6923bb74 770->773 771->770 773->758 775 6923bb76 773->775 775->776 776->762
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: slotsize$spansize
                                                                                                                                                                                                                                                                                    • API String ID: 0-1054177511
                                                                                                                                                                                                                                                                                    • Opcode ID: b7d12f9518ae926f6878cb200a94a70fabeb091f55f0fdac071b2809250cc0f9
                                                                                                                                                                                                                                                                                    • Instruction ID: 85acd15054e029eaf4dfe8a492673b759a01a9e214e5f53cc7ab3416e377af5a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7d12f9518ae926f6878cb200a94a70fabeb091f55f0fdac071b2809250cc0f9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B91F2B5A04B198FD704CF28C891BAAB7E2FFC8355F44852DE8958B385DB34E841CB81
                                                                                                                                                                                                                                                                                    Function 69215790 Relevance: 3.2, APIs: 2, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,?,69223B4D,69223B4D,?,6924FFF4,?,?,?,?,?,?,00000000), ref: 69215967
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000001,00000001,?,6924FFF4,?,?,?,?,?,?,00000000), ref: 692159D8
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-0
                                                                                                                                                                                                                                                                                    • Opcode ID: de7abfe635b41f3546e0937054a3f001737ff45ed0bcb605ebd4f8d9be728474
                                                                                                                                                                                                                                                                                    • Instruction ID: d341a224f924be5283fb33938931073a2c2ecbc8627b265cebfdf6d088785cd4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de7abfe635b41f3546e0937054a3f001737ff45ed0bcb605ebd4f8d9be728474
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B581E070A0464A8FDB18CF68C9C4F65B7F5FF41325F0486A9D96ACB286D734E991CB80
                                                                                                                                                                                                                                                                                    Function 6930A308 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 6930A6B2: GetConsoleOutputCP.KERNEL32(29996D9D,00000000,00000000,?), ref: 6930A715
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6930A48D
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?), ref: 6930A497
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2915228174-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 36eeeb777cdd2bd2c43b0fa733347ea5c0601aee4a05fbbf7740556421d4376b
                                                                                                                                                                                                                                                                                    • Instruction ID: c1ff1fdac613d4e79aa8c96538b750f3e03dd6c14bd4e5440d6bd96feef7f7b6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36eeeb777cdd2bd2c43b0fa733347ea5c0601aee4a05fbbf7740556421d4376b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B61B476D04119AFDF01CFA8D998AEFBBB9BF0A324F144189E954E7241D332D905CB61
                                                                                                                                                                                                                                                                                    Function 6930AAE1 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,6930A473,?,?,?,?), ref: 6930AB7D
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6930A473,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6930ABA3
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 442123175-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b932fd0971c02bdd5a0aa60267f0367582c9fbf9962f0ec9ad703b97b2baf22f
                                                                                                                                                                                                                                                                                    • Instruction ID: b1e5c370876f0b0bd6d94e3ccb57d323af6631d843f9b9a7910daca6dbbecc23
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b932fd0971c02bdd5a0aa60267f0367582c9fbf9962f0ec9ad703b97b2baf22f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4721D175A002189FCB19CF29D994AE9B7FAFF89315F1481A9E906D7211D730EE42CF60
                                                                                                                                                                                                                                                                                    Function 692156D0 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,?,691DC52D,00000000), ref: 692156F0
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,691DC52D,00000000), ref: 69215719
                                                                                                                                                                                                                                                                                      • Part of subcall function 692246D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 692246EC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e0746b013cb53766f564805ac804320ee91161ee87329ad9b46232762e5f76d0
                                                                                                                                                                                                                                                                                    • Instruction ID: 532e6a06cd2343aa053a2394123a82022f3c0dc86477f78ac9526155e75fc3eb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0746b013cb53766f564805ac804320ee91161ee87329ad9b46232762e5f76d0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07F062B590021C9B8F00EFA5D844CFFB7BCEF89258740842AE905A7201DB34A905CBB4
                                                                                                                                                                                                                                                                                    Function 692593A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 69264690: TryAcquireSRWLockExclusive.KERNEL32(6947DE18,?,?,692593A9,?,?,6923CC8F,00000000,?,?,?,?,6923CE69,?,?,00000000), ref: 69264699
                                                                                                                                                                                                                                                                                      • Part of subcall function 69264690: ReleaseSRWLockExclusive.KERNEL32(6947DE18,?,692593A9,?,?,6923CC8F,00000000,?,?,?,?,6923CE69,?,?,00000000,00000000), ref: 692646CE
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,6923CC8F,00000000,?,?,?,?,6923CE69,?,?,00000000,00000000,?,?,?), ref: 692593D8
                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,69465E04,?,6923CC8F,00000000,?,?,?,?,6923CE69,?,?,00000000,00000000,?), ref: 692593E4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLockProcess$AcquireCurrentReleaseWow64
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2898688079-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 169edff4e11603590be8c041dff9131ed1a30967e83342c90d72a18e8c6a27a1
                                                                                                                                                                                                                                                                                    • Instruction ID: 07bda02b54a8acd46d617e1930d2cc52d4ac8e66dc28fb01a563bd75411e31af
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 169edff4e11603590be8c041dff9131ed1a30967e83342c90d72a18e8c6a27a1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6E065F5600659E7DB00A7A89B18B16329C5B123A6F800125E955C75D1E791DC30D3D0
                                                                                                                                                                                                                                                                                    Function 69264690 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6947DE18,?,?,692593A9,?,?,6923CC8F,00000000,?,?,?,?,6923CE69,?,?,00000000), ref: 69264699
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6947DE18,?,692593A9,?,?,6923CC8F,00000000,?,?,?,?,6923CE69,?,?,00000000,00000000), ref: 692646CE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c9862130196c9b533e70590d7f835c1722449ec88a3549646dc2e7f4c64dbfed
                                                                                                                                                                                                                                                                                    • Instruction ID: 6585cccb3c3a01c24733349d9ac4be4ccebb56f45ed52cd5bd5f089c5b10d9ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9862130196c9b533e70590d7f835c1722449ec88a3549646dc2e7f4c64dbfed
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6E06531724B9C67DA1267A55114BA67E454B6735DF05446BE8414F681CB4204E48BD3
                                                                                                                                                                                                                                                                                    Function 69311CAB Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,69345CA1,693039EA,69306763,?,00000003,692F6F9B), ref: 69311CAF
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 69311D51
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 99930c6407cac417e4bf1792499e06ce5121f4baf9837c8f07998ede9ea293fc
                                                                                                                                                                                                                                                                                    • Instruction ID: d4afb3940e9d8fbd463d4c8034419e7d2105b34b81f446e5461af7d30ad4b961
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99930c6407cac417e4bf1792499e06ce5121f4baf9837c8f07998ede9ea293fc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 331104B660C2247EDB18ABF5CDC5EBB3AADEB137BC7205230F514D20B4DF1198068164
                                                                                                                                                                                                                                                                                    Function 6923CFE0 Relevance: 2.5, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000001,00004000,?,69224B92,00000001,?,00000001,?,691DC52D,?,6923C1C5), ref: 6923CFEE
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,69224B92,00000001,?,00000001,?,691DC52D,?,6923C1C5), ref: 6923CFF8
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFreeLastVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 499627090-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e8549aa036ce4791617b8d35261d2fe5ee9468d68d6e74e1ef28189a50b16539
                                                                                                                                                                                                                                                                                    • Instruction ID: d1d3e52a055405438bb3d7f4107c15cdbfee242e0fdba493d9504b9025b04bf2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8549aa036ce4791617b8d35261d2fe5ee9468d68d6e74e1ef28189a50b16539
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37D0127034425DFBDF112EB1DE06B193B7DAB01F56F848425FB0C89410EB71D552D648
                                                                                                                                                                                                                                                                                    Function 69224780 Relevance: 1.7, APIs: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,00000000,?,00000000,?,692245A9,00000001,?,?,00000000,0000007E,?,?,69223F38,?,00000000), ref: 69224A4E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLockRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1766480654-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 42041af65c92e218add1df67ce622d832df112f506cea0e01fa058cbac17b5ee
                                                                                                                                                                                                                                                                                    • Instruction ID: 1c8e48ea261e7b7920819344f8cbcce4f0fb3692582dfb6cf8fb6433638ab8ce
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42041af65c92e218add1df67ce622d832df112f506cea0e01fa058cbac17b5ee
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C091A671A10A068FDB08CF65C8817A5B7B2FF84315F188669E929CF395D739E942CBD0

                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                    Function 6926B0D0 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 208threadtimeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6926B0F7
                                                                                                                                                                                                                                                                                    • QueryThreadCycleTime.KERNEL32(00000000,00000000), ref: 6926B103
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6926B191
                                                                                                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 6926B194
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6926B19E
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000002), ref: 6926B1A3
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6926B200
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6926B20B
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?), ref: 6926B216
                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6926B224
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6926B2F1
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ..\..\third_party\perfetto\src\base\time.cc, xrefs: 6926B39A, 6926B3D9
                                                                                                                                                                                                                                                                                    • %s (errno: %d, %s), xrefs: 6926B3AE, 6926B3ED
                                                                                                                                                                                                                                                                                    • PERFETTO_CHECK(tsc_now >= tsc_initial), xrefs: 6926B3E8
                                                                                                                                                                                                                                                                                    • PERFETTO_CHECK(perf_counter_now >= perf_counter_initial), xrefs: 6926B3A9
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$CurrentQuery$PerformancePriority$Counter$CycleFrequencyTime
                                                                                                                                                                                                                                                                                    • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\base\time.cc$PERFETTO_CHECK(perf_counter_now >= perf_counter_initial)$PERFETTO_CHECK(tsc_now >= tsc_initial)
                                                                                                                                                                                                                                                                                    • API String ID: 649842374-3408761757
                                                                                                                                                                                                                                                                                    • Opcode ID: a5d800e22f192dad5c9a958c500a15e50641db2eb2d2635d0c6234492a5d8987
                                                                                                                                                                                                                                                                                    • Instruction ID: 4a45ad3d75d35c55a0b4559074c06652809ed60b6c00cb0ec75462279c784017
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5d800e22f192dad5c9a958c500a15e50641db2eb2d2635d0c6234492a5d8987
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C81B2B5908744DFCB01EF78D45592BBBE5FF86394F508619F886A3251EB31A881CB42
                                                                                                                                                                                                                                                                                    Function 6928F2B0 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 486COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6946B90C,?,692B1F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 6928F2EB
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,692B1F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 6928F4F6
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,692B1F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 6928F50E
                                                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 6928F5F5
                                                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 6928F809
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release__floor_pentium4$Acquire
                                                                                                                                                                                                                                                                                    • String ID: @Bj+$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 2821508176-102575930
                                                                                                                                                                                                                                                                                    • Opcode ID: f6972a0d1171af964664693fb84bdd0c9fac76c78e177183dc4a82ae4ffe12ad
                                                                                                                                                                                                                                                                                    • Instruction ID: 1964079d2996cb184b784368ce7ac2f3baccd73edbfa15e4119a01054e0c9e1c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6972a0d1171af964664693fb84bdd0c9fac76c78e177183dc4a82ae4ffe12ad
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FF13C71B1060E8BC704CE69CA909AFB3B6FF8A350714862ED516E7391E731E849DBD1
                                                                                                                                                                                                                                                                                    Function 692935B0 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-4192499404
                                                                                                                                                                                                                                                                                    • Opcode ID: f3b75aee9d8e5628842b9cce3349ec35b41f5438b00970a80186717cf723d479
                                                                                                                                                                                                                                                                                    • Instruction ID: 1566999f669bcf372802ae60a054bafdf67299b93a9943bac237f1b2a34ad315
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3b75aee9d8e5628842b9cce3349ec35b41f5438b00970a80186717cf723d479
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2C1B475E1020D9FDB14DFAAD980AAEF7B6FF89354F158129E819A7341D731A802CB90
                                                                                                                                                                                                                                                                                    Function 693169B7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,6931636D,?,?), ref: 69316A50
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,6931636D,?,?), ref: 69316A79
                                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,6931636D,?,?), ref: 69316A8E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                    • Opcode ID: fee0d67d026e65bf29581243c78bf8aeb35a45cd7e9676aa5b1a6eddd28185f5
                                                                                                                                                                                                                                                                                    • Instruction ID: 8b3a046d87b27640a75ad8456db19db484eb042cf64eea8469f3c7aae163939b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fee0d67d026e65bf29581243c78bf8aeb35a45cd7e9676aa5b1a6eddd28185f5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B2183F260C105AAE728CFD4CA01A8777BBFB45B58B97C464E909D7124E733DA41C361
                                                                                                                                                                                                                                                                                    Function 69316237 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 69311B5A: GetLastError.KERNEL32(00000000,?,6930E24D), ref: 69311B5E
                                                                                                                                                                                                                                                                                      • Part of subcall function 69311B5A: SetLastError.KERNEL32(00000000), ref: 69311C00
                                                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6931633F
                                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(?), ref: 6931637D
                                                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 69316390
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 693163D8
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 693163F3
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 415426439-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 79add4f1bcfa6b4d52afd860ed10f3882d81913f5df75ad3f7baa5d67fbeb621
                                                                                                                                                                                                                                                                                    • Instruction ID: 18cbc7045b4aa4fa81fe1d3e7f70d33c6ad25ba3906d1f2f4b3d531ac766570d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79add4f1bcfa6b4d52afd860ed10f3882d81913f5df75ad3f7baa5d67fbeb621
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58516071908219AFEF18DFE5CC40AAF77B8FF49308F018469E951E71A0EB71D9418B60
                                                                                                                                                                                                                                                                                    Function 69161D10 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: `%/i
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-43404677
                                                                                                                                                                                                                                                                                    • Opcode ID: 010a6ddd16381969937e23bc8c6f97ca415e18c29077cf8de574973d5520c2e6
                                                                                                                                                                                                                                                                                    • Instruction ID: 3a7407506180067d20f2aa074a00a98e7f93a14817c9a4d2f62ec52289b558cf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 010a6ddd16381969937e23bc8c6f97ca415e18c29077cf8de574973d5520c2e6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66E1A371E042199FDB04CF58C484AAEB7F6FF89318F65C569E449AB361C731AC45CBA0
                                                                                                                                                                                                                                                                                    Function 692FBE80 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 4f2f6360593e6b1832d91633cd36a6a5969e67cb0d4f23d873bdedb96b29a990
                                                                                                                                                                                                                                                                                    • Instruction ID: c642e82b598eda85f0a926ba5f87c207bb3187d7ca031363634441678ee82fe0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f2f6360593e6b1832d91633cd36a6a5969e67cb0d4f23d873bdedb96b29a990
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28025B71E4121A9BDF14CFA8C980A9EFBF1FF48714F248269D519E7380D731AA46CB90
                                                                                                                                                                                                                                                                                    Function 6928D5F0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                                                                                    • String ID: -
                                                                                                                                                                                                                                                                                    • API String ID: 3839614884-2547889144
                                                                                                                                                                                                                                                                                    • Opcode ID: 134d6871b41ce1cdfc54a2f1394fd5259b1524a0ed9b7cf9c094b525ab46441f
                                                                                                                                                                                                                                                                                    • Instruction ID: 329f654a73079eb0b0aa695f4694372bf803048f50a16762c24f3d3e1c97ac02
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 134d6871b41ce1cdfc54a2f1394fd5259b1524a0ed9b7cf9c094b525ab46441f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08C1F771E102199FDB04CF68D894AAEFBA9FF89314F15822BE819DB340D730A945CBD0
                                                                                                                                                                                                                                                                                    Function 6928FA00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6946B90C,?,?,?,6928FF16,00000000,?,?,69291872,?,00000000,00000001,00000000), ref: 6928FA3D
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6946B90C,?,?,?,6928FF16,00000000,?,?,69291872,?,00000000,00000001,00000000), ref: 6928FB40
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: @Bj+
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-4209026274
                                                                                                                                                                                                                                                                                    • Opcode ID: ac03410e4a0b9d815ff474cbd5d8103b39cf23269828e8adde85c5e990866db9
                                                                                                                                                                                                                                                                                    • Instruction ID: b38c034cbea4a28f2fee6f4730177bba1c5db08c96934bdfd986e050f2bcffc9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac03410e4a0b9d815ff474cbd5d8103b39cf23269828e8adde85c5e990866db9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7514AB1B1450E478B08DB248EA19BFBBBFBF8A754754C129E411DB382E731E84997D0
                                                                                                                                                                                                                                                                                    Function 693092BA Relevance: 1.6, APIs: 1, Instructions: 140timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000), ref: 6930936E
                                                                                                                                                                                                                                                                                      • Part of subcall function 69317F9A: WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,?,?,-00000008,-00000008,00000000,?,69311AC4,?,00000000,-00000008), ref: 69317FFB
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ByteCharInformationMultiTimeWideZone
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1123094072-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 619fe432095b6e717a1f6911b423cede7f03c7f8bdcd69d004f43f68fd75324a
                                                                                                                                                                                                                                                                                    • Instruction ID: d42f9aacb77af508d8abc9092b0b9dbef3fe636161467e3f104d89693adcfd4f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 619fe432095b6e717a1f6911b423cede7f03c7f8bdcd69d004f43f68fd75324a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E41B0B5900218BBDB04EFA5DC46AAEBFBDEF05714F10D065F918E72A4E73199108B94
                                                                                                                                                                                                                                                                                    Function 69352EC0 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 6929A350: _strlen.LIBCMT ref: 6929A38A
                                                                                                                                                                                                                                                                                      • Part of subcall function 69291850: _strlen.LIBCMT ref: 69291861
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 69352F3B
                                                                                                                                                                                                                                                                                      • Part of subcall function 692F19A1: AcquireSRWLockExclusive.KERNEL32(69465FE4,?,?,?,6927D29B,6946ACA4), ref: 692F19AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 692F19A1: ReleaseSRWLockExclusive.KERNEL32(69465FE4,?,6927D29B,6946ACA4), ref: 692F19E6
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 6935314B
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 69353174
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen$ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: into $ under feature $ with string value $. Falling back to default value of $..\..\base\metrics\field_trial_params.cc$9F)i$Failed to parse field trial param $FieldTrialParams-default$FieldTrialParams-feature_name$FieldTrialParams-param_name$FieldTrialParams-value$LogInvalidValue$Variations.FieldTriamParamsLogInvalidValue
                                                                                                                                                                                                                                                                                    • API String ID: 3829107669-268019153
                                                                                                                                                                                                                                                                                    • Opcode ID: 237335c524c1a7d4520a742adf6e8d67cb9cf1ea0aeac58bc6005589efb92e0e
                                                                                                                                                                                                                                                                                    • Instruction ID: 3823585054f10a5d8c09c2491ed41329474443f921c7d90056e9340cdd20b035
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 237335c524c1a7d4520a742adf6e8d67cb9cf1ea0aeac58bc6005589efb92e0e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00B12BB9904384ABD710DF14DC91F7F77A9EF86728F048128EC5A5B281FB32A915C792
                                                                                                                                                                                                                                                                                    Function 69222BE0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 69222C1E
                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,00000000), ref: 69222C2A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentWow64
                                                                                                                                                                                                                                                                                    • String ID: `%/i$allo$c$comm$iswo$it$ize$size$va_s$w64
                                                                                                                                                                                                                                                                                    • API String ID: 1905925150-2451896485
                                                                                                                                                                                                                                                                                    • Opcode ID: af96d3566d24ae12f377911e417b46b1a17758e03e2756fc6685e51e3f7799f1
                                                                                                                                                                                                                                                                                    • Instruction ID: 952aafd8d931699e4f9d447909b4c8cfe80da248c66b08667dfc1d70dc463a7a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af96d3566d24ae12f377911e417b46b1a17758e03e2756fc6685e51e3f7799f1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC3150B58083449FDB04DFA4D89875BBBE8BF84708F14592DF4958B300D776D5048B83
                                                                                                                                                                                                                                                                                    Function 691F08D0 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 351timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 692B0890: GetLastError.KERNEL32(00000000,?,691F08F8,?,?,?,0000000C,?,00000000,?,?,693566B5,?,?,?,?), ref: 692B08AA
                                                                                                                                                                                                                                                                                      • Part of subcall function 692B0890: SetLastError.KERNEL32(00000000,?,691F08F8,?,?,?,0000000C,?,00000000,?,?,693566B5,?,?,?,?), ref: 692B08B5
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 691F0903
                                                                                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,0000000C,?,00000000,?,?,693566B5,?,?), ref: 691F09DD
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 691F0AEF
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32(?,?,?,?,?,?,?,0000000C,?,00000000,?,?,693566B5,?,?,?), ref: 691F0C58
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast_strlen$CountLocalTickTime
                                                                                                                                                                                                                                                                                    • String ID: )] $:$:$UNKNOWN$VERBOSE$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 4112389128-1463405344
                                                                                                                                                                                                                                                                                    • Opcode ID: 4d1a5c3ae9eda9e0548355c880c4bd7b6b57b2c859e64ffa9bb8139355a23866
                                                                                                                                                                                                                                                                                    • Instruction ID: 3ef5101fa2ed991103761f0e0987155a5d6e2568b31b2416dcf7514ac577e84f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d1a5c3ae9eda9e0548355c880c4bd7b6b57b2c859e64ffa9bb8139355a23866
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BC118B8E002586FDB04DB64D894EBE7BF8EF5630CF14805DE815A7341EB369946CBA1
                                                                                                                                                                                                                                                                                    Function 693557C0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6946B9F0,?,?,?,?,?,?,?,?,?,ABA17E2D,?,?,692B2C9F), ref: 6935586D
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6946B9F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?,ABA17E2D), ref: 693558F5
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6946B9F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?,ABA17E2D), ref: 6935591A
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 69355934
                                                                                                                                                                                                                                                                                      • Part of subcall function 692F19A1: AcquireSRWLockExclusive.KERNEL32(69465FE4,?,?,?,6927D29B,6946ACA4), ref: 692F19AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 692F19A1: ReleaseSRWLockExclusive.KERNEL32(69465FE4,?,6927D29B,6946ACA4), ref: 692F19E6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire$_strlen
                                                                                                                                                                                                                                                                                    • String ID: DumpWithoutCrashing-file$DumpWithoutCrashing-line$Stability.DumpWithoutCrashingStatus$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 576647242-2563701904
                                                                                                                                                                                                                                                                                    • Opcode ID: c0405ea1c3c29f452ad2381ce42e722c2e9dc48e282f6ad531851dfcf0ec7820
                                                                                                                                                                                                                                                                                    • Instruction ID: 8b9ad578fa617c448fd776a4eeb050db9aea81b6ba8814111b99821eb72dd8ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0405ea1c3c29f452ad2381ce42e722c2e9dc48e282f6ad531851dfcf0ec7820
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4191F6F55083859FD700DF14C885E6A77B9FF8A328F40862CF85697281E731B859CBA2
                                                                                                                                                                                                                                                                                    Function 6931058E Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 693106AD
                                                                                                                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 6931080C
                                                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 6931090D
                                                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 69310928
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CallCatchFramesNestedUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 2332921423-393685449
                                                                                                                                                                                                                                                                                    • Opcode ID: 64836d8d3a99a105fbac240e48d0adc8c0eaa5e9ce3b3528fbb57034d8e91ec0
                                                                                                                                                                                                                                                                                    • Instruction ID: 650aff3ea2be2dc77121ed10209a38be1359ae7546dbe7f12af98f66750bb72b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64836d8d3a99a105fbac240e48d0adc8c0eaa5e9ce3b3528fbb57034d8e91ec0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60B18075C09209EFCF09DFA4C98199EBBB5FF48318F10815AE8546B221D772DA61CFA1
                                                                                                                                                                                                                                                                                    Function 69161310 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 6916143F
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69161494
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen
                                                                                                                                                                                                                                                                                    • String ID: %*s:%s$%s%s %s$[%03u.%03u] $[printf format error]$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 2172594012-2908539562
                                                                                                                                                                                                                                                                                    • Opcode ID: 33caf922bcf968f25d35e73bb398d1e27dd0a1fdc8f293053e372ec6e8e26afd
                                                                                                                                                                                                                                                                                    • Instruction ID: 5ce56169f997bc69ce446f7c917db7815ee3a9756dd824bb09de7fa524db566e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33caf922bcf968f25d35e73bb398d1e27dd0a1fdc8f293053e372ec6e8e26afd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 185158B6E043456BEB04CF24CC81E6BBB69EFC5318F50C62CF94586192EB31D5658792
                                                                                                                                                                                                                                                                                    Function 691615B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 124libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32(?,?,8B04C483,?,69162774,?,?,?,6932AA01), ref: 691615FB
                                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,8B04C483,?,69162774,?,?,?,6932AA01), ref: 691616C0
                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(Kernel32.dll,?,?,8B04C483,?,69162774,?,?,?,6932AA01), ref: 691616FE
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThreadDescription,?,?,8B04C483,?,69162774,?,?,?,6932AA01), ref: 6916170A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressCurrentFreeHandleLocalModuleProcThread
                                                                                                                                                                                                                                                                                    • String ID: GetThreadDescription$Kernel32.dll$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 4205643583-67288524
                                                                                                                                                                                                                                                                                    • Opcode ID: 08433d0cbddfae8f0d28da5485b39393f292c6ae25e0a69ad9191c3f43253e20
                                                                                                                                                                                                                                                                                    • Instruction ID: 951dae1f8b422d852c960f058b85b4127bc4b0937b4bc82b27859d2a1cf08411
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08433d0cbddfae8f0d28da5485b39393f292c6ae25e0a69ad9191c3f43253e20
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 324116B5D001188BDB00EFA4CC849AE77B9FF0531CF65413AD805A7260EB75AD15CBA1
                                                                                                                                                                                                                                                                                    Function 692F3BB0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 692F3BE7
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 692F3BEF
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 692F3C78
                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 692F3CA3
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 692F3CF8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: `%/i$csm
                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-3058968259
                                                                                                                                                                                                                                                                                    • Opcode ID: f17e1ec685d1796533fca03b7626e4f2a4d56d5cdf95daebf5a11fa278cd36ef
                                                                                                                                                                                                                                                                                    • Instruction ID: 74fcdf67f10e5c88e599203ef0edac1a53b60d85d3cd4bcd14449767e9c0f854
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f17e1ec685d1796533fca03b7626e4f2a4d56d5cdf95daebf5a11fa278cd36ef
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F541B534A0020DEBCF04DF68C984A9EFBB5BF463A9F10C155E8249B361D731DA16CB92
                                                                                                                                                                                                                                                                                    Function 69313E01 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f492ebc2efcad86b8d6e0f7bd2feb2b284066b83d153a20c6e5141718fdeff8b
                                                                                                                                                                                                                                                                                    • Instruction ID: 4370d4e30fb2000b4ea9fcf95b2d9e9a78ce12527d99421df6c0f0791097aaad
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f492ebc2efcad86b8d6e0f7bd2feb2b284066b83d153a20c6e5141718fdeff8b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51B17832A0C3559FDB09CF68CC81BAEBBB5EF5A354F148165E944AB2A1D371D901C7A0
                                                                                                                                                                                                                                                                                    Function 69212DC0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 69212DD6
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69212ED0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ..\..\base\threading\thread_id_name_manager.cc, xrefs: 69212F19, 69212F59
                                                                                                                                                                                                                                                                                    • handle_to_name_iter != thread_handle_to_interned_name_.end(), xrefs: 69212F35
                                                                                                                                                                                                                                                                                    • RemoveName, xrefs: 69212F1E, 69212F5E
                                                                                                                                                                                                                                                                                    • id_to_handle_iter != thread_id_to_handle_.end(), xrefs: 69212F75
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: ..\..\base\threading\thread_id_name_manager.cc$RemoveName$handle_to_name_iter != thread_handle_to_interned_name_.end()$id_to_handle_iter != thread_id_to_handle_.end()
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-1713423127
                                                                                                                                                                                                                                                                                    • Opcode ID: 65897f5cc5c18eda0c79ca9044a2d96375407b5878a5b81f57f382da1c628a10
                                                                                                                                                                                                                                                                                    • Instruction ID: 84470b1be70e704a688983075b6796199f17de16d40656d4205401d43b5e8967
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65897f5cc5c18eda0c79ca9044a2d96375407b5878a5b81f57f382da1c628a10
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 005104B170820A9BDB28DF24D950D2A73F5FF86709B40452DFA1697241EB31F927CB90
                                                                                                                                                                                                                                                                                    Function 6931273E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,6931284D,?,?,00000000,?,69345CA1,?,6931242F,00000022,FlsSetValue,693DFDEC,FlsSetValue,?), ref: 693127FF
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                    • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                                    • Opcode ID: 133c4ce09389f229f151a4bbd82b1d948917e2c9234e1297a67ecc86c421772c
                                                                                                                                                                                                                                                                                    • Instruction ID: ad70a350e2924b5b8adc4ec533460142648fc63aa22ef0593cf0e19179b8ad35
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 133c4ce09389f229f151a4bbd82b1d948917e2c9234e1297a67ecc86c421772c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1213636A08215EBEB15AF74CE84A5B77BCEB037A1F100121EC15A72A1D730ED02CAF0
                                                                                                                                                                                                                                                                                    Function 69300C5E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,29996D9D,?,?,00000000,693DB440,000000FF,?,69300D1F,?,?,69300DBB,?,?), ref: 69300C93
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CorExitProcess,?,?,00000000,693DB440,000000FF,?,69300D1F,?,?,69300DBB,?,?,?,?), ref: 69300CA5
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00000000,693DB440,000000FF,?,69300D1F,?,?,69300DBB,?,?,?,?,29996D9D), ref: 69300CC7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$`%/i$mscoree.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1549299917
                                                                                                                                                                                                                                                                                    • Opcode ID: f95f6073c3d256233b7dacec936489d14eb37526fd1a61a3452af577161cf529
                                                                                                                                                                                                                                                                                    • Instruction ID: d3bc9a085862231e0b6ac8332a1cb02273011ec257e7516b54cbc0270143809b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f95f6073c3d256233b7dacec936489d14eb37526fd1a61a3452af577161cf529
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E301AD32910659EFDB129F90CC18FBEBBB9FB04B15F004529F821A6280DB75D800CA90
                                                                                                                                                                                                                                                                                    Function 69318A7C Relevance: 9.2, APIs: 6, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea$Info
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 541289543-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5cdc689cfb728073e01624aed5017919d1c657e8bbb186cb52ce45753758c189
                                                                                                                                                                                                                                                                                    • Instruction ID: c3f807036eb9b7acdc47b56079df0e022360a5046fce364a81c320e055bbde68
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cdc689cfb728073e01624aed5017919d1c657e8bbb186cb52ce45753758c189
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C7117B6D083095BDF18CE94CC81FAFB7FAAF4A754F244019E914A72A0D736D841C7A9
                                                                                                                                                                                                                                                                                    Function 6926EB30 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: `%/i$e&i
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-3064177565
                                                                                                                                                                                                                                                                                    • Opcode ID: 548fd6419b122e2a86f11b5a0122f8bdf8ff368eb6fac5d5222d43c016d4cdad
                                                                                                                                                                                                                                                                                    • Instruction ID: bdf37de069cb762c15d6900f93ffc65c5d948113f24300719541f9e03f6e1445
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 548fd6419b122e2a86f11b5a0122f8bdf8ff368eb6fac5d5222d43c016d4cdad
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFE1C475E00219DFCB04CF58D884AAEB7F6FF89324F158069E419AB7A1D731AC45CBA0
                                                                                                                                                                                                                                                                                    Function 6926EF80 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: `%/i$}&i
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-1495671659
                                                                                                                                                                                                                                                                                    • Opcode ID: 0dba87c30f3d838ac24760b39b6bb282347fe0ef3fbabcc2010d385ccc516082
                                                                                                                                                                                                                                                                                    • Instruction ID: 4bdb557a91c0b72529df3d58ebfa5a3d6495bcd583a885c16002e663d3ba5ea3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dba87c30f3d838ac24760b39b6bb282347fe0ef3fbabcc2010d385ccc516082
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BE1A075A052199FCF04CF58C484AAFB7F6FF89314F558169E819AB760D730AC45CBA0
                                                                                                                                                                                                                                                                                    Function 6924FD20 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 348COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(-00000300,?,?,00000000,?,00000000,?,69223B4D,FFFFFF79,00000000,?,?,692230A3,?,?), ref: 6924FD3E
                                                                                                                                                                                                                                                                                      • Part of subcall function 692246D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 692246EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AcquireExclusiveLock
                                                                                                                                                                                                                                                                                    • String ID: `%/i
                                                                                                                                                                                                                                                                                    • API String ID: 4021432409-43404677
                                                                                                                                                                                                                                                                                    • Opcode ID: c818f60a43e132cf499ead8957fc13baa24b2dd9826b8448db3177d1bcf7408b
                                                                                                                                                                                                                                                                                    • Instruction ID: b039443afc5a8a35ed3f0cb226f68a71bab3e32ce307c6dc0c006d286cee7617
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c818f60a43e132cf499ead8957fc13baa24b2dd9826b8448db3177d1bcf7408b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6D1D171A0061ACFDB04CF68C984BAAB7F2FF89319F148169D8199B385D775E852CF80
                                                                                                                                                                                                                                                                                    Function 6930FCE1 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,6930FCD8,692F3D14,00000011), ref: 6930FCEF
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6930FCFD
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6930FD16
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 6930FD68
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f16c92227e4c0e9167a8b469108760c973f1f9fa5ecc8a468f24f058aae778af
                                                                                                                                                                                                                                                                                    • Instruction ID: 28901d8c9d1da9d62ccca44ffc255a65a1f23879e896c6a607810b52fda712f8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f16c92227e4c0e9167a8b469108760c973f1f9fa5ecc8a468f24f058aae778af
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5014C3710D3157EE72476B86CA59373A98FB0277CB20133AF070850E8EF1348036188
                                                                                                                                                                                                                                                                                    Function 693102B5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                    • String ID: `%/i
                                                                                                                                                                                                                                                                                    • API String ID: 1740715915-43404677
                                                                                                                                                                                                                                                                                    • Opcode ID: eac07a253444c91d35ffbfea8c94796c6792608bf2adfdd6ef9b2f779b9a08ca
                                                                                                                                                                                                                                                                                    • Instruction ID: bebf3dfacf70ebd4353b0bbf2e4358477fb9dcf5d5c27f7d35cf0c3ed6138330
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eac07a253444c91d35ffbfea8c94796c6792608bf2adfdd6ef9b2f779b9a08ca
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4151D176648606DFEB1DCF55C980B6EB7A4FF04714F10892DEC15A75A0E732E8A2CB50
                                                                                                                                                                                                                                                                                    Function 69355570 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: FeatureList-early-access-allow-list$FeatureList-feature-accessed-too-early$false$true
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-1298438743
                                                                                                                                                                                                                                                                                    • Opcode ID: bda9805962af70d863bd247917b155a3c93aae497f6795bd31b53f2eb3d62467
                                                                                                                                                                                                                                                                                    • Instruction ID: 1bb078ee2290793f8994819b55e0840c2f41f8d201d4ee208ce85534344fa0c9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bda9805962af70d863bd247917b155a3c93aae497f6795bd31b53f2eb3d62467
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6831E5F5D041889BDB00DBA9CC86EBF77B9EF46324F405126E40667291E732281ACBA1
                                                                                                                                                                                                                                                                                    Function 6923BBE0 Relevance: 7.8, APIs: 5, Instructions: 280COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(-000000C0,?,?,?,?,00000000,?,6923B834,?,?), ref: 6923BC07
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 6923BE68
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?), ref: 6923BEBA
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?), ref: 6923BED3
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(-00000140,?,?,?,?,00000000,?,6923B834,?,?), ref: 6923BF91
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0cfe44715e3ed79bfd1afec9e37e3118409a6bcd3703307faf984c7d0a16b5c4
                                                                                                                                                                                                                                                                                    • Instruction ID: f4a46d014b40911c94e80bcb193ac4a0889193738831f29227f41ab118207ba1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cfe44715e3ed79bfd1afec9e37e3118409a6bcd3703307faf984c7d0a16b5c4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78B1DFB0A00B1A9FEB14DF64DD807EEB7F5BF88305F544428E55AAB381DB74A901CB90
                                                                                                                                                                                                                                                                                    Function 692B6DB0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6929E30C,6922A300,?,00000000,?,?,692B74E6,6947A83C,692506D0,?,?,6929E30C,00000001), ref: 692B6DCE
                                                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6947A800,6922A300,?,00000000,6929E30C,00000001), ref: 692B6E1A
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 692B6E2F
                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 692B6E3D
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 692B6E46
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Once$ErrorExecuteInitLast$Value
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4287946392-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 61642f8f05fbcee2d84fb32769796749951c277e9cfc0a543f9736ee015f3c46
                                                                                                                                                                                                                                                                                    • Instruction ID: 1cb5cc77dfbf7f6b89f3924ad02dd30ff5bd4eb320e66028e8049019d886a56d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61642f8f05fbcee2d84fb32769796749951c277e9cfc0a543f9736ee015f3c46
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D21B175A0020DABDF00AFA5DD44FAF77ACEF45669F504428FD199B240EB31E940C7A1
                                                                                                                                                                                                                                                                                    Function 6926E6E0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: `%/i
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-43404677
                                                                                                                                                                                                                                                                                    • Opcode ID: 3fddbfcb9bfff973a3950b814816ec7161a33411c3e39d87049ea366e3337b84
                                                                                                                                                                                                                                                                                    • Instruction ID: bdcd6891e581f3cea3ca7c71162bea89180dcd2c89f58a06f67b4d8fa33fe4ce
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fddbfcb9bfff973a3950b814816ec7161a33411c3e39d87049ea366e3337b84
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FE1A275E00219DFCB04CF58D884AAEB7F6FF89314F158169E419AB7A1D730AD85CBA0
                                                                                                                                                                                                                                                                                    Function 69319A99 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea
                                                                                                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                    • API String ID: 240046367-3206640213
                                                                                                                                                                                                                                                                                    • Opcode ID: c77e11ee6051882c90503c13dfb5c9549c77f3ed83cf72adb9dec790df7c9406
                                                                                                                                                                                                                                                                                    • Instruction ID: aaf28777cd94e64244ff3db4b47051e78d97a9b0b71440bf1f16026abbfeb0fe
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c77e11ee6051882c90503c13dfb5c9549c77f3ed83cf72adb9dec790df7c9406
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1C1F27990C206CEDB1CCF68E890BBA77B9FF46700F604059E955AB274D3329941CBB5
                                                                                                                                                                                                                                                                                    Function 69223F90 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 69223FD7
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 6922410B
                                                                                                                                                                                                                                                                                      • Part of subcall function 692246D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 692246EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: first$second
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-3095674784
                                                                                                                                                                                                                                                                                    • Opcode ID: d702c73b773efc8de774d7ea9b8075c568436acf91995ce3995094b4664cf7d5
                                                                                                                                                                                                                                                                                    • Instruction ID: d9d079244ed247f3d5b4f1d2c1db610953fd42a94f5ae36c8b87538139497126
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d702c73b773efc8de774d7ea9b8075c568436acf91995ce3995094b4664cf7d5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E51DF756087459FC704CF28C880A6AFBE5FFC8364F24C62DE5998B294DB31E946CB81
                                                                                                                                                                                                                                                                                    Function 69325450 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: ... (message truncated)$`%/i$pV2i
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-2667102158
                                                                                                                                                                                                                                                                                    • Opcode ID: 56d8a4fcfe1828582219dea1071dbcd340994126581dcb640bf803023ce4f223
                                                                                                                                                                                                                                                                                    • Instruction ID: b7ff10a41fee687388eade9b4837397fdea83c459457b103a99ed0c25c15892d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56d8a4fcfe1828582219dea1071dbcd340994126581dcb640bf803023ce4f223
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E241C6B6900219ABDF24DF50CC91EEEB779FF45308F4040A9E90AA3140EB319E55CFA0
                                                                                                                                                                                                                                                                                    Function 69224470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,0000007E,?,?,69223F38,?,00000000,?,00000000,?,69223B4D,FFFFFF79,00000000), ref: 69224496
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,00000001,?,?,00000000,0000007E,?,?,69223F38,?,00000000,?,00000000,?,69223B4D,FFFFFF79), ref: 692244B7
                                                                                                                                                                                                                                                                                      • Part of subcall function 692246D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 692246EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: first$second
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-3095674784
                                                                                                                                                                                                                                                                                    • Opcode ID: afc3024df48f7c21ab7dd3a9bf9023e5c4a5254b0be017324c760c5f237bdcca
                                                                                                                                                                                                                                                                                    • Instruction ID: 1357e615c1141c9dc1d1f32043f1ac94b3d7499c691d99e298dbb4e6fea37342
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afc3024df48f7c21ab7dd3a9bf9023e5c4a5254b0be017324c760c5f237bdcca
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF414A356047469FE700CF35C940B5AB7A2BFC9364F24C638F5A98B284EB75D456C780
                                                                                                                                                                                                                                                                                    Function 693109B3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,693108B9,?,?,00000000,00000000,00000000,?), ref: 693109D8
                                                                                                                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 69310ABE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CatchEncodePointer
                                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                    • API String ID: 1435073870-2084237596
                                                                                                                                                                                                                                                                                    • Opcode ID: 376ebb7497427a9d58daa1fef9442f14a6baef4874b2bd3fc919632243ddd681
                                                                                                                                                                                                                                                                                    • Instruction ID: be907906d5b69426673c9a665423ba80e3bc48116c1c9c9e8c47404d2aa7e84d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 376ebb7497427a9d58daa1fef9442f14a6baef4874b2bd3fc919632243ddd681
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79416872904209AFCF09DF98CD81AEEBBB5FF48304F158159F91467260D3369961DF92
                                                                                                                                                                                                                                                                                    Function 6931021E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 69310495
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: `%/i$csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 3493665558-4068080495
                                                                                                                                                                                                                                                                                    • Opcode ID: f1a0795021ff09eb46dbe4b1e248b08da8f40e919434eb258f888f65c840bff7
                                                                                                                                                                                                                                                                                    • Instruction ID: 497c0eaa5180f5f377cd72d9037ebb69f0b7a330181a120fb8d1b1a2fef2f1b8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1a0795021ff09eb46dbe4b1e248b08da8f40e919434eb258f888f65c840bff7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78318D7680C219EFCF1A8F91CD809AA7B66FF09719B14865AFC545A131C333C8B1DB92
                                                                                                                                                                                                                                                                                    Function 69223AC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(69464B40,?,692230A3,?,?), ref: 69223AC8
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(69464B40,?,692230A3,?,?), ref: 69223AFD
                                                                                                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000001,00000000,FFFFFF79,00000000,?,?,692230A3,?,?), ref: 69223B62
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireReleaseValue
                                                                                                                                                                                                                                                                                    • String ID: @KFi
                                                                                                                                                                                                                                                                                    • API String ID: 421378090-1423103103
                                                                                                                                                                                                                                                                                    • Opcode ID: d7d6a79159431e8dbb18b1b72ba36dcc0a96330f0d7d16f94de0cf8dbb0fff09
                                                                                                                                                                                                                                                                                    • Instruction ID: 97dc97ed327f39b25fb2f2cceb2c01908c768f6ab91153e0e0b0128e3e2a5022
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7d6a79159431e8dbb18b1b72ba36dcc0a96330f0d7d16f94de0cf8dbb0fff09
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61012D356002DCABDF14AF74D855FA97B59FB87F69F004015F904AB740CBB22441CBA2
                                                                                                                                                                                                                                                                                    Function 692F1A1B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(69465FE4,?,?,6927D2DF,6946ACA4), ref: 692F1A25
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(69465FE4,?,6927D2DF,6946ACA4), ref: 692F1A58
                                                                                                                                                                                                                                                                                    • WakeAllConditionVariable.KERNEL32(69465FE0,?,6927D2DF,6946ACA4), ref: 692F1A63
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireConditionReleaseVariableWake
                                                                                                                                                                                                                                                                                    • String ID: _Fi
                                                                                                                                                                                                                                                                                    • API String ID: 1466638765-3740424580
                                                                                                                                                                                                                                                                                    • Opcode ID: f62c807fca2643005ba59c8cecd15426efa63dba4ff99021542812477741bebf
                                                                                                                                                                                                                                                                                    • Instruction ID: 9dfa80594b046c702d74f0ff89ec01a45294c5e88cea3c876447371f460bba95
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f62c807fca2643005ba59c8cecd15426efa63dba4ff99021542812477741bebf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F0C9B5500294EFDB19FF98D448DA437A8EB4A354B04005AFA09D7311CA71A945CBA4
                                                                                                                                                                                                                                                                                    Function 6930A6B2 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(29996D9D,00000000,00000000,?), ref: 6930A715
                                                                                                                                                                                                                                                                                      • Part of subcall function 69317F9A: WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,?,?,-00000008,-00000008,00000000,?,69311AC4,?,00000000,-00000008), ref: 69317FFB
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6930A967
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6930A9AD
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6930AA50
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8072a8c3c0923f2331140d577b49a78fdefe8bc3ea803f1948525934b6070141
                                                                                                                                                                                                                                                                                    • Instruction ID: 0355141f7831146dc11e37baed59542383cb5ce3198cc932cd638b29abfb5786
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8072a8c3c0923f2331140d577b49a78fdefe8bc3ea803f1948525934b6070141
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59D17BB5D042489FCF05CFE8D9949EDBBB9FF09324F14852AE466EB241E730A946CB50
                                                                                                                                                                                                                                                                                    Function 693074D6 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 5456cf47829e598398e6294f9d78408a9682aa3b31ab6ab58f15c1ec38af5637
                                                                                                                                                                                                                                                                                    • Instruction ID: 3d299284560e9084c4f8f3599bb6250ebada50fb533ad586c378e4550e007fcd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5456cf47829e598398e6294f9d78408a9682aa3b31ab6ab58f15c1ec38af5637
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D021AE75A04209AFCB10DF65CC60D9F7BBDAF053687008528E85A97140EB32ED408B60
                                                                                                                                                                                                                                                                                    Function 692A6A00 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000001,?,6923D124,00000001,00000001,?,00000000), ref: 692A6A1E
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000001,?,6923D124,00000001,00000001,?,00000000,?,?,?,6923BDF4,?,00000000,00000003), ref: 692A6A2C
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000000,?,?,?,?,?), ref: 692A6A4C
                                                                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?,?,?,?,00000001,?,6923D124,00000001,00000001,?,00000000,?,?,?,6923BDF4,?), ref: 692A6A95
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorEventLast$CreateReset
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 77579966-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7ab92325e328680441b8c5f837d065ad8092f5304e328c17f5cf47ae28a7c9f7
                                                                                                                                                                                                                                                                                    • Instruction ID: 4ab3bb42e3454ea1431fa9bb1c80260e9d0f7143773dc7c50b0fefa8c430a7d0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ab92325e328680441b8c5f837d065ad8092f5304e328c17f5cf47ae28a7c9f7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC11C476510209DFD711AFB9C8C8A26BBEDFB45355F10883DE486C3601E772E8408751
                                                                                                                                                                                                                                                                                    Function 6932062E Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,6931A3A2,?,00000001,?,?,?,6930AAA4,?,00000000,00000000), ref: 69320645
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6931A3A2,?,00000001,?,?,?,6930AAA4,?,00000000,00000000,?,?,?,6930A3EA,?), ref: 69320651
                                                                                                                                                                                                                                                                                      • Part of subcall function 693206B0: CloseHandle.KERNEL32(FFFFFFFE,69320661,?,6931A3A2,?,00000001,?,?,?,6930AAA4,?,00000000,00000000,?,?), ref: 693206C0
                                                                                                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 69320661
                                                                                                                                                                                                                                                                                      • Part of subcall function 69320683: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6932061F,6931A38F,?,?,6930AAA4,?,00000000,00000000,?), ref: 69320696
                                                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,6931A3A2,?,00000001,?,?,?,6930AAA4,?,00000000,00000000,?), ref: 69320676
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                    • Opcode ID: fc1a0ea7e6014fead24d1d2452be5a743131a4b4b4843171c9021e6cfedbb187
                                                                                                                                                                                                                                                                                    • Instruction ID: b853b0efee7212706c6de097903c767e2bb520ed2fc71c7d7287c998fd130836
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc1a0ea7e6014fead24d1d2452be5a743131a4b4b4843171c9021e6cfedbb187
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CF0C736540158BBCF526FE5DC1899A3F26FF493A1F058120FA5995120CF72C965DB90
                                                                                                                                                                                                                                                                                    Function 69315927 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 69311B5A: GetLastError.KERNEL32(00000000,?,6930E24D), ref: 69311B5E
                                                                                                                                                                                                                                                                                      • Part of subcall function 69311B5A: SetLastError.KERNEL32(00000000), ref: 69311C00
                                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,6930193C,?,?,?,?,?,-00000050,?,?,?), ref: 693159E6
                                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6930193C,?,?,?,?,?,-00000050,?,?), ref: 69315A1D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                                    • String ID: utf8
                                                                                                                                                                                                                                                                                    • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                                    • Opcode ID: a59130d8755507e276e65cdd41970c33d14b14d32e6108bc037c49595a44b401
                                                                                                                                                                                                                                                                                    • Instruction ID: 65365e03e16bf8a81f240dc41a363a952f8ca2627bb73f3df391785a579049fe
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a59130d8755507e276e65cdd41970c33d14b14d32e6108bc037c49595a44b401
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1851237664C305AAE71DAB74CC81FAB73E8FF05754F008429E556DB1A0EB72E480C7A2
                                                                                                                                                                                                                                                                                    Function 69223D00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(69464B40), ref: 69223D81
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(69464B40), ref: 69223DC5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: @KFi
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-1423103103
                                                                                                                                                                                                                                                                                    • Opcode ID: 1096863ddda85eb257b19a890dca87572d9b264ff6a0bee2df5d198d776a69eb
                                                                                                                                                                                                                                                                                    • Instruction ID: 864a0c158e6f0a58041fc5899e2946a444f7f9922ce22d307e51ebf000115e7a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1096863ddda85eb257b19a890dca87572d9b264ff6a0bee2df5d198d776a69eb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB4138B09047858BD331DF24C9A47A7BBE4FF96318F40992DE8DA4B292CB75A184C791
                                                                                                                                                                                                                                                                                    Function 6923AB50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,?,?,bitset set argument out of range,?,00000000,?,6923C0F6,?,00000000,?,?,?,?,00000000), ref: 6923AB60
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,bitset set argument out of range,?,00000000,?,6923C0F6,?,00000000,?,?,?,?,00000000,-00000140,?), ref: 6923ABF0
                                                                                                                                                                                                                                                                                      • Part of subcall function 692246D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 692246EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • bitset reset argument out of range, xrefs: 6923ABFC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: bitset reset argument out of range
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-1934458321
                                                                                                                                                                                                                                                                                    • Opcode ID: 758dfd328439680ff6983327933c292e0a40181e799819a3c52c77a0b42c320f
                                                                                                                                                                                                                                                                                    • Instruction ID: 5c24c16d1ba657f055fcb79e47d3f3fefb145231469c3887010644d59d53d20f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 758dfd328439680ff6983327933c292e0a40181e799819a3c52c77a0b42c320f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70214FB221422D5BCF049A38E801BBE3357EBD33B6F954639E406C7591DB70C841C780
                                                                                                                                                                                                                                                                                    Function 6928F8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6946B90C,00000000,00000004), ref: 6928F8F6
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6946B90C,?), ref: 6928F923
                                                                                                                                                                                                                                                                                      • Part of subcall function 692814E0: AcquireSRWLockExclusive.KERNEL32(6946B9CC,?,693554E2,?,6929A33F,?,?,?,00000003,00000000,?,?,69356704,69464B20,?), ref: 692814E4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: @Bj+
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-4209026274
                                                                                                                                                                                                                                                                                    • Opcode ID: 85ae569e0bbb7e6bc2417f6fd2432327a3bb4002df30bd242b80081c8f92b119
                                                                                                                                                                                                                                                                                    • Instruction ID: fa2b27eb4a332e9a4de045a62ff8f246e12fa88c1c56a48a312bf0f2e1e8f2f1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85ae569e0bbb7e6bc2417f6fd2432327a3bb4002df30bd242b80081c8f92b119
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 092179F5B0894CA79A04A6194E90D7F372DABD329CB40841CF415273D2FB22AC4D97E2
                                                                                                                                                                                                                                                                                    Function 69160B70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: @vDi$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-3666385691
                                                                                                                                                                                                                                                                                    • Opcode ID: f9a181583a81b929b2c00a61f77b18c1b375d4a8c7f69edd4fd02ff55da74f2f
                                                                                                                                                                                                                                                                                    • Instruction ID: 900cfce3b53042148f408b1c31238dd8c14c41952449cfaf14660686885c5847
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9a181583a81b929b2c00a61f77b18c1b375d4a8c7f69edd4fd02ff55da74f2f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7611263AA046096BDB00995AEC84E6B779DEBC52FCB248032FD1CC7210DB71ED61C6E0
                                                                                                                                                                                                                                                                                    Function 69330FB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 692F331C: RaiseException.KERNEL32(E06D7363,00000001,00000003,692F21F9,?,2B640140,?,?,692F21F9,69153999,6945F66C,69153999), ref: 692F337C
                                                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 69331040
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                                                                    • String ID: .~&i$.~&i
                                                                                                                                                                                                                                                                                    • API String ID: 3109751735-1258672706
                                                                                                                                                                                                                                                                                    • Opcode ID: 4daf88bf3d64315515b8599367f40332be5dd13308f3a8ebcb266ac1419b2bce
                                                                                                                                                                                                                                                                                    • Instruction ID: 3f7c9f30ebe9f4d45a0039b986cae8d7f87f721242df831cf4049802866866c9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4daf88bf3d64315515b8599367f40332be5dd13308f3a8ebcb266ac1419b2bce
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F511BFB8504358ABD714DF65C800A9AFBFCFF09318B50842EE9599B700D775E445CBE1
                                                                                                                                                                                                                                                                                    Function 69223B80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(69464B40,FFFFFF79,?,692230B7,?,?,?), ref: 69223BB4
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(69464B40,?,692230B7,?,?,?), ref: 69223BED
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: @KFi
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-1423103103
                                                                                                                                                                                                                                                                                    • Opcode ID: d4aafb6c87692b508897fe60f72687ad32e5b8a9dd910b0231b1717fdd75db23
                                                                                                                                                                                                                                                                                    • Instruction ID: 623aad2ce90bc5925e672301b2fc557a993ab159034e4165eaaa1bc92c613ca0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4aafb6c87692b508897fe60f72687ad32e5b8a9dd910b0231b1717fdd75db23
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E115970A442DC5FEF205738CA51B6A3385BB53F5AF40841AD9408F355D7754081CB83
                                                                                                                                                                                                                                                                                    Function 6923AA90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,00000000,?,6923C0F6,?,00000000,?,?,?,?,00000000,-00000140,?,00000000), ref: 6923AAA0
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00000000,?,6923C0F6,?,00000000,?,?,?,?,00000000,-00000140,?,00000000), ref: 6923AB30
                                                                                                                                                                                                                                                                                      • Part of subcall function 692246D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 692246EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • bitset set argument out of range, xrefs: 6923AB3C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: bitset set argument out of range
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-3990704234
                                                                                                                                                                                                                                                                                    • Opcode ID: dbf646e4d6558af01882c5a8f25e3cda2e355c357eecf4ea219b0a4eef1b72bb
                                                                                                                                                                                                                                                                                    • Instruction ID: a572731919a5262b339fec6044b25c6ef590eda1cf3baca75f35af1fd03e1651
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbf646e4d6558af01882c5a8f25e3cda2e355c357eecf4ea219b0a4eef1b72bb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F811087222012D87CF085A10D905BBE3727EBD2376F90823AE40397651DBB0D882C780
                                                                                                                                                                                                                                                                                    Function 69223EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(69464B40,00000000,00000000,00000020,?,69223B4D,FFFFFF79,00000000,?,?,692230A3,?,?), ref: 69223EAD
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(69464B40,?,69223B4D,FFFFFF79,00000000,?,?,692230A3,?,?), ref: 69223EFF
                                                                                                                                                                                                                                                                                      • Part of subcall function 692246D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 692246EC
                                                                                                                                                                                                                                                                                      • Part of subcall function 69224470: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,0000007E,?,?,69223F38,?,00000000,?,00000000,?,69223B4D,FFFFFF79,00000000), ref: 69224496
                                                                                                                                                                                                                                                                                      • Part of subcall function 69224470: ReleaseSRWLockExclusive.KERNEL32(?,00000001,?,?,00000000,0000007E,?,?,69223F38,?,00000000,?,00000000,?,69223B4D,FFFFFF79), ref: 692244B7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: @KFi
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-1423103103
                                                                                                                                                                                                                                                                                    • Opcode ID: bc72c1108fd41567f8313f2885090db83d5af4cd32f4801ed28b2166bd131ccd
                                                                                                                                                                                                                                                                                    • Instruction ID: 8c6e7fe2d365c6be53c9e078349f24904b51628fe08f046924560c9f67981075
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc72c1108fd41567f8313f2885090db83d5af4cd32f4801ed28b2166bd131ccd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7521357020134ADBDB218B25E821B7BBBF8FFC1B56F00042EE9CA8B294C335A844C750
                                                                                                                                                                                                                                                                                    Function 692959E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,?,692941F0,00000000,?,692B534C,00000000,692941F0), ref: 692959EE
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,692B534C,00000000,692941F0), ref: 69295A59
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: LS+i
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-3697446117
                                                                                                                                                                                                                                                                                    • Opcode ID: f23866f70b571cb11e5a5ae6eeba61727685b5e2fdaf0ee0307baea28ba8cc86
                                                                                                                                                                                                                                                                                    • Instruction ID: 7f6ed8adb0f71a36e210437697bf33c4a7431c88dc137df4c23132ab513a617c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f23866f70b571cb11e5a5ae6eeba61727685b5e2fdaf0ee0307baea28ba8cc86
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8011CE31311219DBDB00DFAAD880E2A73A9FB8A7A5B048128ED25DB341DB31EC048790
                                                                                                                                                                                                                                                                                    Function 69350DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,69350A2E,?,00000001), ref: 69350E00
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,69350A2E,?,00000001), ref: 69350E1C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: @Bj+
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-4209026274
                                                                                                                                                                                                                                                                                    • Opcode ID: 2a8db3f283954fbbec3b82bc043e2b7b348d81fe5154c77dce1a117bf9bf01ce
                                                                                                                                                                                                                                                                                    • Instruction ID: e9669e7547dd8b07e20ac408f93e30cd90933b08912764baba470f9957acf624
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a8db3f283954fbbec3b82bc043e2b7b348d81fe5154c77dce1a117bf9bf01ce
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2001C4753007045BDF40DF75D884E6A7B99EF8D69C710C469DD5E8B241DB32E824C7A0
                                                                                                                                                                                                                                                                                    Function 6928FC50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6946B90C,00000000,?,?,?,?,?,69291872,?,00000000,00000001,00000000), ref: 6928FC62
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6946B90C,?,?,?,?,?,69291872,?,00000000,00000001,00000000), ref: 6928FC7F
                                                                                                                                                                                                                                                                                      • Part of subcall function 692814E0: AcquireSRWLockExclusive.KERNEL32(6946B9CC,?,693554E2,?,6929A33F,?,?,?,00000003,00000000,?,?,69356704,69464B20,?), ref: 692814E4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: @Bj+
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-4209026274
                                                                                                                                                                                                                                                                                    • Opcode ID: f534bc3c3072dbe00fe9e656f3a1f566e7d2522f913ff8948d59cc75eee0d608
                                                                                                                                                                                                                                                                                    • Instruction ID: 40f8b479c0ed715fedc59379dc32d73041a7dca8139d0101a96f7f02f061aefe
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f534bc3c3072dbe00fe9e656f3a1f566e7d2522f913ff8948d59cc75eee0d608
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E01F7B170950C5B9A04EA594F88DBB3B6CAA832DD300401DFC15A73A2E712AE0DA2E1
                                                                                                                                                                                                                                                                                    Function 6926B010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(FFFFFFFF), ref: 6926B03D
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(FFFFFFFF), ref: 6926B058
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PerformanceQuery$CounterFrequency
                                                                                                                                                                                                                                                                                    • String ID: au'i
                                                                                                                                                                                                                                                                                    • API String ID: 774501991-508530264
                                                                                                                                                                                                                                                                                    • Opcode ID: 07aa290114afa27a9f385a6573a0b85700d6b05256b378e14b2b4b272fab773f
                                                                                                                                                                                                                                                                                    • Instruction ID: af9cbab234ab21f33fb29ce7ff934bdf6ff2e9c6ccbcb40149574a7f97ef5745
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07aa290114afa27a9f385a6573a0b85700d6b05256b378e14b2b4b272fab773f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5112C70408B45DBC711EF78C41545AFBE8BF8A3A1F504B4DF4E9A2291DB30D256CB86
                                                                                                                                                                                                                                                                                    Function 693564F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: Check failed: $WN&i
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-1506174058
                                                                                                                                                                                                                                                                                    • Opcode ID: 2801227c326eba96fd9e1e8f61e5fcc7bb3416a358b7578d322499a42cebf580
                                                                                                                                                                                                                                                                                    • Instruction ID: 166929d94b43ffbb37b45aba015c8a75d4880765a81120e8bb017bc1967e34ee
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2801227c326eba96fd9e1e8f61e5fcc7bb3416a358b7578d322499a42cebf580
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37F0F6FEA003087BE600DA61FC42F5B778CDB85328F008431FA4997251E772AD1043A1
                                                                                                                                                                                                                                                                                    Function 69329B40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 69329B70
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                                    • String ID: Bad variant access$bad_variant_access.cc
                                                                                                                                                                                                                                                                                    • API String ID: 4194217158-4004146108
                                                                                                                                                                                                                                                                                    • Opcode ID: f8a0f03c6e04aa153ec2ea8b6833ce3392948ecb8ee00b8a0837a6208ee0c4bd
                                                                                                                                                                                                                                                                                    • Instruction ID: 4c79a2ce4ce790de9a75d2b555d986b6ceed9701a040c3ebbd62e93c0868a800
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8a0f03c6e04aa153ec2ea8b6833ce3392948ecb8ee00b8a0837a6208ee0c4bd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CE020BA54021C73F601A5956C02F5FB74C9B21258F848031FA08D6342E673A61743D3
                                                                                                                                                                                                                                                                                    Function 69291850 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: /9)i$`%/i
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-1133389834
                                                                                                                                                                                                                                                                                    • Opcode ID: e9e2b9184016c02fd4f819e4af78e368aecca050484082eb629d7377ecb52ea5
                                                                                                                                                                                                                                                                                    • Instruction ID: 8a69ba38abe0015df891e61d43761e848d34738d8223ad667ed4d2bbaa06517d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9e2b9184016c02fd4f819e4af78e368aecca050484082eb629d7377ecb52ea5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57E0927AB012286FDA10AA16AC84DAF375DEFC9669B050060FA099B301D621ED0456F1
                                                                                                                                                                                                                                                                                    Function 692F19A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(69465FE4,?,?,?,6927D29B,6946ACA4), ref: 692F19AC
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(69465FE4,?,6927D29B,6946ACA4), ref: 692F19E6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: _Fi
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-3740424580
                                                                                                                                                                                                                                                                                    • Opcode ID: 67f77ce98f22b119ae566c574d7a612f6207f4624444dc826c27185426fb66df
                                                                                                                                                                                                                                                                                    • Instruction ID: 15680fa21c47d25cddf2337b7d496340ed430e0fb7b9ba47b084759cf623fcc8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67f77ce98f22b119ae566c574d7a612f6207f4624444dc826c27185426fb66df
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8F08CB4140249EFDA10AF58C544E65B7B8EB87375F50032EE9A487392CB305983CAA1
                                                                                                                                                                                                                                                                                    Function 69214FA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 69214FAE
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 69214FBA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.4171771042.0000000069071000.00000020.00000001.01000000.00000009.sdmp, Offset: 69070000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4171607522.0000000069070000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172689020.0000000069462000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172727289.0000000069463000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172748066.0000000069464000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172843320.0000000069476000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.0000000069478000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4172864479.000000006947D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173095974.000000006947E000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173171167.0000000069481000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.4173295168.0000000069482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_69070000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                    • String ID: GetHandleVerifier
                                                                                                                                                                                                                                                                                    • API String ID: 1646373207-1090674830
                                                                                                                                                                                                                                                                                    • Opcode ID: 1e8680326381a28cf287bf1ea129c3e6f799a7f404851daee32770682b32d816
                                                                                                                                                                                                                                                                                    • Instruction ID: 3fbebd76c7047b5b135a8d09885ffa63f3900fce08967651ff95b419241a6dde
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e8680326381a28cf287bf1ea129c3e6f799a7f404851daee32770682b32d816
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6D0123550C34EAFEE006AA58A59F1636DCE701746F510414EA19E7240CE74D4108564

                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                    Execution Coverage:1.5%
                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                                                    Total number of Nodes:301
                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:7
                                                                                                                                                                                                                                                                                    execution_graph 28401 68b13bb0 6 API calls 4 library calls 28403 68b36530 49 API calls 2 library calls 28404 68a34fa0 GetModuleHandleW GetProcAddress 28405 68b367f0 47 API calls 2 library calls 28406 68a43b20 260 API calls 28407 68b2807d 46 API calls ___std_exception_copy 28304 68b31cab GetLastError 28305 68b31cc1 28304->28305 28306 68b31cc7 28304->28306 28332 68b323d4 6 API calls __dosmaperr 28305->28332 28310 68b31ccb ___free_lconv_mon 28306->28310 28323 68b32413 28306->28323 28311 68b31d50 SetLastError 28310->28311 28314 68b31d11 28317 68b32413 __dosmaperr 6 API calls 28314->28317 28315 68b31d00 28316 68b32413 __dosmaperr 6 API calls 28315->28316 28316->28310 28318 68b31d1d 28317->28318 28319 68b31d21 28318->28319 28320 68b31d38 28318->28320 28322 68b32413 __dosmaperr 6 API calls 28319->28322 28333 68b31e9c EnterCriticalSection LeaveCriticalSection __dosmaperr 28320->28333 28322->28310 28334 68b32809 28323->28334 28326 68b31ce3 28326->28310 28328 68a19360 28326->28328 28327 68b3244d TlsSetValue 28329 68a1936f 28328->28329 28330 68a193a0 28329->28330 28342 68a44c50 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 28329->28342 28330->28314 28330->28315 28332->28306 28333->28310 28335 68b32839 28334->28335 28339 68b3242f 28334->28339 28335->28339 28341 68b3273e LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary __dosmaperr 28335->28341 28337 68b3284d 28338 68b32853 GetProcAddress 28337->28338 28337->28339 28338->28339 28340 68b32863 __dosmaperr 28338->28340 28339->28326 28339->28327 28340->28339 28341->28337 28342->28329 28410 68a98070 5 API calls 2 library calls 28343 689fc4c0 28344 689fc5f7 28343->28344 28345 689fc4e7 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 28343->28345 28393 68a355d0 12 API calls 28344->28393 28374 68a35660 28345->28374 28348 689fc51e 28380 68a356d0 28348->28380 28350 689fc5d9 28355 689fc5e1 28350->28355 28394 68aa01a0 GetModuleHandleW GetProcAddress 28350->28394 28353 689fc53f GetLastError 28356 689fc550 28353->28356 28354 689fc55c 28390 68a327b0 213 API calls 28354->28390 28358 68b11fe3 _ValidateLocalCookies 5 API calls 28355->28358 28359 689fc555 SetLastError 28356->28359 28361 689fc5eb 28358->28361 28359->28354 28360 689fc561 GetCurrentThreadId 28391 68a32810 11 API calls _ValidateLocalCookies 28360->28391 28363 689fc5bc 28365 68a35660 6 API calls 28363->28365 28364 689fc572 28364->28363 28395 68a327b0 213 API calls 28364->28395 28367 689fc5c1 28365->28367 28392 68a35740 261 API calls _ValidateLocalCookies 28367->28392 28368 689fc61d GetCurrentThreadId 28396 68a32dc0 129 API calls _ValidateLocalCookies 28368->28396 28371 689fc5c8 GetCurrentThread GetThreadPriority 28371->28350 28372 689fc63e 28371->28372 28397 68a35580 12 API calls 28372->28397 28375 68a35680 28374->28375 28376 68a35687 28374->28376 28375->28348 28398 68b119a1 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 28376->28398 28378 68a35691 28378->28375 28399 68b11a1b AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 28378->28399 28400 689b66f0 GetCurrentThreadId 28380->28400 28382 68a356ed TryAcquireSRWLockExclusive 28383 68a35701 28382->28383 28384 68a356fa 28382->28384 28386 68a35b50 259 API calls 28383->28386 28385 68a446d0 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 28384->28385 28385->28383 28387 68a35718 ReleaseSRWLockExclusive 28386->28387 28388 68b11fe3 _ValidateLocalCookies 5 API calls 28387->28388 28389 689fc52d 28388->28389 28389->28353 28389->28354 28389->28364 28390->28360 28391->28364 28392->28371 28393->28350 28394->28355 28395->28368 28396->28363 28397->28350 28398->28378 28399->28375 28411 68b20952 45 API calls 28412 68b2fed0 41 API calls CallUnexpected 28413 68b36910 46 API calls 2 library calls 28144 68a76c80 28145 68a76cbb ConnectNamedPipe 28144->28145 28146 68a76ca7 GetLastError 28145->28146 28148 68a76cb4 28145->28148 28146->28148 28149 68a76cb6 DisconnectNamedPipe 28148->28149 28150 68a76cf4 28148->28150 28151 68a76ce4 28148->28151 28161 68a76e50 28148->28161 28245 68b73a70 GetLastError 28148->28245 28246 68b73c20 126 API calls 28148->28246 28247 68a87b70 119 API calls 2 library calls 28148->28247 28248 68b73c80 125 API calls 28148->28248 28149->28145 28152 68b11fe3 _ValidateLocalCookies 5 API calls 28150->28152 28151->28150 28154 68a76ceb 28151->28154 28155 68a76d07 28152->28155 28244 68a55900 128 API calls _ValidateLocalCookies 28154->28244 28158 68a76cf1 28158->28150 28249 68a73c50 28161->28249 28164 68a771c2 28167 68a771d6 28164->28167 28174 68a7742c 28164->28174 28165 68a771fd 28168 68a77206 28165->28168 28178 68a7747c 28165->28178 28166 68b11fe3 _ValidateLocalCookies 5 API calls 28169 68a7718b 28166->28169 28256 68a73ca0 131 API calls _ValidateLocalCookies 28167->28256 28257 68a73ca0 131 API calls _ValidateLocalCookies 28168->28257 28169->28148 28171 68a76efc OpenProcess 28176 68a77283 ImpersonateNamedPipeClient 28171->28176 28177 68a76f1a TryAcquireSRWLockExclusive 28171->28177 28179 68a7717e 28174->28179 28275 68a10830 126 API calls 28174->28275 28175 68a77355 28175->28179 28264 68a10830 126 API calls 28175->28264 28183 68a77292 OpenProcess RevertToSelf 28176->28183 28197 68a77302 28176->28197 28182 68a76eab 28177->28182 28178->28179 28278 68a10830 126 API calls 28178->28278 28179->28166 28181 68a77256 28181->28182 28260 68a56270 LoadLibraryW GetProcAddress 28181->28260 28261 68b11a1b AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 28181->28261 28182->28171 28182->28177 28182->28181 28187 68b11939 3 API calls 28182->28187 28210 68a772c5 28182->28210 28219 68a773bb 28182->28219 28258 68aa14e0 AcquireSRWLockExclusive 28182->28258 28259 68b119a1 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 28182->28259 28183->28182 28188 68a774cc 28183->28188 28185 68a77380 28265 68a87b70 119 API calls 2 library calls 28185->28265 28193 68a76f3b CreateEventW CreateEventW CreateEventW 28187->28193 28281 68b76570 127 API calls 28188->28281 28191 68a77457 28276 68a87b70 119 API calls 2 library calls 28191->28276 28254 68a76700 165 API calls 28193->28254 28194 68a774a7 28279 68a87b70 119 API calls 2 library calls 28194->28279 28196 68a77393 28266 6890cc40 119 API calls 28196->28266 28197->28179 28263 68b73a70 GetLastError 28197->28263 28201 68a7746a 28277 6890d300 119 API calls 28201->28277 28205 68a774ba 28280 68a87470 119 API calls 28205->28280 28207 68a774f7 28208 68a773a0 28267 68a87b70 119 API calls 2 library calls 28208->28267 28210->28179 28262 68a10830 126 API calls 28210->28262 28212 68a773b9 28274 68a10cf0 160 API calls ___free_lconv_mon 28212->28274 28216 68a772f0 28272 68a87b70 119 API calls 2 library calls 28216->28272 28217 68a773ad 28268 6890cc40 119 API calls 28217->28268 28219->28179 28269 68a10830 126 API calls 28219->28269 28220 68a77088 ReleaseSRWLockExclusive GetCurrentProcess DuplicateHandle 28228 68a770dd 28220->28228 28225 68a771b8 28225->28164 28225->28165 28226 68a773e6 28270 68a87b70 119 API calls 2 library calls 28226->28270 28237 68a770e6 GetCurrentProcess DuplicateHandle 28228->28237 28231 68b11939 3 API calls 28235 68a77010 28231->28235 28232 68a77413 28273 6890d0c0 119 API calls 28232->28273 28234 68a773f9 28271 6890d0c0 119 API calls 28234->28271 28235->28176 28235->28220 28235->28225 28235->28231 28240 68a77079 28235->28240 28239 68a7711c 28237->28239 28241 68a77125 GetCurrentProcess DuplicateHandle 28239->28241 28240->28220 28242 68a7715e 28241->28242 28255 68a73ca0 131 API calls _ValidateLocalCookies 28242->28255 28244->28158 28246->28148 28247->28148 28282 68a73a90 28249->28282 28252 68b11fe3 _ValidateLocalCookies 5 API calls 28253 68a73c8d 28252->28253 28253->28175 28253->28179 28253->28182 28253->28225 28254->28235 28255->28179 28256->28179 28257->28179 28258->28182 28259->28182 28260->28181 28261->28181 28262->28216 28264->28185 28265->28196 28266->28208 28267->28217 28268->28212 28269->28226 28270->28234 28271->28216 28272->28232 28273->28212 28274->28179 28275->28191 28276->28201 28277->28212 28278->28194 28279->28205 28280->28212 28281->28207 28286 68a73aba 28282->28286 28283 68a73b23 28284 68b11fe3 _ValidateLocalCookies 5 API calls 28283->28284 28285 68a73b2d 28284->28285 28285->28252 28286->28283 28298 68a10830 126 API calls 28286->28298 28288 68a73b75 28299 68a87b70 119 API calls 2 library calls 28288->28299 28290 68a73b88 28300 68a87470 119 API calls 28290->28300 28292 68a73b93 28301 68a87b70 119 API calls 2 library calls 28292->28301 28294 68a73ba0 28302 68a87470 119 API calls 28294->28302 28296 68a73bab 28303 68a10cf0 160 API calls ___free_lconv_mon 28296->28303 28298->28288 28299->28290 28300->28292 28301->28294 28302->28296 28303->28283 28416 68b71d90 213 API calls _ValidateLocalCookies 28000 68a10d50 28047 68ad0890 13 API calls __dosmaperr 28000->28047 28002 68a10d75 28003 68a110a2 28002->28003 28004 68a10da9 28002->28004 28013 68a10dae CatchIt 28002->28013 28031 68a1102a 28002->28031 28109 68b444a0 106 API calls _ValidateLocalCookies 28003->28109 28004->28013 28087 68b11939 28004->28087 28006 68a11035 28017 68a1103f 28006->28017 28113 68b738c0 112 API calls 3 library calls 28006->28113 28008 68a110aa 28110 68b444a0 106 API calls _ValidateLocalCookies 28008->28110 28012 68a111d1 WriteFile 28012->28006 28016 68a10eb7 CatchIt 28013->28016 28013->28031 28097 68a9d390 110 API calls _ValidateLocalCookies 28013->28097 28015 68a110b2 28111 68b444d0 106 API calls _ValidateLocalCookies 28015->28111 28016->28006 28016->28015 28022 68a10f0a 28016->28022 28016->28031 28100 68ad08c0 12 API calls __dosmaperr 28017->28100 28021 68a110ba 28112 68b444a0 106 API calls _ValidateLocalCookies 28021->28112 28022->28021 28027 68a10f1b 28022->28027 28023 68a11058 28101 68b11fe3 28023->28101 28026 68a11062 28029 68b11939 3 API calls 28027->28029 28032 68a10f2d CatchIt 28027->28032 28028 68a110d0 OutputDebugStringA 28046 68a10fb0 28028->28046 28029->28032 28030 68a10e33 28098 6890d780 36 API calls 28030->28098 28031->28006 28048 68b73540 28031->28048 28032->28031 28032->28046 28116 68b73e20 137 API calls _ValidateLocalCookies 28032->28116 28035 68a10e62 28099 6890c660 36 API calls 28035->28099 28040 68a10e69 28040->28008 28040->28016 28040->28031 28041 68a10ea6 28040->28041 28041->28016 28043 68b11939 3 API calls 28041->28043 28043->28016 28046->28006 28046->28028 28046->28031 28108 68b2a2d1 68 API calls ___std_exception_copy 28046->28108 28114 68b73810 109 API calls 2 library calls 28046->28114 28115 68a33b00 RaiseException EnterCriticalSection LeaveCriticalSection 28046->28115 28117 68b119a1 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 28046->28117 28118 68a33ae0 RaiseException EnterCriticalSection LeaveCriticalSection 28046->28118 28119 68b11a1b AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 28046->28119 28047->28002 28049 68b73561 28048->28049 28050 68b73578 28048->28050 28051 68b11fe3 _ValidateLocalCookies 5 API calls 28049->28051 28052 68b73586 28050->28052 28053 68b73618 28050->28053 28054 68a111c9 28051->28054 28055 68b11939 3 API calls 28052->28055 28053->28049 28056 68b7362d CreateFileW 28053->28056 28057 68b7362b 28053->28057 28054->28006 28054->28012 28058 68b7358d CallUnexpected 28055->28058 28056->28049 28059 68b73664 CallUnexpected 28056->28059 28057->28056 28060 68b735a8 GetModuleFileNameW 28058->28060 28062 68b7367a GetCurrentDirectoryW 28059->28062 28120 68a97e10 110 API calls CatchIt 28060->28120 28063 68b736a5 28062->28063 28064 68b73737 28062->28064 28128 689f5040 106 API calls 28063->28128 28064->28049 28066 68b73604 28122 68a9eb90 28066->28122 28067 68b736b1 28069 68b73756 28067->28069 28070 68b736cb 28067->28070 28129 68b73dd0 126 API calls 28069->28129 28075 68b736e1 28070->28075 28078 68a9eb90 106 API calls 28070->28078 28073 68b73781 28130 68b45100 119 API calls _strlen 28073->28130 28074 68b735cc 28074->28066 28121 68a98fe0 106 API calls 28074->28121 28079 68a9eb90 106 API calls 28075->28079 28078->28075 28081 68b736f3 CreateFileW 28079->28081 28080 68b73795 28131 68b45100 119 API calls _strlen 28080->28131 28081->28049 28081->28064 28084 68b7379f 28132 68b73a60 160 API calls 28084->28132 28090 68b1193e 28087->28090 28089 68b11958 28089->28013 28090->28089 28092 68b1195a 28090->28092 28135 68a192a0 28090->28135 28139 68b20ab9 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 28090->28139 28093 68b121dc 28092->28093 28140 68b1331c RaiseException 28092->28140 28141 68b1331c RaiseException 28093->28141 28096 68b121f9 28096->28013 28097->28030 28098->28035 28099->28040 28100->28023 28102 68b11feb 28101->28102 28103 68b11fec IsProcessorFeaturePresent 28101->28103 28102->28026 28105 68b12653 28103->28105 28143 68b12738 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 28105->28143 28107 68b12736 28107->28026 28108->28046 28109->28008 28110->28015 28111->28021 28112->28046 28113->28017 28114->28046 28115->28046 28116->28046 28117->28046 28118->28046 28119->28046 28120->28074 28121->28066 28124 68a9ebb3 CatchIt 28122->28124 28126 68b11939 3 API calls 28124->28126 28127 68a9ec2e 28124->28127 28133 68b444c0 106 API calls _ValidateLocalCookies 28124->28133 28134 68b444a0 106 API calls _ValidateLocalCookies 28124->28134 28126->28124 28127->28053 28128->28067 28129->28073 28130->28080 28131->28084 28133->28124 28134->28124 28136 68a192af 28135->28136 28137 68a192dc 28136->28137 28142 68a44c50 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 28136->28142 28137->28090 28139->28090 28140->28093 28141->28096 28142->28136 28143->28107 28419 68a15e10 106 API calls 2 library calls 28420 68b21443 26 API calls ___std_exception_copy 28423 68b35c40 46 API calls 3 library calls 28424 68a706d0 47 API calls ___from_strstr_to_strchr

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 68A76E50 Relevance: 47.7, APIs: 15, Strings: 12, Instructions: 483pipeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 0 68a76e50-68a76e86 call 68a73c50 2 68a76e8b-68a76e90 0->2 3 68a76e96-68a76e9b 2->3 4 68a77229-68a7722b 2->4 6 68a76ea1-68a76ea5 3->6 7 68a771bd-68a771c0 3->7 5 68a77181-68a77194 call 68b11fe3 4->5 11 68a77355-68a77361 call 68ab5e50 6->11 12 68a76eab-68a76ec6 6->12 8 68a771c2-68a771d0 7->8 9 68a771fd-68a77200 7->9 13 68a771d6-68a771fb call 68a73ca0 8->13 14 68a7742c-68a77438 call 68ab5e50 8->14 15 68a77206-68a77226 call 68a73ca0 9->15 16 68a7747c-68a77488 call 68ab5e50 9->16 11->4 29 68a77367-68a773b9 call 68a10830 call 68a87b70 call 6890cc40 call 68a87b70 call 6890cc40 11->29 19 68a7723c-68a77250 call 68b119a1 12->19 20 68a76ecc-68a76ed4 12->20 13->5 14->4 45 68a7743e-68a7747a call 68a10830 call 68a87b70 call 6890d300 14->45 15->4 16->4 44 68a7748e-68a774c7 call 68a10830 call 68a87b70 call 68a87470 16->44 19->20 38 68a77256-68a7727c call 68a56270 call 68b11a1b 19->38 22 68a76ed6-68a76eee 20->22 23 68a76efc-68a76f14 OpenProcess 20->23 22->23 70 68a76ef0-68a76ef6 22->70 32 68a77283-68a77290 ImpersonateNamedPipeClient 23->32 33 68a76f1a-68a76f28 TryAcquireSRWLockExclusive 23->33 101 68a77420-68a77427 call 68a10cf0 29->101 42 68a77302-68a7730e call 68ab5e50 32->42 43 68a77292-68a772b0 OpenProcess RevertToSelf 32->43 40 68a77230-68a77237 call 68aa14e0 33->40 41 68a76f2e-68a77024 call 68b11939 CreateEventW * 3 call 68a76700 33->41 38->20 40->19 88 68a7719e-68a771a5 41->88 89 68a7702a 41->89 42->4 68 68a77314-68a77350 call 68b73a70 call 68b73c20 call 68a87b70 call 68b73c80 42->68 51 68a772b6-68a772bf 43->51 52 68a774cc-68a774fc call 68ab6510 call 68b76570 call 68b76610 43->52 44->101 45->101 51->33 62 68a772c5-68a772d1 call 68ab5e50 51->62 102 68a77501 52->102 62->4 90 68a772d7-68a772fd call 68a10830 62->90 68->4 70->23 79 68a773bb-68a773c7 call 68ab5e50 70->79 79->4 105 68a773cd-68a77408 call 68a10830 call 68a87b70 call 6890d0c0 79->105 106 68a771ac-68a771b2 88->106 97 68a7702c-68a77033 89->97 110 68a7740d-68a7741b call 68a87b70 call 6890d0c0 90->110 97->106 107 68a77039 97->107 101->4 102->102 105->110 106->97 115 68a771b8 106->115 108 68a7703b-68a77040 107->108 109 68a77088-68a770db ReleaseSRWLockExclusive GetCurrentProcess DuplicateHandle 107->109 108->97 117 68a77042-68a77052 call 68b11939 108->117 119 68a770e0-68a7711a call 689c3700 GetCurrentProcess DuplicateHandle 109->119 120 68a770dd 109->120 110->101 115->7 135 68a77281 117->135 136 68a77058-68a77073 117->136 137 68a7711f-68a7715c call 689c3700 GetCurrentProcess DuplicateHandle 119->137 138 68a7711c 119->138 120->119 135->32 140 68a77195-68a77197 136->140 141 68a77079-68a77085 call 68a87f50 136->141 145 68a77161-68a7717e call 689c3700 call 68a73ca0 137->145 146 68a7715e 137->146 138->137 140->88 141->109 145->5 146->145
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 68A76F06
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(3274010C), ref: 68A76F1E
                                                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32 ref: 68A76F71
                                                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32 ref: 68A76F91
                                                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32 ref: 68A76FAC
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 68A7708E
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 68A770BA
                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,?,?,00100002,00000000,00000000), ref: 68A770D3
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 68A770FB
                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,?,?,00100002,00000000,00000000), ref: 68A77112
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 68A7713A
                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,?,?,00100002,00000000,00000000), ref: 68A77151
                                                                                                                                                                                                                                                                                    • ImpersonateNamedPipeClient.ADVAPI32(C72674FF), ref: 68A77288
                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 68A7729C
                                                                                                                                                                                                                                                                                    • RevertToSelf.ADVAPI32 ref: 68A772A8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CreateCurrentDuplicateEventHandle$ExclusiveLockOpen$AcquireClientImpersonateNamedPipeReleaseRevertSelf
                                                                                                                                                                                                                                                                                    • String ID: expecting: $, got: $..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$::GetNamedPipeClientProcessId$ImpersonateNamedPipeClient$ServiceClientConnection$failed to open $forged client pid, real pid: $forged shutdown request, got: $kernel32.dll$unexpected version. got: $unhandled message type:
                                                                                                                                                                                                                                                                                    • API String ID: 3541829300-657331300
                                                                                                                                                                                                                                                                                    • Opcode ID: 7807fa21af9f38050efd38b953d46e25888749a66a6899c0605d1663163542f4
                                                                                                                                                                                                                                                                                    • Instruction ID: e06f628edde310ca0216aad78cdb9bc4f01a3f7ed19c7bfd6c39c0fe5c29f964
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7807fa21af9f38050efd38b953d46e25888749a66a6899c0605d1663163542f4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE02C1B8E002149FDB20DF64CD85BAE77B5EF45304F9441A9ED19BB281EB3199C4CBA1
                                                                                                                                                                                                                                                                                    Function 68A35EB0 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 410COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 262 68a35eb0-68a35eda 263 68a35ee0-68a35ef0 262->263 264 68a36437-68a36438 262->264 266 68a35ef2-68a35ef5 263->266 267 68a35ef8-68a35f2b 263->267 265 68a3643a-68a3643e 264->265 268 68a36444-68a3644a ReleaseSRWLockExclusive 265->268 266->267 269 68a35f43-68a35f4c 267->269 270 68a35f2d-68a35f41 267->270 275 68a36451 268->275 271 68a35f52-68a35f68 269->271 272 68a3609a-68a360b2 TryAcquireSRWLockExclusive 269->272 270->269 273 68a35f6a call 68b12184 271->273 274 68a35f6f-68a35f87 271->274 276 68a360b4-68a360b6 call 68a446d0 272->276 277 68a360bb-68a360c5 272->277 273->274 281 68a36064-68a36070 call 68a436a0 274->281 282 68a35f8d-68a35f90 274->282 276->277 278 68a36346-68a36364 call 68a5b3b0 277->278 279 68a360cb-68a360d8 277->279 294 68a36369-68a3636f 278->294 284 68a36093-68a36095 279->284 285 68a360da-68a360eb 279->285 286 68a35f96-68a35fac 281->286 299 68a36076 281->299 282->272 282->286 295 68a3611c-68a36165 ReleaseSRWLockExclusive 284->295 289 68a360f1-68a360fd 285->289 290 68a36384-68a363d7 call 68a35ad0 call 6890c650 call 68a35ad0 call 6890c650 call 68a5ada0 285->290 291 68a36192-68a3619e 286->291 292 68a35fb2-68a35fb8 286->292 289->290 296 68a36103-68a3610f 289->296 322 68a363dc-68a36432 call 68a35ad0 call 6890c650 call 68a35ad0 call 6890c650 call 68a5ada0 290->322 301 68a361a2-68a361bb TryAcquireSRWLockExclusive 291->301 297 68a35fbe-68a35fc2 292->297 298 68a3616c-68a3618a call 68a43f90 292->298 294->265 300 68a36375-68a3637b 294->300 295->298 296->290 303 68a36115-68a36118 296->303 304 68a35fc6-68a35fda call 68a43ab0 297->304 298->304 320 68a36190 298->320 299->272 300->290 306 68a361c4-68a361d6 301->306 307 68a361bd-68a361bf call 68a446d0 301->307 303->295 326 68a36060-68a36062 304->326 327 68a35fe0-68a35fee 304->327 309 68a362f6-68a3631c call 68a5b3b0 306->309 310 68a361dc-68a361f5 306->310 307->306 330 68a36322-68a3632c 309->330 331 68a36440 309->331 315 68a36297-68a3629d 310->315 316 68a361fb-68a3620d 310->316 325 68a3623a-68a36253 315->325 321 68a36213-68a3621f 316->321 316->322 320->301 321->322 328 68a36225-68a36231 321->328 322->264 332 68a36257-68a3628e ReleaseSRWLockExclusive 325->332 333 68a36009-68a36033 326->333 335 68a35ff4-68a35ffc 327->335 336 68a3629f-68a362f1 call 68a35ad0 call 6890c650 call 68a35ad0 call 6890c650 call 68a5ada0 327->336 328->322 337 68a36237 328->337 330->275 339 68a36332-68a36341 330->339 331->268 332->315 343 68a36035-68a3603b 333->343 344 68a36049-68a3605d call 68b11fe3 333->344 335->336 342 68a36002-68a36005 335->342 336->309 337->325 339->332 342->333 345 68a36078-68a36091 343->345 346 68a3603d-68a36040 343->346 351 68a36043 345->351 346->351 351->344
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 68A360AA
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000040), ref: 68A3615F
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A43F90: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 68A43FD7
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A43F90: ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 68A4410B
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 68A361B3
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,?,00000000), ref: 68A36288
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 68A36444
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID: first$second
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-3095674784
                                                                                                                                                                                                                                                                                    • Opcode ID: 08c6e501cc501c04a771993d6a98aa0c340cea8335c0bd717941ce5cfaad9f46
                                                                                                                                                                                                                                                                                    • Instruction ID: 9b7f6b804c2e4be7f29796a2fab65fbdcb83f34e35e1ff8a42e166cbbba25734
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08c6e501cc501c04a771993d6a98aa0c340cea8335c0bd717941ce5cfaad9f46
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AF1F075A043219FC704CF28C894B2AB7E1FF89718F58866CED999B391D731E885DB81
                                                                                                                                                                                                                                                                                    Function 68A5ADE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 492 68a5ade0-68a5adf0 493 68a5ae65-68a5ae6b 492->493 494 68a5adf2-68a5adf8 492->494 495 68a5ae83-68a5b0f6 493->495 496 68a5ae6d-68a5ae73 493->496 497 68a5ae46-68a5ae4c 494->497 498 68a5adfa-68a5ae08 494->498 502 68a5b0f9-68a5b102 495->502 500 68a5b1cf-68a5b243 call 68b34540 call 68a44740 call 68a5ade0 496->500 501 68a5ae79-68a5ae7e 496->501 499 68a5ae4f-68a5ae5f 497->499 498->499 503 68a5ae0a-68a5ae1a 498->503 499->493 499->502 515 68a5b245-68a5b256 500->515 516 68a5b283-68a5b288 500->516 501->502 503->499 504 68a5ae1c-68a5ae2f 503->504 504->499 506 68a5ae31-68a5ae3f 504->506 506->499 508 68a5ae41-68a5b1ca 506->508 508->499 517 68a5b278 515->517 518 68a5b258-68a5b26e 515->518 519 68a5b2a7-68a5b2aa 516->519 520 68a5b28a-68a5b2a2 516->520 522 68a5b27a-68a5b280 517->522 518->517 521 68a5b270-68a5b276 518->521 520->522 523 68a5b2a4-68a5b2a5 520->523 521->522 523->519
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: first$second$slotsize$spansize
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-267899740
                                                                                                                                                                                                                                                                                    • Opcode ID: bb40da9a4bcc412dd4bae2192e1adaaffb5c0a4f76b567eb780f66aa04d2204b
                                                                                                                                                                                                                                                                                    • Instruction ID: a0c5e9725f2d9e4ff427ca1aaedc989a1e1835d07b420810c0edc9861df3cdd9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb40da9a4bcc412dd4bae2192e1adaaffb5c0a4f76b567eb780f66aa04d2204b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4C1E771B00A144FEB0ACD3E8845359B2E7AFE9780F14C737E81AF3245DB749CA64A56
                                                                                                                                                                                                                                                                                    Function 68A42E10 Relevance: 4.8, APIs: 3, Instructions: 258COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32 ref: 68A42E2F
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32 ref: 68A42E48
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?), ref: 68A430C5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c5ea3c99aca16627672f0373c1ed2902845cb98cfce3c23b0447ea666faf4f8c
                                                                                                                                                                                                                                                                                    • Instruction ID: 3c90e9656a49c0c81becf4b4cfcda90bbe63b573f5917e6effaee210c0769b11
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5ea3c99aca16627672f0373c1ed2902845cb98cfce3c23b0447ea666faf4f8c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6B1E670908B859AD701CF34C5443DAFFE0BF96308F54875DE8D94A282EBB5A2D9C781
                                                                                                                                                                                                                                                                                    Function 68A35B50 Relevance: 3.3, APIs: 2, Instructions: 292COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 806 68a35b50-68a35b69 807 68a35c35-68a35c3c 806->807 808 68a35b6f-68a35ba8 806->808 809 68a35c48-68a35c5e call 68a5aca0 call 68a35eb0 807->809 810 68a35baa-68a35bb1 808->810 811 68a35bbf-68a35bc2 808->811 822 68a35c63-68a35c68 809->822 812 68a35bc5-68a35bcf 810->812 814 68a35bb3-68a35bbd 810->814 811->812 815 68a35bd1-68a35bd5 812->815 816 68a35c45 812->816 814->812 815->816 818 68a35bd7-68a35bda 815->818 816->809 820 68a35c0a-68a35c0d 818->820 821 68a35bdc-68a35be2 818->821 826 68a35c1b-68a35c20 820->826 823 68a35bfb-68a35c00 821->823 824 68a35ea1-68a35ea3 822->824 825 68a35c6e-68a35cab 822->825 827 68a35c02-68a35c06 823->827 828 68a35bf0-68a35bf3 823->828 829 68a35d28-68a35d66 call 68b41ee0 825->829 830 68a35cad-68a35cc7 825->830 831 68a35c22-68a35c24 826->831 832 68a35c10-68a35c13 826->832 833 68a35bf5-68a35bf9 827->833 835 68a35c08 827->835 828->833 834 68a35c3e-68a35c40 828->834 845 68a35d72-68a35d84 829->845 846 68a35d68-68a35d6f 829->846 830->829 837 68a35cc9 830->837 839 68a35c26-68a35c2c 831->839 840 68a35c2f-68a35c31 831->840 832->834 838 68a35c15-68a35c19 832->838 833->809 833->823 842 68a35ce0-68a35cef 834->842 835->809 844 68a35ccc-68a35cd3 837->844 838->809 838->826 839->840 840->838 841 68a35c33 840->841 841->809 847 68a35cf2-68a35d04 844->847 848 68a35cd5-68a35cd7 844->848 851 68a35d86-68a35d8b 845->851 852 68a35d9a-68a35d9f 845->852 846->845 849 68a35d06-68a35d0e 847->849 850 68a35cdb-68a35cde 847->850 853 68a35cd9 848->853 856 68a35d10 849->856 857 68a35d19-68a35d1b 849->857 850->842 858 68a35d98 851->858 859 68a35d8d-68a35d95 call 68a99040 851->859 854 68a35da1-68a35dac call 68a36460 852->854 855 68a35ddb 852->855 853->850 863 68a35daf-68a35db7 854->863 855->863 864 68a35ddd-68a35e2d call 68b41ee0 855->864 861 68a35d12-68a35d17 856->861 857->861 862 68a35d1d-68a35d26 857->862 858->852 859->858 861->853 862->861 868 68a35dc1-68a35dc6 863->868 869 68a35db9-68a35dbc 863->869 874 68a35e84-68a35e87 call 68a99040 864->874 875 68a35e2f-68a35e68 864->875 871 68a35dc8-68a35dca 868->871 872 68a35dcf-68a35dd3 868->872 869->844 871->844 872->855 878 68a35e8c-68a35e96 874->878 875->874 876 68a35e6a-68a35e82 875->876 876->878 878->854 879 68a35e9c 878->879 879->863
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4168288129-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 654b1252b924b666af7249edec68a06c45a67ae7d50b560c06c10f485811fdfa
                                                                                                                                                                                                                                                                                    • Instruction ID: 4e66561008a5e65a8c93075bbf5feb086edae2fd45159acb3f3e61986fdd5855
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 654b1252b924b666af7249edec68a06c45a67ae7d50b560c06c10f485811fdfa
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6A1E831B1463A8FC705CE6DC48176EB3B2AF957547A8C629DD26EB244E731E8C18B81
                                                                                                                                                                                                                                                                                    Function 68A5C950 Relevance: 37.7, APIs: 30, Instructions: 178sleepmemoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 152 68a5c950-68a5c98a VirtualAlloc 153 68a5c9c5-68a5c9cc 152->153 154 68a5c98c-68a5c9a0 GetLastError 152->154 155 68a5c9a2-68a5c9a7 154->155 156 68a5c9ad-68a5c9c3 Sleep VirtualAlloc 154->156 155->156 157 68a5c9a9-68a5c9ab 155->157 156->153 158 68a5c9cd-68a5c9dc GetLastError 156->158 157->153 159 68a5c9e5-68a5c9fb Sleep VirtualAlloc 158->159 160 68a5c9de-68a5c9e3 158->160 159->153 161 68a5c9fd-68a5ca0c GetLastError 159->161 160->157 160->159 162 68a5ca15-68a5ca2b Sleep VirtualAlloc 161->162 163 68a5ca0e-68a5ca13 161->163 162->153 164 68a5ca2d-68a5ca3c GetLastError 162->164 163->157 163->162 165 68a5ca3e-68a5ca43 164->165 166 68a5ca49-68a5ca5f Sleep VirtualAlloc 164->166 165->157 165->166 166->153 167 68a5ca65-68a5ca74 GetLastError 166->167 168 68a5ca76-68a5ca7b 167->168 169 68a5ca81-68a5ca97 Sleep VirtualAlloc 167->169 168->157 168->169 169->153 170 68a5ca9d-68a5caac GetLastError 169->170 171 68a5caae-68a5cab3 170->171 172 68a5cab9-68a5cacf Sleep VirtualAlloc 170->172 171->157 171->172 172->153 173 68a5cad5-68a5cae4 GetLastError 172->173 174 68a5cae6-68a5caeb 173->174 175 68a5caf1-68a5cb07 Sleep VirtualAlloc 173->175 174->157 174->175 175->153 176 68a5cb0d-68a5cb1c GetLastError 175->176 177 68a5cb1e-68a5cb23 176->177 178 68a5cb29-68a5cb3f Sleep VirtualAlloc 176->178 177->157 177->178 178->153 179 68a5cb45-68a5cb54 GetLastError 178->179 180 68a5cb56-68a5cb5b 179->180 181 68a5cb61-68a5cb77 Sleep VirtualAlloc 179->181 180->157 180->181 181->153 182 68a5cb7d-68a5cb8c GetLastError 181->182 183 68a5cb8e-68a5cb93 182->183 184 68a5cb99-68a5cba1 Sleep 182->184 183->157 183->184
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,00002000,00000000,00000000,00000000,?,68A5CECE,00000000,00000000,00002000,00000001,?), ref: 68A5C977
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5C991
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5C9AF
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5C9BB
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5C9CD
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5C9E7
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5C9F3
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5C9FD
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5CA17
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5CA23
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5CA2D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5CA4B
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5CA57
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5CA65
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5CA83
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5CA8F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5CA9D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5CABB
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5CAC7
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5CAD5
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5CAF3
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5CAFF
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5CB0D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5CB2B
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5CB37
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5CB45
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5CB63
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69), ref: 68A5CB6F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000,?,?,?), ref: 68A5CB7D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,68A5CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,68A5CCA8,68A5CE69,00000000), ref: 68A5CB9B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocErrorLastSleepVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2288223010-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d4a8c9f57838a8bfd13c40a9da06b287fb5f68caf0a0a7788c2ed5682bee83b8
                                                                                                                                                                                                                                                                                    • Instruction ID: 77df7d068ca811ba1edc0b484f3dcd8e68c9152bed6fe2f549d1e46c87a342bf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4a8c9f57838a8bfd13c40a9da06b287fb5f68caf0a0a7788c2ed5682bee83b8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C516A3220691AEFEF111E65CC4DB6F3B3EFB46755F944418FA1585051CB708AE1CAA3
                                                                                                                                                                                                                                                                                    Function 689FC4C0 Relevance: 15.1, APIs: 10, Instructions: 133threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 689FC4F6
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 689FC4FA
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 689FC502
                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNELBASE(00000000,00000000,00000000,00000002,00000000,00000000,00000002), ref: 689FC511
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A356D0: TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,?,689FC52D,00000000), ref: 68A356F0
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A356D0: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,689FC52D,00000000), ref: 68A35719
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 689FC53F
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 689FC556
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 689FC563
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 689FC5C8
                                                                                                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 689FC5CF
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 689FC61F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Current$Thread$ErrorExclusiveLastLockProcess$AcquireDuplicateHandlePriorityRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 25613288-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6d81b019774911209e4c5652c169cd18671244319055697e1fc1c9a663587c64
                                                                                                                                                                                                                                                                                    • Instruction ID: 225f736674c25848ccc7108b1140724f75942ca328f8201cb32a4df27fce388b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d81b019774911209e4c5652c169cd18671244319055697e1fc1c9a663587c64
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E41A479A052358BCB049FB48948A7F7779AF8632CB944538E916D7340EB34E94287E1
                                                                                                                                                                                                                                                                                    Function 68A84D90 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,68A7FF47,?,00000008), ref: 68A84DA4
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 68A84DB4
                                                                                                                                                                                                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,?,7FFFFFFF,00000000), ref: 68A84E13
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • CreateSemaphore, xrefs: 68A84E5C
                                                                                                                                                                                                                                                                                    • Semaphore, xrefs: 68A84E3F
                                                                                                                                                                                                                                                                                    • ..\..\third_party\crashpad\crashpad\util\synchronization\semaphore_win.cc, xrefs: 68A84E3A
                                                                                                                                                                                                                                                                                    • ProcessPrng, xrefs: 68A84DAE
                                                                                                                                                                                                                                                                                    • bcryptprimitives.dll, xrefs: 68A84D9F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressCreateLibraryLoadProcSemaphore
                                                                                                                                                                                                                                                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\synchronization\semaphore_win.cc$CreateSemaphore$ProcessPrng$Semaphore$bcryptprimitives.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4071630139-491546645
                                                                                                                                                                                                                                                                                    • Opcode ID: 6fdc60aad51a2691ee40c4e5355bafbf05e262a87ae3c27cfbce206a2e250309
                                                                                                                                                                                                                                                                                    • Instruction ID: ed750659169d951537831b43799f8bda38fdc801ae7f509bf328ea8fef4418e1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fdc60aad51a2691ee40c4e5355bafbf05e262a87ae3c27cfbce206a2e250309
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE21F3757412096B9F28AE699C18A7F7B7DDB96254B80042AFD15A7380FF30D8008BB0
                                                                                                                                                                                                                                                                                    Function 68A5CBB0 Relevance: 10.2, APIs: 8, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 367 68a5cbb0-68a5cbc5 VirtualFree 368 68a5cbc7-68a5cbd2 367->368 369 68a5cbd3-68a5cbea 367->369 370 68a5cc60-68a5cc61 369->370 371 68a5cbec-68a5cbf2 369->371 392 68a5cc63-68a5cc64 370->392 372 68a5cec5-68a5cec9 call 68a5c950 371->372 373 68a5cc07 371->373 374 68a5cc00-68a5cc05 371->374 375 68a5cd80-68a5cd85 371->375 376 68a5cf80-68a5cf8a 371->376 377 68a5cc23-68a5cc32 VirtualFree 371->377 378 68a5cea3-68a5cead 371->378 379 68a5cc0c-68a5cc14 call 68a5c950 371->379 380 68a5cf8c-68a5cf91 371->380 381 68a5ceaf-68a5ceb9 371->381 382 68a5cd6e-68a5cd78 371->382 383 68a5cd8a-68a5cd9a call 68a5c950 371->383 384 68a5cf74-68a5cf7e 371->384 385 68a5ce97-68a5cea1 371->385 386 68a5ce16-68a5ce20 371->386 387 68a5cf96-68a5cfa6 call 68a5c950 371->387 388 68a5ce30-68a5ce3a 371->388 389 68a5cfbd-68a5cfc7 371->389 390 68a5cbf9-68a5cbfe 371->390 391 68a5cebb-68a5cec0 371->391 404 68a5cece-68a5ced3 372->404 373->379 374->379 375->383 376->387 395 68a5cc34-68a5cc3c GetLastError 377->395 396 68a5cc20-68a5cc22 377->396 378->372 402 68a5cc19-68a5cc1e 379->402 380->387 381->372 382->383 412 68a5cd62-68a5cd6c 383->412 413 68a5cd9c-68a5cdbc GetLastError call 68a5ce70 383->413 384->387 385->372 386->383 410 68a5ced7 387->410 411 68a5cfac-68a5cfb8 GetLastError 387->411 388->383 389->387 399 68a5d038-68a5d03d 389->399 390->379 391->372 398 68a5cc66-68a5cc69 392->398 395->396 405 68a5cc3e 395->405 398->382 406 68a5d05a-68a5d062 call 68a5c950 399->406 402->396 407 68a5cc40-68a5cc4b GetLastError 402->407 408 68a5cee5-68a5cef5 GetLastError 404->408 409 68a5ced5 404->409 405->398 421 68a5d067 406->421 419 68a5cc4d-68a5cc52 407->419 420 68a5cc5a-68a5cc5b call 68a35560 407->420 416 68a5cede-68a5cee4 408->416 417 68a5cef7-68a5cf04 TryAcquireSRWLockExclusive 408->417 409->410 410->416 411->416 412->382 415 68a5cd5a-68a5cd61 412->415 437 68a5cdbe-68a5cdde 413->437 438 68a5cd58 413->438 425 68a5cf06-68a5cf0b call 68a446d0 417->425 426 68a5cf10-68a5cf17 417->426 419->420 423 68a5cc54-68a5cc56 419->423 420->370 422 68a5d06a-68a5d070 421->422 423->396 432 68a5cc58 423->432 425->426 429 68a5cf50-68a5cf61 ReleaseSRWLockExclusive 426->429 430 68a5cf19-68a5cf2f VirtualFree 426->430 435 68a5cf63-68a5cf6d 429->435 436 68a5cfcc-68a5cfcd 429->436 433 68a5cf35-68a5cf46 430->433 434 68a5cfcf-68a5cfd2 430->434 432->392 433->429 434->399 435->376 435->380 435->384 435->387 435->389 435->399 435->406 439 68a5d055 435->439 440 68a5d03f-68a5d04c VirtualFree 435->440 441 68a5d04e-68a5d053 435->441 436->434 437->415 442 68a5cde4-68a5cdf4 VirtualFree 437->442 438->415 439->406 440->422 441->406 443 68a5cdf6-68a5ce03 442->443 444 68a5ce3f-68a5ce40 442->444 445 68a5ce42-68a5ce64 call 68a5cc70 443->445 446 68a5ce05-68a5ce0f 443->446 444->445 451 68a5ce69-68a5ce6d 445->451 446->372 446->375 446->376 446->378 446->380 446->381 446->382 446->383 446->384 446->385 446->386 446->387 446->388 446->389 446->391 446->399 446->406 446->439 446->440 446->441 451->385
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,68A5AA7E,00000000,?,?,68A5C16E,00000002,00000000,?,?,?,?,00000000), ref: 68A5CBBD
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0bb2704096904fc2b64ae249e6f29d5d94138caaefa8d50dad8347b7e885a363
                                                                                                                                                                                                                                                                                    • Instruction ID: 0f19be611612b6f420323a4433b25760108137881ed7e22535ba556231324f51
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bb2704096904fc2b64ae249e6f29d5d94138caaefa8d50dad8347b7e885a363
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B51D471741115ABFB180928CD2873B3669DB82701F844439FF1ADB2C9EA39DDE18797
                                                                                                                                                                                                                                                                                    Function 68A5CE70 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 452 68a5ce70-68a5ce7e 453 68a5ce84-68a5ce90 452->453 454 68a5cfc9-68a5cfca 452->454 456 68a5cec5-68a5cec9 call 68a5c950 453->456 457 68a5cf80-68a5cf8a 453->457 458 68a5cea3-68a5cead 453->458 459 68a5cf8c-68a5cf91 453->459 460 68a5ceaf-68a5ceb9 453->460 461 68a5d04e-68a5d053 453->461 462 68a5d055 453->462 463 68a5cf74-68a5cf7e 453->463 464 68a5ce97-68a5cea1 453->464 465 68a5cf96-68a5cfa6 call 68a5c950 453->465 466 68a5cfbd-68a5cfc7 453->466 467 68a5d03f-68a5d04c VirtualFree 453->467 468 68a5d038-68a5d03d 453->468 469 68a5cebb-68a5cec0 453->469 470 68a5d05a-68a5d062 call 68a5c950 453->470 455 68a5cfcc-68a5cfcd 454->455 471 68a5cfcf-68a5cfd2 455->471 477 68a5cece-68a5ced3 456->477 457->465 458->456 459->465 460->456 461->470 462->470 463->465 464->456 481 68a5ced7 465->481 482 68a5cfac-68a5cfb8 GetLastError 465->482 466->465 466->468 474 68a5d06a-68a5d070 467->474 468->470 469->456 478 68a5d067 470->478 471->468 479 68a5cee5-68a5cef5 GetLastError 477->479 480 68a5ced5 477->480 478->474 483 68a5cede-68a5cee4 479->483 484 68a5cef7-68a5cf04 TryAcquireSRWLockExclusive 479->484 480->481 481->483 482->483 485 68a5cf06-68a5cf0b call 68a446d0 484->485 486 68a5cf10-68a5cf17 484->486 485->486 488 68a5cf50-68a5cf61 ReleaseSRWLockExclusive 486->488 489 68a5cf19-68a5cf2f VirtualFree 486->489 488->455 491 68a5cf63-68a5cf6d 488->491 489->471 490 68a5cf35-68a5cf46 489->490 490->488 491->457 491->459 491->461 491->462 491->463 491->465 491->466 491->467 491->468 491->470
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,68A5B834,?,?), ref: 68A5CEE5
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68C9C2D8,?,?,?,?,?,?,00000000,?,68A5B834,?,?), ref: 68A5CEFC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,?,?,00000000,?,68A5B834,?,?), ref: 68A5CF27
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68C9C2D8,?,?,?,?,?,?,00000000,?,68A5B834,?,?), ref: 68A5CF55
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 68A5CFAC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00003000,00000040,00004000), ref: 68A5D046
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorExclusiveFreeLastLockVirtual$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1130761037-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2b7146fb52550bb4323aee05285282c0715675c2c756940bfca2e3851a9dbdde
                                                                                                                                                                                                                                                                                    • Instruction ID: efaf4e5baf105f0b7967358336b02d8ec9282b4840c6b69da55d7e813169a950
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b7146fb52550bb4323aee05285282c0715675c2c756940bfca2e3851a9dbdde
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A31D8713852019BFB044E68C92872F3629E782705F404479FF15DB3C9EA79DDD187A2
                                                                                                                                                                                                                                                                                    Function 68A76C80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76pipeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 68A76CA7
                                                                                                                                                                                                                                                                                    • DisconnectNamedPipe.KERNEL32(?), ref: 68A76CB9
                                                                                                                                                                                                                                                                                    • ConnectNamedPipe.KERNEL32(?,00000000), ref: 68A76CC0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ConnectNamedPipe, xrefs: 68A76D46
                                                                                                                                                                                                                                                                                    • ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 68A76D3A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: NamedPipe$ConnectDisconnectErrorLast
                                                                                                                                                                                                                                                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$ConnectNamedPipe
                                                                                                                                                                                                                                                                                    • API String ID: 30367271-692259547
                                                                                                                                                                                                                                                                                    • Opcode ID: 58dc902b0dc7be66f2db249e3e2bc56725dceb67bcefce751a7f14bf01c2cbfc
                                                                                                                                                                                                                                                                                    • Instruction ID: 47066e0fe24ae45d7529d836237997230cabc44870b8724cce714b70c58af87f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58dc902b0dc7be66f2db249e3e2bc56725dceb67bcefce751a7f14bf01c2cbfc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E02138BD500214ABEB20DB65DE45FBE7329EF05708FC44034EF3866281EB62E5D4D6A2
                                                                                                                                                                                                                                                                                    Function 68A5CC70 Relevance: 7.7, APIs: 6, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 557 68a5cc70-68a5cc86 558 68a5cc88-68a5cc8a call 68a793a0 557->558 559 68a5cc9b-68a5ccad call 68a5ce70 557->559 562 68a5cc8f-68a5cc98 558->562 564 68a5ccb3-68a5ccba 559->564 565 68a5cd4f-68a5cd56 559->565 562->559 566 68a5ccc0-68a5ccd4 VirtualFree 564->566 567 68a5cd5a-68a5cd61 564->567 568 68a5cce6-68a5cd02 call 68a5ce70 565->568 569 68a5cd58 565->569 570 68a5ce45-68a5ce46 566->570 571 68a5ccda-68a5cce4 566->571 576 68a5cd04-68a5cd0a 568->576 577 68a5cd43-68a5cd4b 568->577 569->567 573 68a5ce48-68a5ce64 call 68a5cc70 570->573 571->568 582 68a5ce69-68a5ce6d 573->582 576->567 579 68a5cd0c-68a5cd1c VirtualFree 576->579 580 68a5cd4d 577->580 581 68a5cd2f-68a5cd3c 577->581 579->570 583 68a5cd22-68a5cd28 579->583 580->569 584 68a5cd3e 581->584 585 68a5cdab-68a5cdbc call 68a5ce70 581->585 586 68a5ce97-68a5cea1 582->586 583->581 584->573 585->569 591 68a5cdbe-68a5cdde 585->591 588 68a5cec5-68a5cec9 call 68a5c950 586->588 592 68a5cece-68a5ced3 588->592 591->567 593 68a5cde4-68a5cdf4 VirtualFree 591->593 594 68a5cee5-68a5cef5 GetLastError 592->594 595 68a5ced5 592->595 596 68a5cdf6-68a5ce03 593->596 597 68a5ce3f-68a5ce40 593->597 599 68a5cef7-68a5cf04 TryAcquireSRWLockExclusive 594->599 600 68a5cede-68a5cee4 594->600 601 68a5ced7 595->601 598 68a5ce42-68a5ce43 596->598 602 68a5ce05-68a5ce0f 596->602 597->598 598->570 621 68a5cf06-68a5cf0b call 68a446d0 599->621 622 68a5cf10-68a5cf17 599->622 601->600 602->586 602->588 603 68a5cd80-68a5cd85 602->603 604 68a5cf80-68a5cf8a 602->604 605 68a5cea3-68a5cead 602->605 606 68a5cf8c-68a5cf91 602->606 607 68a5ceaf-68a5ceb9 602->607 608 68a5cd6e-68a5cd78 602->608 609 68a5d04e-68a5d053 602->609 610 68a5cd8a-68a5cd9a call 68a5c950 602->610 611 68a5d055 602->611 612 68a5cf74-68a5cf7e 602->612 613 68a5ce16-68a5ce20 602->613 614 68a5cf96-68a5cfa6 call 68a5c950 602->614 615 68a5ce30-68a5ce3a 602->615 616 68a5cfbd-68a5cfc7 602->616 617 68a5d03f-68a5d04c VirtualFree 602->617 618 68a5d038-68a5d03d 602->618 619 68a5cebb-68a5cec0 602->619 620 68a5d05a-68a5d062 call 68a5c950 602->620 603->610 604->614 605->588 606->614 607->588 608->610 609->620 638 68a5cd62-68a5cd6c 610->638 639 68a5cd9c-68a5cda8 GetLastError 610->639 611->620 612->614 613->610 614->601 637 68a5cfac-68a5cfb8 GetLastError 614->637 615->610 616->614 616->618 628 68a5d06a-68a5d070 617->628 618->620 619->588 636 68a5d067 620->636 621->622 626 68a5cf50-68a5cf61 ReleaseSRWLockExclusive 622->626 627 68a5cf19-68a5cf2f VirtualFree 622->627 634 68a5cf63-68a5cf6d 626->634 635 68a5cfcc-68a5cfcd 626->635 632 68a5cf35-68a5cf46 627->632 633 68a5cfcf-68a5cfd2 627->633 632->626 633->618 634->604 634->606 634->609 634->611 634->612 634->614 634->616 634->617 634->618 634->620 635->633 636->628 637->600 638->567 638->608 639->585
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,00000000,?,68A5B834,?,?), ref: 68A5CCCC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,00000000,?,68A5B834,?,?), ref: 68A5CD14
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,68A5B834), ref: 68A5CD9C
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,00000000,?,68A5B834,?), ref: 68A5CDEC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4230811426-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9a32e793454aabc21b6a8eb19df392ae9c552b7a44c1e36633101d791d2faaa4
                                                                                                                                                                                                                                                                                    • Instruction ID: 3571a94476dbe8570d9838a19a18fc08db47c2d85a712e24a6e2c3359805cf99
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a32e793454aabc21b6a8eb19df392ae9c552b7a44c1e36633101d791d2faaa4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F17127717412059BFF148E28CC6476F36AAEB85704F444038FE19CB388EA79DDE18792
                                                                                                                                                                                                                                                                                    Function 68A5D020 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00003000,00000040,00004000), ref: 68A5D046
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68C9C2D8,-00000100,?,00000000,?,?,68A5BDF4,?,00000000,00000003,00000000,?,00000000), ref: 68A5D08B
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,68A5BDF4,?,00000000,00000003,00000000,?,00000000,?,?,?,?), ref: 68A5D0B7
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68C9C2D8,?,?,68A5BDF4,?,00000000,00000003,00000000,?,00000000,?,?,?,?,?), ref: 68A5D0E6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveFreeLockVirtual$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 448536242-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b7a6f1c7e34e79b1419c2b988f15d75499b8e8f680831f316c8285191db5d6c2
                                                                                                                                                                                                                                                                                    • Instruction ID: 173ed41cb8ca2efd8dca6b53b8fd62e64e93d22bf0305112d338bee14d965a36
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7a6f1c7e34e79b1419c2b988f15d75499b8e8f680831f316c8285191db5d6c2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD213471282214AFEF104FA49C04B6B736CEB92B55F8084A4FE059B740D675ECD2C7A2
                                                                                                                                                                                                                                                                                    Function 68A5B3B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 662 68a5b3b0-68a5b3dc 663 68a5b3e2-68a5b3e8 662->663 664 68a5b81b-68a5b822 662->664 665 68a5b6b5-68a5b6bc 663->665 666 68a5b3ee-68a5b3f0 call 68a5b2b0 663->666 667 68a5b489-68a5b49d call 68b11fe3 664->667 668 68a5b828-68a5b83b call 68a5bbe0 664->668 665->667 670 68a5b6c2-68a5b6f8 665->670 666->667 677 68a5b840-68a5b843 668->677 678 68a5b83d 668->678 675 68a5ba97-68a5bafc call 68a35ad0 call 6890c650 call 68a35ad0 call 6890c650 670->675 676 68a5b6fe-68a5b739 670->676 698 68a5bba2-68a5bba7 675->698 699 68a5bb02-68a5bb07 call 68a5bfb0 675->699 679 68a5b746-68a5b7af call 68a44750 676->679 680 68a5b73b-68a5b744 676->680 677->675 678->677 686 68a5b7b1-68a5b7cb 679->686 687 68a5b7e8-68a5b802 679->687 680->679 680->680 689 68a5b7cd-68a5b7df 686->689 691 68a5bbd8-68a5bbd9 687->691 692 68a5b808-68a5b814 687->692 689->689 694 68a5b7e1-68a5b7e5 689->694 693 68a5bbdb-68a5bbdf 691->693 692->664 694->687 698->699 701 68a5bb0c-68a5bb15 699->701 702 68a5bbac-68a5bbb1 701->702 703 68a5bb1b-68a5bb28 701->703 706 68a5bb41-68a5bb50 702->706 707 68a5bbb3-68a5bbd6 ReleaseSRWLockExclusive call 68a5c170 702->707 704 68a5bb37-68a5bb3f 703->704 705 68a5bb2a-68a5bb2e 703->705 704->706 708 68a5bb55-68a5bb74 704->708 705->704 712 68a5bb8a-68a5bb97 707->712 708->693 710 68a5bb76 708->710 710->712 712->698
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: slotsize$spansize
                                                                                                                                                                                                                                                                                    • API String ID: 0-1054177511
                                                                                                                                                                                                                                                                                    • Opcode ID: c75f3c82f9b916468dee4b5a445448644284e81f0964270859964d4e23212d7f
                                                                                                                                                                                                                                                                                    • Instruction ID: 6c3e0c0a2d774d932d577a64bc9d95ac7bf11de13712f7085a7862a63e84cee5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c75f3c82f9b916468dee4b5a445448644284e81f0964270859964d4e23212d7f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8791C175A047058FC704CF28C891B9A77A2EFC8355F58862DEC558B395D734E8D2CB92
                                                                                                                                                                                                                                                                                    Function 68A356D0 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,?,689FC52D,00000000), ref: 68A356F0
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,689FC52D,00000000), ref: 68A35719
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A446D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 68A446EC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e0268b033b493ded2d13f56615ea74a23cc2ce4f7a7d51a1f00d40582de3e69c
                                                                                                                                                                                                                                                                                    • Instruction ID: bce7fb49268ea388f35f95196d299ab0e0cdb900d53bbe3e08aa0e89c4645c5f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0268b033b493ded2d13f56615ea74a23cc2ce4f7a7d51a1f00d40582de3e69c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33F09C759012289F8F00DF69D848DFFB7BCFF59614B40442AED0597200DB349945CBB4
                                                                                                                                                                                                                                                                                    Function 68A793A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A84690: TryAcquireSRWLockExclusive.KERNEL32(68C9DE18,?,?,68A793A9,?,?,68A5CC8F,00000000,?,?,?,?,68A5CE69,?,?,00000000), ref: 68A84699
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A84690: ReleaseSRWLockExclusive.KERNEL32(68C9DE18,?,68A793A9,?,?,68A5CC8F,00000000,?,?,?,?,68A5CE69,?,?,00000000,00000000), ref: 68A846CE
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,68A5CC8F,00000000,?,?,?,?,68A5CE69,?,?,00000000,00000000,?,?,?), ref: 68A793D8
                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,68C85E04,?,68A5CC8F,00000000,?,?,?,?,68A5CE69,?,?,00000000,00000000,?), ref: 68A793E4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLockProcess$AcquireCurrentReleaseWow64
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2898688079-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2f3ef06a4f4bed71afeaae824d55d281921a278e877fe62df4762e20e760b210
                                                                                                                                                                                                                                                                                    • Instruction ID: a63ce83e7e866f3787e60e24ef0da74eba9f718cb96f1bfe7fc71f203782c16e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f3ef06a4f4bed71afeaae824d55d281921a278e877fe62df4762e20e760b210
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEE065BA68162047E7205FB84F1971E36A89703665F8C052AED2DC75C4E7DDDC4063D0
                                                                                                                                                                                                                                                                                    Function 68A84690 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68C9DE18,?,?,68A793A9,?,?,68A5CC8F,00000000,?,?,?,?,68A5CE69,?,?,00000000), ref: 68A84699
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68C9DE18,?,68A793A9,?,?,68A5CC8F,00000000,?,?,?,?,68A5CE69,?,?,00000000,00000000), ref: 68A846CE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5db16c1ecfb805262d3b6d2ec0533b71e4d9d02cef98c17135be9999e483670d
                                                                                                                                                                                                                                                                                    • Instruction ID: 5f73dcd7897cc28d28aa050e91b43a20312fd735884baac6662696e8eea694ed
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5db16c1ecfb805262d3b6d2ec0533b71e4d9d02cef98c17135be9999e483670d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AE0E5703011442BDF209BAD14083297E544B6311CFC400F8EF51AA280DB814BD04BE2
                                                                                                                                                                                                                                                                                    Function 68B31CAB Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68B65CA1,68B239EA,68B26763,?,00000003,68B16F9B), ref: 68B31CAF
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 68B31D51
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ac9ce476507222071fd41218c6ac0f8087d0fdf9ff8c3d7b77ea4c64a4e9a8f1
                                                                                                                                                                                                                                                                                    • Instruction ID: 61198d7e82df12869f398639eec7a9bf105eedea75b2f6fda43de18a55f1d500
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac9ce476507222071fd41218c6ac0f8087d0fdf9ff8c3d7b77ea4c64a4e9a8f1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB1108752882716FD7101EB59D89E2F3ABDEB472BDBD80230F628951A1EB10D8049164

                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                    Function 68AAF2B0 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 486COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68C8B90C,?,68AD1F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 68AAF2EB
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,68AD1F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 68AAF4F6
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,68AD1F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 68AAF50E
                                                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 68AAF5F5
                                                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 68AAF809
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release__floor_pentium4$Acquire
                                                                                                                                                                                                                                                                                    • String ID: `CjL
                                                                                                                                                                                                                                                                                    • API String ID: 2821508176-2294715664
                                                                                                                                                                                                                                                                                    • Opcode ID: 35e18860869e746f9e00c6984a68c821810e6ca30b94e65c802a2f3a296adafa
                                                                                                                                                                                                                                                                                    • Instruction ID: 435bfe45f3e741931c1e97f373777fff6e17357547ee55e07d2f24e86efd9584
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35e18860869e746f9e00c6984a68c821810e6ca30b94e65c802a2f3a296adafa
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91F10975B006058BCB0DCF69C89072EB7B2BF89750798862DDC66EBB41E771E8C18B51
                                                                                                                                                                                                                                                                                    Function 68AB35B0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • Histogram.MismatchedConstructionArguments, xrefs: 68AB3973
                                                                                                                                                                                                                                                                                    • Histogram.BadConstructionArguments, xrefs: 68AB39E8
                                                                                                                                                                                                                                                                                    • Blink.UseCounter, xrefs: 68AB3936
                                                                                                                                                                                                                                                                                    • Histogram.TooManyBuckets.1000, xrefs: 68AB3925
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-749166131
                                                                                                                                                                                                                                                                                    • Opcode ID: e6fe337171a1842e01ef8653c3420dfdd258d6dd21c89682860568a2c41068a7
                                                                                                                                                                                                                                                                                    • Instruction ID: a890222074b9ebcb0026f730a9c6a52ce356d09707a234436b81d262a04fd7d5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6fe337171a1842e01ef8653c3420dfdd258d6dd21c89682860568a2c41068a7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FC17E75E00119DFCB14CFA8D894AAEFBBAFF89314F994129DC55A7340DB31A881CB90
                                                                                                                                                                                                                                                                                    Function 68B73A80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,68B73CE9,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 68B73AA8
                                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 68B73AE7
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,68B73CE9,?,?), ref: 68B73C04
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • (0x%lX), xrefs: 68B73AF8
                                                                                                                                                                                                                                                                                    • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 68B73C0C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                                                                                    • String ID: (0x%lX)$Error (0x%lX) while retrieving error. (0x%lX)
                                                                                                                                                                                                                                                                                    • API String ID: 1365068426-3206765257
                                                                                                                                                                                                                                                                                    • Opcode ID: fb491352d728a6e109b50a9165ce6085c35ec2ad3e13091228634c02ffa1ff8d
                                                                                                                                                                                                                                                                                    • Instruction ID: da6219d097454abb9ad324e49be82041283063d043ddd68118aee29c338da1a3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb491352d728a6e109b50a9165ce6085c35ec2ad3e13091228634c02ffa1ff8d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA41C4B5D04698AFEF10DFA4CC44ABFBB78EF49608F844025E924B7201E731A945C7A1
                                                                                                                                                                                                                                                                                    Function 68B369B7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,68B3636D,?,?), ref: 68B36A50
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,68B3636D,?,?), ref: 68B36A79
                                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,68B3636D,?,?), ref: 68B36A8E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                    • Opcode ID: 5e97c48bdbeb761c03fe51475a5959f72786c13c8dd232451a48bb71cc43b055
                                                                                                                                                                                                                                                                                    • Instruction ID: dfeb6fc30fd4cf20a9160cb1c183c1f057f025b1a3e8b66514f52aef500ddcac
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e97c48bdbeb761c03fe51475a5959f72786c13c8dd232451a48bb71cc43b055
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D521A4726041B5EBE724CF18C904A8B72B6EB47B54BE2C424EB29D7104E732DA41E350
                                                                                                                                                                                                                                                                                    Function 68B36237 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B31B5A: GetLastError.KERNEL32(00000000,?,68B2E24D), ref: 68B31B5E
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B31B5A: SetLastError.KERNEL32(00000000), ref: 68B31C00
                                                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 68B3633F
                                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(?), ref: 68B3637D
                                                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 68B36390
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 68B363D8
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 68B363F3
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 415426439-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b9bb890a59eb9738a990456fe86202f74134facd375ab4d5cf5462f0b2e7ff12
                                                                                                                                                                                                                                                                                    • Instruction ID: 84ef442586e04b27ef30f7b05e63158a707673fc9396e2b7781fa7b10ceaff4b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9bb890a59eb9738a990456fe86202f74134facd375ab4d5cf5462f0b2e7ff12
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1515E71D4027AAFEF01DFA8CC45ABE77B8FF4A300F914469AA24E7140EB70D9449B61
                                                                                                                                                                                                                                                                                    Function 68B1BE80 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 4f2f6360593e6b1832d91633cd36a6a5969e67cb0d4f23d873bdedb96b29a990
                                                                                                                                                                                                                                                                                    • Instruction ID: 5ca27c6a9c7bafa79e61d66a810d5f7504239c78fc346b069a517044d0a7c63c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f2f6360593e6b1832d91633cd36a6a5969e67cb0d4f23d873bdedb96b29a990
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11025A71E05259DBDB14CFA8D89469EFBF1FF48314F648269D569EB380D731AA01CB80
                                                                                                                                                                                                                                                                                    Function 68AAD5F0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                                                                                    • String ID: -
                                                                                                                                                                                                                                                                                    • API String ID: 3839614884-2547889144
                                                                                                                                                                                                                                                                                    • Opcode ID: 1f565b739d720bbf61a315480e8442bf15d5abf8972899c9696d7318afc111fd
                                                                                                                                                                                                                                                                                    • Instruction ID: fac0e160091c5d0444e4ea87aa585d9e3d50c2f397589799152e3efb8af0f084
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f565b739d720bbf61a315480e8442bf15d5abf8972899c9696d7318afc111fd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48C1F372E102599FDB04CF6DD8947AEFBA9EF89314F55822AEC599B340E7309940CBD0
                                                                                                                                                                                                                                                                                    Function 68AAFA00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68C8B90C,?,?,?,68AAFF16,00000000,?,?,68AB1872,?,00000000,00000001,00000000), ref: 68AAFA3D
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68C8B90C,?,?,?,68AAFF16,00000000,?,?,68AB1872,?,00000000,00000001,00000000), ref: 68AAFB40
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: `CjL
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-2294715664
                                                                                                                                                                                                                                                                                    • Opcode ID: c511aec5e75a723173c8054656052842e6527a27442996ec7a6b07d518e68bfb
                                                                                                                                                                                                                                                                                    • Instruction ID: ffaf2e36b851fe758bfab649475eb8299d33bba93567462db5460bd93825ca79
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c511aec5e75a723173c8054656052842e6527a27442996ec7a6b07d518e68bfb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 755126B1B001158B8B0CDF288CA172EBBB7AB857547D8C12DDC25DBA41EB71E8828790
                                                                                                                                                                                                                                                                                    Function 68B72EC0 Relevance: 26.6, APIs: 3, Strings: 12, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68ABA350: _strlen.LIBCMT ref: 68ABA38A
                                                                                                                                                                                                                                                                                      • Part of subcall function 68AB1850: _strlen.LIBCMT ref: 68AB1861
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 68B72F3B
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B119A1: AcquireSRWLockExclusive.KERNEL32(68C85FE4,?,68C0C63C,?,68A9D29B,68C8ACA4), ref: 68B119AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B119A1: ReleaseSRWLockExclusive.KERNEL32(68C85FE4,?,68A9D29B,68C8ACA4), ref: 68B119E6
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 68B7314B
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 68B73174
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • FieldTrialParams-value, xrefs: 68B732EA
                                                                                                                                                                                                                                                                                    • . Falling back to default value of , xrefs: 68B73189
                                                                                                                                                                                                                                                                                    • LogInvalidValue, xrefs: 68B731D2
                                                                                                                                                                                                                                                                                    • into , xrefs: 68B73160
                                                                                                                                                                                                                                                                                    • Variations.FieldTriamParamsLogInvalidValue, xrefs: 68B72F15
                                                                                                                                                                                                                                                                                    • FieldTrialParams-default, xrefs: 68B7332A
                                                                                                                                                                                                                                                                                    • FieldTrialParams-param_name, xrefs: 68B732AA
                                                                                                                                                                                                                                                                                    • Failed to parse field trial param , xrefs: 68B730DF
                                                                                                                                                                                                                                                                                    • under feature , xrefs: 68B73138
                                                                                                                                                                                                                                                                                    • FieldTrialParams-feature_name, xrefs: 68B7326A
                                                                                                                                                                                                                                                                                    • ..\..\base\metrics\field_trial_params.cc, xrefs: 68B730CF, 68B731CD
                                                                                                                                                                                                                                                                                    • with string value , xrefs: 68B7310D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen$ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: into $ under feature $ with string value $. Falling back to default value of $..\..\base\metrics\field_trial_params.cc$Failed to parse field trial param $FieldTrialParams-default$FieldTrialParams-feature_name$FieldTrialParams-param_name$FieldTrialParams-value$LogInvalidValue$Variations.FieldTriamParamsLogInvalidValue
                                                                                                                                                                                                                                                                                    • API String ID: 3829107669-3727522020
                                                                                                                                                                                                                                                                                    • Opcode ID: d9d05944ba0c1d4a5820058ce7c7d20e955d22e7d6d0a5970a6dc8a813e5c6f7
                                                                                                                                                                                                                                                                                    • Instruction ID: b4625c8ea4a0b25755b2d5d214d4dfffc1dd55a5c69fd0bf1d384907afba895b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9d05944ba0c1d4a5820058ce7c7d20e955d22e7d6d0a5970a6dc8a813e5c6f7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1B1F5B9944380EFD720CF20D995B7F7B75EB46628FC44128EC691B291EB31E944C762
                                                                                                                                                                                                                                                                                    Function 68A8B0D0 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 208threadtimeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 68A8B0F7
                                                                                                                                                                                                                                                                                    • QueryThreadCycleTime.KERNEL32(00000000,00000000), ref: 68A8B103
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 68A8B191
                                                                                                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 68A8B194
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 68A8B19E
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000002), ref: 68A8B1A3
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 68A8B200
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 68A8B20B
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?), ref: 68A8B216
                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 68A8B224
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 68A8B2F1
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • PERFETTO_CHECK(perf_counter_now >= perf_counter_initial), xrefs: 68A8B3A9
                                                                                                                                                                                                                                                                                    • ..\..\third_party\perfetto\src\base\time.cc, xrefs: 68A8B39A, 68A8B3D9
                                                                                                                                                                                                                                                                                    • PERFETTO_CHECK(tsc_now >= tsc_initial), xrefs: 68A8B3E8
                                                                                                                                                                                                                                                                                    • %s (errno: %d, %s), xrefs: 68A8B3AE, 68A8B3ED
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$CurrentQuery$PerformancePriority$Counter$CycleFrequencyTime
                                                                                                                                                                                                                                                                                    • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\base\time.cc$PERFETTO_CHECK(perf_counter_now >= perf_counter_initial)$PERFETTO_CHECK(tsc_now >= tsc_initial)
                                                                                                                                                                                                                                                                                    • API String ID: 649842374-3408761757
                                                                                                                                                                                                                                                                                    • Opcode ID: 1fd3a00facdd5a94aace39e50f6602d469352a067d2d7f373038f9e2c6410c08
                                                                                                                                                                                                                                                                                    • Instruction ID: f94c91f3798981cbb0b607eaf4b13022d79cfb7848f1e36bf559210161b2a811
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fd3a00facdd5a94aace39e50f6602d469352a067d2d7f373038f9e2c6410c08
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D81B0B5954A04DFCB01DF38C45991EBBB0FF97350F908B29E98A67250EB31E481CB52
                                                                                                                                                                                                                                                                                    Function 68A42BE0 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 68A42C1E
                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,00000000), ref: 68A42C2A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentWow64
                                                                                                                                                                                                                                                                                    • String ID: allo$c$comm$iswo$it$ize$size$va_s$w64
                                                                                                                                                                                                                                                                                    • API String ID: 1905925150-3570837082
                                                                                                                                                                                                                                                                                    • Opcode ID: 6899812d5760076a0a9336a99508d7bddf7bd318efd7b5a86d442f87f764caf5
                                                                                                                                                                                                                                                                                    • Instruction ID: b4675399b674d354a73fc4ac67c7e59f967ec239f16a6d3c21db0a32b6bc7e20
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6899812d5760076a0a9336a99508d7bddf7bd318efd7b5a86d442f87f764caf5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5316BB58083419FD710CF64D898B6FBBF8BF88318F54092DF9998B200D7B5E6448B92
                                                                                                                                                                                                                                                                                    Function 68A108D0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 351timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68AD0890: GetLastError.KERNEL32(?,?,68A108F8,68A108B8,0000005E,?,?,00000000,?,C72674FF,?,68A73B75,..\..\third_party\crashpad\crashpad\util\file\file_io.cc,0000005E,00000002), ref: 68AD08AA
                                                                                                                                                                                                                                                                                      • Part of subcall function 68AD0890: SetLastError.KERNEL32(00000000,?,68A108F8,68A108B8,0000005E,?,?,00000000,?,C72674FF,?,68A73B75,..\..\third_party\crashpad\crashpad\util\file\file_io.cc,0000005E,00000002), ref: 68AD08B5
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 68A10903
                                                                                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(0000005E,?,?,?,?,68A108B8,0000005E,?,?,00000000,?,C72674FF,?,68A73B75,..\..\third_party\crashpad\crashpad\util\file\file_io.cc,0000005E), ref: 68A109DD
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 68A10AEF
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 68A10C58
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast_strlen$CountLocalTickTime
                                                                                                                                                                                                                                                                                    • String ID: )] $:$:$UNKNOWN$VERBOSE
                                                                                                                                                                                                                                                                                    • API String ID: 4112389128-776901039
                                                                                                                                                                                                                                                                                    • Opcode ID: a9c11b8783a2b428059790592762069d18ddd9a2ab66c4fc7c888cd4ffd28338
                                                                                                                                                                                                                                                                                    • Instruction ID: 2f5fc80622a6700154c0a7fda39da6bee13f2efc44348951270638bfa02274dc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9c11b8783a2b428059790592762069d18ddd9a2ab66c4fc7c888cd4ffd28338
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FC106B8E04214AFDB04CF64D894BBE77B9EF56308F44801DEC56A7381EB359945CBA1
                                                                                                                                                                                                                                                                                    Function 68B3058E Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 68B306AD
                                                                                                                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 68B3080C
                                                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 68B3090D
                                                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 68B30928
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CallCatchFramesNestedUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 2332921423-393685449
                                                                                                                                                                                                                                                                                    • Opcode ID: ac9a8eff772321383e22d0993997cf06b3a50d5a05f4362c9836395296ec0307
                                                                                                                                                                                                                                                                                    • Instruction ID: 0516d4d86f77aaa2c961f33381e34f7b18a8ff04ed0283de1144ad1c6bd6f475
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac9a8eff772321383e22d0993997cf06b3a50d5a05f4362c9836395296ec0307
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72B147758042B9EFCF15CFA4C8809AEBBB5FF44314B90415AE8246B216D771DA52CF91
                                                                                                                                                                                                                                                                                    Function 68B757C0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68C8B9F0,?,?,?,?,?,?,?,?,?,ABA17E2D,?,?,68AD2C9F), ref: 68B7586D
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68C8B9F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?,ABA17E2D), ref: 68B758F5
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68C8B9F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?,ABA17E2D), ref: 68B7591A
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 68B75934
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B119A1: AcquireSRWLockExclusive.KERNEL32(68C85FE4,?,68C0C63C,?,68A9D29B,68C8ACA4), ref: 68B119AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B119A1: ReleaseSRWLockExclusive.KERNEL32(68C85FE4,?,68A9D29B,68C8ACA4), ref: 68B119E6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire$_strlen
                                                                                                                                                                                                                                                                                    • String ID: DumpWithoutCrashing-file$DumpWithoutCrashing-line$Stability.DumpWithoutCrashingStatus
                                                                                                                                                                                                                                                                                    • API String ID: 576647242-2526474133
                                                                                                                                                                                                                                                                                    • Opcode ID: 09252ef71b40dd44aaa58f10326cecb139a69d52dbfc3ecb55b266140e6dd368
                                                                                                                                                                                                                                                                                    • Instruction ID: da1eec7b7ef5cc31d9c745da8a195538e731ed50c4afe79093f94f75b19711d6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09252ef71b40dd44aaa58f10326cecb139a69d52dbfc3ecb55b266140e6dd368
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF91A2B5944385DFD710CF24C884B6E7BB0FB86728F844629E8A957381EB31E945CB52
                                                                                                                                                                                                                                                                                    Function 68A77510 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 111registryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,?,?,?,000000FF,00000000), ref: 68A77539
                                                                                                                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,?,?,?,000000FF,00000000), ref: 68A77553
                                                                                                                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,?,?,?,000000FF,00000008), ref: 68A7756A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • RegisterWaitForSingleObject crash dump requested, xrefs: 68A775BE
                                                                                                                                                                                                                                                                                    • ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 68A775AC, 68A775F9, 68A77646
                                                                                                                                                                                                                                                                                    • RegisterWaitForSingleObject process end, xrefs: 68A77658
                                                                                                                                                                                                                                                                                    • RegisterWaitForSingleObject non-crash dump requested, xrefs: 68A7760B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ObjectRegisterSingleWait
                                                                                                                                                                                                                                                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$RegisterWaitForSingleObject crash dump requested$RegisterWaitForSingleObject non-crash dump requested$RegisterWaitForSingleObject process end
                                                                                                                                                                                                                                                                                    • API String ID: 1092942010-2013388152
                                                                                                                                                                                                                                                                                    • Opcode ID: b54c61875655be9a3454303537adbfa34d4e5393f966b78fa5dd3718972e0aa4
                                                                                                                                                                                                                                                                                    • Instruction ID: 0f98d149c732658b8b01d0d1db203d2c91b1abe62ef5b173f8f7011015e872bb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b54c61875655be9a3454303537adbfa34d4e5393f966b78fa5dd3718972e0aa4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1312D397403186BEF208B509D45F7E7739EF42758FC00035BE556B1C1EB71A984C661
                                                                                                                                                                                                                                                                                    Function 68B33E01 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f492ebc2efcad86b8d6e0f7bd2feb2b284066b83d153a20c6e5141718fdeff8b
                                                                                                                                                                                                                                                                                    • Instruction ID: 6f16daeb84872e699525ed418b397337aca681fedb1a0d584b97a2ab8264b30c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f492ebc2efcad86b8d6e0f7bd2feb2b284066b83d153a20c6e5141718fdeff8b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5EB15732A042F5DFDB128F68CC81BAF7BB5EF6A310F944155E914AB281D376D901CBA0
                                                                                                                                                                                                                                                                                    Function 68B73540 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 186fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 68B735B3
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 68B7364F
                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 68B7368F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$CreateCurrentDirectoryModuleName
                                                                                                                                                                                                                                                                                    • String ID: Check failed: false. $debug.log
                                                                                                                                                                                                                                                                                    • API String ID: 3818821825-883309970
                                                                                                                                                                                                                                                                                    • Opcode ID: a4904d69e12f96ff20710d4f9cd286cba9b9aaa7edd2bb2ee5f6fdfbe59d621c
                                                                                                                                                                                                                                                                                    • Instruction ID: f1623104e9a990d485cbb84c635d00dc16041184c04646f3080d0a42d50ac970
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4904d69e12f96ff20710d4f9cd286cba9b9aaa7edd2bb2ee5f6fdfbe59d621c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A5117B0A447549BDB20DF24C849B6EBFF0EF86708FC04518E9699B291EB70D945C791
                                                                                                                                                                                                                                                                                    Function 68981310 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 6898143F
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 68981494
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen
                                                                                                                                                                                                                                                                                    • String ID: %*s:%s$%s%s %s$[%03u.%03u] $[printf format error]
                                                                                                                                                                                                                                                                                    • API String ID: 2172594012-3351823563
                                                                                                                                                                                                                                                                                    • Opcode ID: 6986c9c4f02f47efbc5cf7b4c97522e60747472c005779bfc200add1d9279971
                                                                                                                                                                                                                                                                                    • Instruction ID: 436650a44efd8fd03462ba3ffe54af5164dc9e171f98b162518c4f51687fcb22
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6986c9c4f02f47efbc5cf7b4c97522e60747472c005779bfc200add1d9279971
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 295186F6904341ABEB008F20DC81E3FBB69EFC6304F848A2DF9A45A181FB31D5148792
                                                                                                                                                                                                                                                                                    Function 68A32DC0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 68A32DD6
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 68A32ED0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • handle_to_name_iter != thread_handle_to_interned_name_.end(), xrefs: 68A32F35
                                                                                                                                                                                                                                                                                    • id_to_handle_iter != thread_id_to_handle_.end(), xrefs: 68A32F75
                                                                                                                                                                                                                                                                                    • ..\..\base\threading\thread_id_name_manager.cc, xrefs: 68A32F19, 68A32F59
                                                                                                                                                                                                                                                                                    • RemoveName, xrefs: 68A32F1E, 68A32F5E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: ..\..\base\threading\thread_id_name_manager.cc$RemoveName$handle_to_name_iter != thread_handle_to_interned_name_.end()$id_to_handle_iter != thread_id_to_handle_.end()
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-1713423127
                                                                                                                                                                                                                                                                                    • Opcode ID: 62caf99026ce9528a359e34e20d19c4a83173295233ad3f547a5294a1d933ef4
                                                                                                                                                                                                                                                                                    • Instruction ID: 6836a4ca79418eebf506b1d002e74bfc4796c85a5bce10e394c0916bbbde9409
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62caf99026ce9528a359e34e20d19c4a83173295233ad3f547a5294a1d933ef4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D751E3317002259BDB28DE28C891A7E73B5AF897067D8453DEC2AD7240FB71E995C7A0
                                                                                                                                                                                                                                                                                    Function 689815B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 689815FB
                                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 689816C0
                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(Kernel32.dll), ref: 689816FE
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThreadDescription), ref: 6898170A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressCurrentFreeHandleLocalModuleProcThread
                                                                                                                                                                                                                                                                                    • String ID: GetThreadDescription$Kernel32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4205643583-415897907
                                                                                                                                                                                                                                                                                    • Opcode ID: 1e7ae7d11514beff8904e07db89c644df62fa427da91c6c7d8bd09e23c01d523
                                                                                                                                                                                                                                                                                    • Instruction ID: 9c03cfb33613d36dd11a381c72897664570110aa00133d1ef77fb03d09b699ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e7ae7d11514beff8904e07db89c644df62fa427da91c6c7d8bd09e23c01d523
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE41F8F1D0111ACFDF01DFA4C8849AE7BB9EF46318F980539D966AB340EB35D905C6A1
                                                                                                                                                                                                                                                                                    Function 68B13BB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 68B13BE7
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 68B13BEF
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 68B13C78
                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 68B13CA3
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 68B13CF8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                    • Opcode ID: eb1b0e0275a2b5734280f1ff6a84d04348c86e1fff3f2feaf2a15d21c57161ff
                                                                                                                                                                                                                                                                                    • Instruction ID: deef8aabf663475e969379b65e71c5c021751a6f427dc967ff4cd7ea8ab716bc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb1b0e0275a2b5734280f1ff6a84d04348c86e1fff3f2feaf2a15d21c57161ff
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0419538A042A9EBCF00CF68C884A9FBBB5FF49358F548155E8646F351E735EA45CB90
                                                                                                                                                                                                                                                                                    Function 689FC370 Relevance: 10.6, APIs: 7, Instructions: 100threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 689FC39A
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00020000,?,689FC600,?,?), ref: 689FC3B5
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,7FFFFFFF,?,689FC600,?,?), ref: 689FC3D0
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 689FC413
                                                                                                                                                                                                                                                                                    • SetThreadInformation.KERNEL32(00000000,00000003,?,0000000C,?,689FC600,?,?), ref: 689FC41F
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,000000FE,?,689FC600,?,?), ref: 689FC48F
                                                                                                                                                                                                                                                                                    • SetThreadInformation.KERNEL32(00000000,00000000,?,00000004,?,689FC600,?,?), ref: 689FC4A9
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$Priority$CurrentInformation
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3180331770-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0d79fed3989f1c49a707ecfc27b0ed8bedc597f695bd6305bd440ae9d6e2373f
                                                                                                                                                                                                                                                                                    • Instruction ID: 79ce968abd174602d42422358d73361d40a92843973e490e506af7d1a9d36c03
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d79fed3989f1c49a707ecfc27b0ed8bedc597f695bd6305bd440ae9d6e2373f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D53105716482309BDB185F648848BAE3BB8EB4B39CF908539FE65A7381C7B0D402D790
                                                                                                                                                                                                                                                                                    Function 68B3273E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,68B3284D,?,?,00000000,?,68B65CA1,?,68B3242F,00000022,FlsSetValue,68BFFDEC,FlsSetValue,?), ref: 68B327FF
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                    • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                                    • Opcode ID: c25970db00c8b951b5eaad9f28afdbe7b9c88710a2832d431a0b007b63b9fe81
                                                                                                                                                                                                                                                                                    • Instruction ID: 18d1da7e686a33877a8a2f3545804eefaef01347c42435b1576eb1d9e73854d8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c25970db00c8b951b5eaad9f28afdbe7b9c88710a2832d431a0b007b63b9fe81
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621D5759425B0EBDB119F348C48A5E3B79FB4A762F514121ED25A7380DB34ED01CAE0
                                                                                                                                                                                                                                                                                    Function 68B38A7C Relevance: 9.2, APIs: 6, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea$Info
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 541289543-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1d0f8c21a49040906019926dee12873b613b62b0468ba616ee1f81776ed0040d
                                                                                                                                                                                                                                                                                    • Instruction ID: cc4568f5c3ae6df3f1be18dd1d7c46e0d741d4e7b4ed9b5e406773e821123b9c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d0f8c21a49040906019926dee12873b613b62b0468ba616ee1f81776ed0040d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D47119B29806BA6BDF118E54CC40FAF77B6DF4A314FD40019E924E7280E736D905C7A2
                                                                                                                                                                                                                                                                                    Function 68B2FCE1 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,68B2FCD8,68B13D14,00000011), ref: 68B2FCEF
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 68B2FCFD
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 68B2FD16
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 68B2FD68
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                    • Opcode ID: dd283795f87566138b027f0e643bba25f60f17e7d1a66d29e974ed22c92bd685
                                                                                                                                                                                                                                                                                    • Instruction ID: 49ac9c6f4f8cff2be109b9ceb3450074c57231f8657508a6da2279e6a270f869
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd283795f87566138b027f0e643bba25f60f17e7d1a66d29e974ed22c92bd685
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2014C7610E275EEE73009B46CAC53E3AB4EB473BDFA0032AF47C842E1EF9188418550
                                                                                                                                                                                                                                                                                    Function 68B75570 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: FeatureList-early-access-allow-list$FeatureList-feature-accessed-too-early$false$true
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-1298438743
                                                                                                                                                                                                                                                                                    • Opcode ID: 0042e202fc8cc6a24af0b498453fd9d5c2b939830f8feca8a31b9b2fb460be06
                                                                                                                                                                                                                                                                                    • Instruction ID: f2a3842d8e8ca4582edf9cc235eb8bae2961c55a3b3580a393409e85592ab4b2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0042e202fc8cc6a24af0b498453fd9d5c2b939830f8feca8a31b9b2fb460be06
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C3124B5D40248CFCB10CF65D846ABE7B70EB46358FC5012AE8291B380E731A845CBA2
                                                                                                                                                                                                                                                                                    Function 68B20C5E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,8A1B0277,?,?,00000000,68BFB440,000000FF,?,68B20D1F,?,?,68B20DBB,?,?), ref: 68B20C93
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CorExitProcess), ref: 68B20CA5
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00000000,68BFB440,000000FF,?,68B20D1F,?,?,68B20DBB,?,?,?,?,8A1B0277), ref: 68B20CC7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                    • Opcode ID: 6a6f390b7c64df14c1351166e3a34eeb4765e00a3c316a709792559e65a33c6d
                                                                                                                                                                                                                                                                                    • Instruction ID: b160fdcfb0035178a1d658e5ab78cbd46c231bc7a39665d13e51dcdf917282cb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a6f390b7c64df14c1351166e3a34eeb4765e00a3c316a709792559e65a33c6d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C01AD71951669EFDB018F50CC18FBEBBB9FB05B15F404625EC21A2280DB34D804CB80
                                                                                                                                                                                                                                                                                    Function 68A5BBE0 Relevance: 7.8, APIs: 5, Instructions: 280COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(-000000C0,?,?,?,?,00000000,?,68A5B834,?,?), ref: 68A5BC07
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 68A5BE68
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?), ref: 68A5BEBA
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?), ref: 68A5BED3
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(-00000140,?,?,?,?,00000000,?,68A5B834,?,?), ref: 68A5BF91
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1a6fd8640d048e9da4ed7ba1223f0513c306abd406622ed3535456d1986979cf
                                                                                                                                                                                                                                                                                    • Instruction ID: 55307034e8545410a23be6fd29a3d4426bdcdb5b87ea86d33c42c476abe0a285
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a6fd8640d048e9da4ed7ba1223f0513c306abd406622ed3535456d1986979cf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DB1B070A007059FDB14CF64DC847EEB7F5BF88305F580528E966AB381EB74A992CB91
                                                                                                                                                                                                                                                                                    Function 68AD6DB0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(?,68A4A300,?,00000000,?,?,68AD74E6,68C9A83C,68A706D0,?,?,68ABE30C,00000001), ref: 68AD6DCE
                                                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(68C9A800,68A4A300,?,00000000), ref: 68AD6E1A
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 68AD6E2F
                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 68AD6E3D
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 68AD6E46
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Once$ErrorExecuteInitLast$Value
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4287946392-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0f7b0025adbc14c475d140ad8206220411d3e0af330963b3cc04661bb3f0bfda
                                                                                                                                                                                                                                                                                    • Instruction ID: 06bee93b15e84d27899cf16bf1c86526a85746cb0f4d814628945b0a860c0f0e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f7b0025adbc14c475d140ad8206220411d3e0af330963b3cc04661bb3f0bfda
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD21A275A40218AFDF049FA5DC08BAE7BB9EB45618F940425EE19E7300EF31E940C6A1
                                                                                                                                                                                                                                                                                    Function 68A10D50 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 415fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68AD0890: GetLastError.KERNEL32(?,?,68A108F8,68A108B8,0000005E,?,?,00000000,?,C72674FF,?,68A73B75,..\..\third_party\crashpad\crashpad\util\file\file_io.cc,0000005E,00000002), ref: 68AD08AA
                                                                                                                                                                                                                                                                                      • Part of subcall function 68AD0890: SetLastError.KERNEL32(00000000,?,68A108F8,68A108B8,0000005E,?,?,00000000,?,C72674FF,?,68A73B75,..\..\third_party\crashpad\crashpad\util\file\file_io.cc,0000005E,00000002), ref: 68AD08B5
                                                                                                                                                                                                                                                                                    • OutputDebugStringA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,C72674FF), ref: 68A110D1
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,FFFFFFFF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 68A111F6
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B119A1: AcquireSRWLockExclusive.KERNEL32(68C85FE4,?,68C0C63C,?,68A9D29B,68C8ACA4), ref: 68B119AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B119A1: ReleaseSRWLockExclusive.KERNEL32(68C85FE4,?,68A9D29B,68C8ACA4), ref: 68B119E6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorExclusiveLastLock$AcquireDebugFileOutputReleaseStringWrite
                                                                                                                                                                                                                                                                                    • String ID: LOG_FATAL$W
                                                                                                                                                                                                                                                                                    • API String ID: 11340718-2652010433
                                                                                                                                                                                                                                                                                    • Opcode ID: d3b39ff1ce23b9ed1808fba2157acaf8e28391b365ef2b7f9a9cec2b30cd2f5a
                                                                                                                                                                                                                                                                                    • Instruction ID: 3d94d72e3108a067f7f5e03473f894d36debb137bf055386f484e04752da64fe
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3b39ff1ce23b9ed1808fba2157acaf8e28391b365ef2b7f9a9cec2b30cd2f5a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EF1DF75E08254CFDB10CFA4C880BBEBBB5FF55714F884029DC99AB240E775A986CB91
                                                                                                                                                                                                                                                                                    Function 68B39A99 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea
                                                                                                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                    • API String ID: 240046367-3206640213
                                                                                                                                                                                                                                                                                    • Opcode ID: 92d2662ce2336755f3e8c4da92462a2a84f3119f8aff99304437ba014804fac5
                                                                                                                                                                                                                                                                                    • Instruction ID: 1227260a239c6f1c194774c0ef7bd12760a7cf6af717eb07466458639dc3d433
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92d2662ce2336755f3e8c4da92462a2a84f3119f8aff99304437ba014804fac5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FC1EC399042B6DBDB108F68C894BBAB7B1FF4B700FC04049E935AB250DB35D959CBA1
                                                                                                                                                                                                                                                                                    Function 68A43F90 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 68A43FD7
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 68A4410B
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A446D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 68A446EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: first$second
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-3095674784
                                                                                                                                                                                                                                                                                    • Opcode ID: ef1c8c49d72cf6c27b49258933da300b3a58857909c03a9065c8b219830d7fd1
                                                                                                                                                                                                                                                                                    • Instruction ID: 50ad46eba61746f32d35265fb567e51688355a97f99d51e48c71d9d7a5bd9b35
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef1c8c49d72cf6c27b49258933da300b3a58857909c03a9065c8b219830d7fd1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2510074605701DFC710CF28C880A6AF7E1FFC8324F64862DE9998B295D735E892CB82
                                                                                                                                                                                                                                                                                    Function 68A44470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,0000007E,?,?,68A43F38,?,00000000,?,00000000,?,68A43B4D,FFFFFF79,00000000), ref: 68A44496
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,00000001,?,?,00000000,0000007E,?,?,68A43F38,?,00000000,?,00000000,?,68A43B4D,FFFFFF79), ref: 68A444B7
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A446D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 68A446EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: first$second
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-3095674784
                                                                                                                                                                                                                                                                                    • Opcode ID: a5639b2f0d916ae3b9ec6683834c7bccfd828cac4965e6a7dd67d87f56938bb1
                                                                                                                                                                                                                                                                                    • Instruction ID: d050a2dd36a7fa4cd0330cefc13110299a8c4859ae2893a374f910c472e7246b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5639b2f0d916ae3b9ec6683834c7bccfd828cac4965e6a7dd67d87f56938bb1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36413C31A067419FDB10CF29D844759B7A2AFC9324F648238F9699B284EB71D882C781
                                                                                                                                                                                                                                                                                    Function 68B309B3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,68B308B9,?,?,00000000,00000000,00000000,?), ref: 68B309D8
                                                                                                                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 68B30ABE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CatchEncodePointer
                                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                    • API String ID: 1435073870-2084237596
                                                                                                                                                                                                                                                                                    • Opcode ID: 852ab023f929d55620fe964d09c2b5815db0f51c77cdd2d223338e3599a29a75
                                                                                                                                                                                                                                                                                    • Instruction ID: aae217306614ff3ce7dba148961aa3ecd511727c7e4e3f73eb16e5eb6d9144cd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 852ab023f929d55620fe964d09c2b5815db0f51c77cdd2d223338e3599a29a75
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 544158729002ADEFCF05CF94DD80AAEBBB5FF48304F558199F918A6220D3359952DB51
                                                                                                                                                                                                                                                                                    Function 68A6FD20 Relevance: 6.3, APIs: 4, Instructions: 348COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(-00000300,?,?,00000000,?,00000000,?,68A43B4D,FFFFFF79,00000000,?,?,68A430A3,?,?), ref: 68A6FD3E
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A446D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 68A446EC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AcquireExclusiveLock
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4021432409-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3bde1bf6ff1b10d0ab95eb4908698336eec25a61fefed345ba2fb78aa568c789
                                                                                                                                                                                                                                                                                    • Instruction ID: 7e212ea4f8b4f241d2ce4cb30e81aafac8c8b52a78f5b8d21d25017462835fef
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3bde1bf6ff1b10d0ab95eb4908698336eec25a61fefed345ba2fb78aa568c789
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62D1A075A00615CFDB14CF68C8847A9B7F2FF89328F584169DC299B355DB76E882CB80
                                                                                                                                                                                                                                                                                    Function 68B2A6B2 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(8A1B0277,00000000,00000000,?), ref: 68B2A715
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B37F9A: WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,?,?,-00000008,-00000008,00000000,?,68B31AC4,?,00000000,-00000008), ref: 68B37FFB
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 68B2A967
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 68B2A9AD
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 68B2AA50
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 746e48fa814a3780cba27b6b6e07821af4923dc208075934511acef86353ebc7
                                                                                                                                                                                                                                                                                    • Instruction ID: 4342977d1bd603054cbc7756b1d790f35df0a8e6e39984ef0f059f69bb170b1f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 746e48fa814a3780cba27b6b6e07821af4923dc208075934511acef86353ebc7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8ED188B5D00298DFCB05CFA8C990AADBBB4FF0A314F54516AE529BB351E730A942CF50
                                                                                                                                                                                                                                                                                    Function 68B302B5 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 68555f2ea37e26bc03257d9a4ea605570b0191adc48f288af6c84ca1de17d76a
                                                                                                                                                                                                                                                                                    • Instruction ID: d58871b555887231c29183f56a818803cd08a7ea6621460a6c8c68658a239ecc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68555f2ea37e26bc03257d9a4ea605570b0191adc48f288af6c84ca1de17d76a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 605113B66886B6EFEB158F16C880B7E77B4EF08714F90412DEC655B190E731E882C790
                                                                                                                                                                                                                                                                                    Function 68B274D6 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: be0788fcd28f30aceb72c9f21c7e514f12e5e20177f0bbba70e93ddba9ee99ab
                                                                                                                                                                                                                                                                                    • Instruction ID: 723ccafcd404cdbf02d8b4e1e7d44c7abce53ecda24f7f9e8248a057d0c735c9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be0788fcd28f30aceb72c9f21c7e514f12e5e20177f0bbba70e93ddba9ee99ab
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99219275604295EFCB009F69CC6497FBBB9EF053687808925E82C87150EBB0ED4087AC
                                                                                                                                                                                                                                                                                    Function 68AC6A00 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000001,?,68A5D124,00000001,00000001,?,00000000), ref: 68AC6A1E
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000001,?,68A5D124,00000001,00000001,?,00000000,?,?,?,68A5BDF4,?,00000000,00000003), ref: 68AC6A2C
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000000,?,?,?,?,?), ref: 68AC6A4C
                                                                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?,?,?,?,00000001,?,68A5D124,00000001,00000001,?,00000000,?,?,?,68A5BDF4,?), ref: 68AC6A95
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorEventLast$CreateReset
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 77579966-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9da0f75c385a6c4b7a46f36704e93dfb99ba9f2e25f8dfed568dfc160c226834
                                                                                                                                                                                                                                                                                    • Instruction ID: 4e8a1e053e102f7cecb2126175e527088149f7809159799598c76ae0e1f038ff
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9da0f75c385a6c4b7a46f36704e93dfb99ba9f2e25f8dfed568dfc160c226834
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A11AD71505214EFD7109F79C888B2BBBB9EB55254F64883DEA96C3300EB32E881C762
                                                                                                                                                                                                                                                                                    Function 68A55900 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • CloseHandle, xrefs: 68A55959
                                                                                                                                                                                                                                                                                    • ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 68A55937
                                                                                                                                                                                                                                                                                    • Free, xrefs: 68A5593C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-1704384866
                                                                                                                                                                                                                                                                                    • Opcode ID: e6501eeac707114c4ccb18adad162589f35e231d7ed01bbeb12a1eb6726b7010
                                                                                                                                                                                                                                                                                    • Instruction ID: 17e0134b5fc598daa714e39f4fcf62ef9cf1ef3d2322ff88e67765f79d695f2f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6501eeac707114c4ccb18adad162589f35e231d7ed01bbeb12a1eb6726b7010
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80F0F675A4011CAB8F14ABA59C05DBF7B3DEB86614BC0002DE9092B241FF34515487E2
                                                                                                                                                                                                                                                                                    Function 68B4062E Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,68B3A3A2,?,00000001,?,?,?,68B2AAA4,?,00000000,00000000), ref: 68B40645
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68B3A3A2,?,00000001,?,?,?,68B2AAA4,?,00000000,00000000,?,?,?,68B2A3EA,?), ref: 68B40651
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B406B0: CloseHandle.KERNEL32(FFFFFFFE,68B40661,?,68B3A3A2,?,00000001,?,?,?,68B2AAA4,?,00000000,00000000,?,?), ref: 68B406C0
                                                                                                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 68B40661
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B40683: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,68B4061F,68B3A38F,?,?,68B2AAA4,?,00000000,00000000,?), ref: 68B40696
                                                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,68B3A3A2,?,00000001,?,?,?,68B2AAA4,?,00000000,00000000,?), ref: 68B40676
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 92d72bfb1db6648976d4719b39c6a4706b67e8642b2641132875d1622cdbd18d
                                                                                                                                                                                                                                                                                    • Instruction ID: fc7933aa6c2a75f0313a52686b9e9d764218a9414da9b7c9ef88182a1bcb2dfa
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92d72bfb1db6648976d4719b39c6a4706b67e8642b2641132875d1622cdbd18d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FF03736041168BBCF525FE5CC0999E3F76FF4A3A0F448110FA1995114CB32C862EB90
                                                                                                                                                                                                                                                                                    Function 68B35927 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B31B5A: GetLastError.KERNEL32(00000000,?,68B2E24D), ref: 68B31B5E
                                                                                                                                                                                                                                                                                      • Part of subcall function 68B31B5A: SetLastError.KERNEL32(00000000), ref: 68B31C00
                                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,68B2193C,?,?,?,?,?,-00000050,?,?,?), ref: 68B359E6
                                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,68B2193C,?,?,?,?,?,-00000050,?,?), ref: 68B35A1D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                                    • String ID: utf8
                                                                                                                                                                                                                                                                                    • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                                    • Opcode ID: b263c21254da3be1ada1a18e02ffdb0924c81efe79c5097bfdee6223dc568201
                                                                                                                                                                                                                                                                                    • Instruction ID: 5b93ca53cdf8ebeb22d8367cc2ecef7aae09ff7d057c2694ffb04974ddf9ec8c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b263c21254da3be1ada1a18e02ffdb0924c81efe79c5097bfdee6223dc568201
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08510175604BB5BBE714AF788C85BBE73A8FF05714F800529EA659B180FB70E540C6A8
                                                                                                                                                                                                                                                                                    Function 68A5AB50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,?,?,bitset set argument out of range,?,00000000,?,68A5C0F6,?,00000000,?,?,?,?,00000000), ref: 68A5AB60
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,bitset set argument out of range,?,00000000,?,68A5C0F6,?,00000000,?,?,?,?,00000000,-00000140,?), ref: 68A5ABF0
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A446D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 68A446EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • bitset reset argument out of range, xrefs: 68A5ABFC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: bitset reset argument out of range
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-1934458321
                                                                                                                                                                                                                                                                                    • Opcode ID: bff3a7eba7a894db07afcff21dab549faaaace2b673f7770991401abfaeb1fbe
                                                                                                                                                                                                                                                                                    • Instruction ID: 34d781a028effbbfc1c00c26fbbdd0552a0c63f4fb16f2678b9126a087a27a9d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bff3a7eba7a894db07afcff21dab549faaaace2b673f7770991401abfaeb1fbe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D2167327051049BCB044E28E8057AE33A7EBC3361F9A4129EC26E7691DB30DCD2C3A1
                                                                                                                                                                                                                                                                                    Function 68B3021E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 68B30495
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                                                    • Opcode ID: ad15827609e6b15fda717acd680dca94a9b2d13a7f432511d9e50a3a6ea4d519
                                                                                                                                                                                                                                                                                    • Instruction ID: f34ae9d97dabbd73b8454a3de903536d2c1583eced59d4a421445e1859b13b48
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad15827609e6b15fda717acd680dca94a9b2d13a7f432511d9e50a3a6ea4d519
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9931E7766052B9EFCF128F90CC8096E3B76FF09315B95865AFC6459111C332E963DB81
                                                                                                                                                                                                                                                                                    Function 68AAF8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68C8B90C,?), ref: 68AAF8F6
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68C8B90C,?), ref: 68AAF923
                                                                                                                                                                                                                                                                                      • Part of subcall function 68AA14E0: AcquireSRWLockExclusive.KERNEL32(68C8B9CC,?,68B754E2,?,68ABA33F,?,?,?,00000003,00000000,?,?,68B76704,68C84B20,68A77501), ref: 68AA14E4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: `CjL
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-2294715664
                                                                                                                                                                                                                                                                                    • Opcode ID: cd9c8f82ab5a14da9761f59aec7bd0a45338ae21fb8ab19d0f222b658413b862
                                                                                                                                                                                                                                                                                    • Instruction ID: bc6f456847d44a5ba35a79335acd2e0e7a0c9899db211b3108201c8c41ccb26e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd9c8f82ab5a14da9761f59aec7bd0a45338ae21fb8ab19d0f222b658413b862
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17212BF5B80508A79E085E198C80B3E3F799A9355C7C5001DDC6A77602EB63ACC28752
                                                                                                                                                                                                                                                                                    Function 68A5AA90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,00000000,?,68A5C0F6,?,00000000,?,?,?,?,00000000,-00000140,?,00000000), ref: 68A5AAA0
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00000000,?,68A5C0F6,?,00000000,?,?,?,?,00000000,-00000140,?,00000000), ref: 68A5AB30
                                                                                                                                                                                                                                                                                      • Part of subcall function 68A446D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 68A446EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • bitset set argument out of range, xrefs: 68A5AB3C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: bitset set argument out of range
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-3990704234
                                                                                                                                                                                                                                                                                    • Opcode ID: 7ad7f69401b38ed0fa401cae08ef3d9572566bffe13a6bab89024d28a70710f8
                                                                                                                                                                                                                                                                                    • Instruction ID: 2832483eee1ced1e9c82607ee2f7f0d6921245f44c6cda050e1a376cc3227814
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ad7f69401b38ed0fa401cae08ef3d9572566bffe13a6bab89024d28a70710f8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6411E53220141897C7081E10D4097EE3627DBC2355FD5412AED27A7751DBB0ECE2C3A1
                                                                                                                                                                                                                                                                                    Function 68B70DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,68B70A2E,?,00000001), ref: 68B70E00
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,68B70A2E,?,00000001), ref: 68B70E1C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: `CjL
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-2294715664
                                                                                                                                                                                                                                                                                    • Opcode ID: 978d791a5605ed791d192beaeeb5d677560fb7bb8bbb5d218f7af93ebb99b859
                                                                                                                                                                                                                                                                                    • Instruction ID: d32d862bd11b421ed644167ad56115c6e7303d96a152bb9f23618606c9c09972
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 978d791a5605ed791d192beaeeb5d677560fb7bb8bbb5d218f7af93ebb99b859
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9301C4757003449BDF609F658484B3EBBA9EF45758B80446AEE39CB241DB32D842C760
                                                                                                                                                                                                                                                                                    Function 68AAFC50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68C8B90C,00000000,?,?,?,?,?,68AB1872,?,00000000,00000001,00000000), ref: 68AAFC62
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68C8B90C,?,?,?,?,?,68AB1872,?,00000000,00000001,00000000), ref: 68AAFC7F
                                                                                                                                                                                                                                                                                      • Part of subcall function 68AA14E0: AcquireSRWLockExclusive.KERNEL32(68C8B9CC,?,68B754E2,?,68ABA33F,?,?,?,00000003,00000000,?,?,68B76704,68C84B20,68A77501), ref: 68AA14E4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: `CjL
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-2294715664
                                                                                                                                                                                                                                                                                    • Opcode ID: 0ce9ff68821e567f8a833555b939016a5a56baf27eddd081ae5bdcf0709e617e
                                                                                                                                                                                                                                                                                    • Instruction ID: 09328f50206de508938d131f1763f5465e385226a388d3789a3001ce58d426d9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ce9ff68821e567f8a833555b939016a5a56baf27eddd081ae5bdcf0709e617e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B90170F57851186B5E045F1B4C80B3E7F78AE8369C3C50019ED5957B02D753DC828391
                                                                                                                                                                                                                                                                                    Function 68B49B40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 68B49B70
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                                    • String ID: Bad variant access$bad_variant_access.cc
                                                                                                                                                                                                                                                                                    • API String ID: 4194217158-4004146108
                                                                                                                                                                                                                                                                                    • Opcode ID: f932c53637554d36d475ed417d3c0c2c940bdb9afa39d3f03aab93db6b854c6c
                                                                                                                                                                                                                                                                                    • Instruction ID: 6670f58abd94db2641abb46569e9e9ea0163c3a9802a5d5c9eaa10767937f007
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f932c53637554d36d475ed417d3c0c2c940bdb9afa39d3f03aab93db6b854c6c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEE020B694424C77FA0065999C43F9E764CCB15358FC84031FA485A252F773961792D7
                                                                                                                                                                                                                                                                                    Function 68AC69A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,68AA01AE,?,00000000,68B735CC,?,68A97EF8,?,?,00000000,?,00000001,?,68B735CC,?), ref: 68AC69B4
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 68AC69C0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                    • String ID: GetHandleVerifier
                                                                                                                                                                                                                                                                                    • API String ID: 1646373207-1090674830
                                                                                                                                                                                                                                                                                    • Opcode ID: 216897187f5260a69ee1abc0bea84d07c340ebb6a53514a980e81a3c017a34a8
                                                                                                                                                                                                                                                                                    • Instruction ID: 1876ca75e4e7b6cef67bbb08573519a15ccf6c9812e8772e400a2a7f2ca59e1d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 216897187f5260a69ee1abc0bea84d07c340ebb6a53514a980e81a3c017a34a8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAE065316956246BEFD0AE649D0AF7D36A9A702B01FC40428BE21DA2C0DDA1D4C0C527
                                                                                                                                                                                                                                                                                    Function 68A34FA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 68A34FAE
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 68A34FBA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.4168634650.0000000068891000.00000020.00000001.01000000.0000000A.sdmp, Offset: 68890000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4168534956.0000000068890000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169433079.0000000068C82000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169478345.0000000068C83000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169533840.0000000068C84000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169610963.0000000068C98000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169718592.0000000068C9E000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169792601.0000000068CA1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.4169859624.0000000068CA2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_68890000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                    • String ID: GetHandleVerifier
                                                                                                                                                                                                                                                                                    • API String ID: 1646373207-1090674830
                                                                                                                                                                                                                                                                                    • Opcode ID: d7b3febd747e47d9fb472341e6a38439a9a9c99324d99db7aeb32f57724d1574
                                                                                                                                                                                                                                                                                    • Instruction ID: b504fbe98b5835499559359e4867b3068ea18e7f926ca897c1901a9e2caf7ad8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7b3febd747e47d9fb472341e6a38439a9a9c99324d99db7aeb32f57724d1574
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45D0173454A339ABEF106EA98A48F2E36ACEB02A42F880810A921D2040DEB5D4C0C665

                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                    Execution Coverage:2.8%
                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                                                    Total number of Nodes:271
                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:12
                                                                                                                                                                                                                                                                                    execution_graph 27039 68531d90 218 API calls _ValidateLocalCookies 27041 684dc804 11 API calls 26814 683d0cf0 26817 683d0d50 26814->26817 26816 683d0d02 ___free_lconv_mon 26864 68490890 26817->26864 26819 683d0d75 26820 683d102a 26819->26820 26821 683d0da9 26819->26821 26822 683d10a2 26819->26822 26831 683d0dae CatchIt 26819->26831 26823 683d1035 26820->26823 26879 68533540 26820->26879 26821->26831 26918 684d1939 26821->26918 26931 685044a0 106 API calls 26822->26931 26832 683d103f 26823->26832 26935 685338c0 112 API calls 3 library calls 26823->26935 26827 683d10aa 26932 685044a0 106 API calls 26827->26932 26830 683d11d1 WriteFile 26830->26823 26831->26820 26835 683d0eb7 CatchIt 26831->26835 26869 6845d390 26831->26869 26876 684908c0 SetLastError 26832->26876 26834 683d10b2 26933 685044d0 106 API calls 26834->26933 26835->26820 26835->26823 26835->26834 26837 683d0f0a 26835->26837 26840 683d10ba 26837->26840 26844 683d0f1b 26837->26844 26934 685044a0 106 API calls 26840->26934 26843 684d1fe3 _ValidateLocalCookies 5 API calls 26845 683d1062 26843->26845 26847 684d1939 3 API calls 26844->26847 26849 683d0f2d CatchIt 26844->26849 26845->26816 26846 683d10d0 OutputDebugStringA 26863 683d0fb0 26846->26863 26847->26849 26848 683d0e33 26928 682cd780 41 API calls 26848->26928 26849->26820 26849->26863 26938 68533e20 137 API calls _ValidateLocalCookies 26849->26938 26853 683d0e62 26929 682cc660 41 API calls 26853->26929 26855 683d0e69 26855->26820 26855->26827 26855->26835 26858 683d0ea6 26855->26858 26858->26835 26860 684d1939 3 API calls 26858->26860 26860->26835 26863->26820 26863->26823 26863->26846 26930 684ea2d1 68 API calls ___std_exception_copy 26863->26930 26936 68533810 109 API calls 2 library calls 26863->26936 26937 683f3b00 RaiseException EnterCriticalSection LeaveCriticalSection 26863->26937 26939 684d19a1 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 26863->26939 26940 683f3ae0 RaiseException EnterCriticalSection LeaveCriticalSection 26863->26940 26941 684d1a1b AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26863->26941 26942 684e39e5 26864->26942 26867 684e39e5 __dosmaperr 11 API calls 26868 684908a4 GetLastError SetLastError 26867->26868 26868->26819 26870 6845d3b1 26869->26870 26872 6845d3ce 26870->26872 26984 683b1160 26870->26984 27000 68509b30 106 API calls 26870->27000 26874 684d1fe3 _ValidateLocalCookies 5 API calls 26872->26874 26875 6845d3d8 26874->26875 26875->26848 26877 684e39e5 __dosmaperr 11 API calls 26876->26877 26878 683d1058 26877->26878 26878->26843 26880 68533578 26879->26880 26892 68533561 26879->26892 26882 68533586 26880->26882 26883 68533618 26880->26883 26881 684d1fe3 _ValidateLocalCookies 5 API calls 26884 683d11c9 26881->26884 26885 684d1939 3 API calls 26882->26885 26887 6853362d CreateFileW 26883->26887 26883->26892 26884->26823 26884->26830 26886 6853358d _unexpected 26885->26886 26889 685335a8 GetModuleFileNameW 26886->26889 26888 68533664 _unexpected 26887->26888 26887->26892 26891 6853367a GetCurrentDirectoryW 26888->26891 27012 68457e10 110 API calls CatchIt 26889->27012 26891->26892 26893 685336a5 26891->26893 26892->26881 27008 683b5040 26893->27008 26895 68533604 27014 6845eb90 106 API calls CatchIt 26895->27014 26898 68533756 27017 68533dd0 131 API calls 26898->27017 26899 685336cb 26904 685336e1 26899->26904 27015 6845eb90 106 API calls CatchIt 26899->27015 26900 68533612 26900->26883 26902 68533781 27018 68505100 124 API calls _strlen 26902->27018 26903 685335cc 26903->26895 27013 68458fe0 106 API calls 26903->27013 27016 6845eb90 106 API calls CatchIt 26904->27016 26909 68533795 27019 68505100 124 API calls _strlen 26909->27019 26910 685336f3 26912 68533700 CreateFileW 26910->26912 26913 685336fe 26910->26913 26912->26892 26915 68533737 26912->26915 26913->26912 26914 6853379f 27020 68533a60 165 API calls 26914->27020 26915->26892 26920 684d193e 26918->26920 26921 684d1958 26920->26921 26924 684d195a 26920->26924 27031 683d92a0 26920->27031 27035 684e0ab9 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 26920->27035 26921->26831 26923 684d21dc 27037 684d331c RaiseException 26923->27037 26924->26923 27036 684d331c RaiseException 26924->27036 26926 684d21f9 26926->26831 26928->26853 26929->26855 26930->26863 26933->26840 26935->26832 26936->26863 26937->26863 26938->26863 26939->26863 26940->26863 26941->26863 26945 684f1cab GetLastError 26942->26945 26944 6849089b 26944->26867 26946 684f1cc7 26945->26946 26947 684f1cc1 26945->26947 26963 684f1ccb ___free_lconv_mon 26946->26963 26964 684f2413 26946->26964 26973 684f23d4 6 API calls _unexpected 26947->26973 26951 684f1d50 SetLastError 26951->26944 26954 684f1d11 26957 684f2413 _unexpected 6 API calls 26954->26957 26955 684f1d00 26956 684f2413 _unexpected 6 API calls 26955->26956 26956->26963 26958 684f1d1d 26957->26958 26959 684f1d38 26958->26959 26960 684f1d21 26958->26960 26974 684f1e9c EnterCriticalSection LeaveCriticalSection _unexpected 26959->26974 26961 684f2413 _unexpected 6 API calls 26960->26961 26961->26963 26963->26951 26975 684f2809 26964->26975 26967 684f244d TlsSetValue 26968 684f1ce3 26968->26963 26969 683d9360 26968->26969 26970 683d936f 26969->26970 26971 683d93a0 26970->26971 26983 68404c50 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 26970->26983 26971->26954 26971->26955 26973->26946 26974->26963 26976 684f2839 26975->26976 26980 684f242f 26975->26980 26976->26980 26982 684f273e LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_FlsGetValue 26976->26982 26978 684f284d 26979 684f2853 GetProcAddress 26978->26979 26978->26980 26979->26980 26981 684f2863 _unexpected 26979->26981 26980->26967 26980->26968 26981->26980 26982->26978 26983->26970 27001 6845f330 AcquireSRWLockExclusive 26984->27001 26986 683b1199 26987 683b11a7 26986->26987 27007 683b57c0 SleepConditionVariableSRW 26986->27007 26988 683b123a 26987->26988 26989 683b11b1 26987->26989 27006 6845f340 ReleaseSRWLockExclusive 26988->27006 27002 6845f340 ReleaseSRWLockExclusive 26989->27002 26993 683b1226 26993->26870 26994 683b11d6 27003 6845f330 AcquireSRWLockExclusive 26994->27003 26996 683b1203 27004 6845f340 ReleaseSRWLockExclusive 26996->27004 26998 683b1219 27005 683b57b0 WakeAllConditionVariable 26998->27005 27001->26986 27002->26994 27003->26996 27004->26998 27005->26993 27006->26993 27007->26986 27009 683b5050 27008->27009 27021 683b4ed0 27009->27021 27011 683b505c 27011->26898 27011->26899 27012->26903 27013->26895 27014->26900 27015->26904 27016->26910 27017->26902 27018->26909 27019->26914 27025 683b4ee7 27021->27025 27022 683b4f37 27028 683b4f5f CatchIt 27022->27028 27029 685044a0 106 API calls 27022->27029 27024 683b5025 27030 685044c0 106 API calls 27024->27030 27025->27022 27025->27024 27027 684d1939 3 API calls 27025->27027 27025->27028 27027->27022 27028->27011 27034 683d92af 27031->27034 27032 683d92dc 27032->26920 27034->27032 27038 68404c50 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 27034->27038 27035->26920 27036->26923 27037->26926 27038->27034 27043 684e1443 26 API calls ___std_exception_copy 27044 684f5c40 46 API calls 3 library calls 27046 684306d0 47 API calls ___from_strstr_to_strchr 27051 684e0952 45 API calls 27053 684efed0 46 API calls _unexpected 27054 684f6910 46 API calls 2 library calls 27056 683f4fa0 GetModuleHandleW GetProcAddress 27057 68403b20 265 API calls 26691 68492aa0 26692 68492ac9 26691->26692 26693 68492cb8 26691->26693 26694 68492c5f 26692->26694 26700 68492ae4 26692->26700 26725 68536710 216 API calls _ValidateLocalCookies 26693->26725 26723 685357c0 216 API calls 2 library calls 26694->26723 26699 68492bfd 26701 68492c47 26700->26701 26703 68492b89 26700->26703 26705 68492bbc 26700->26705 26713 68492d06 26700->26713 26724 685634f0 165 API calls _ValidateLocalCookies 26701->26724 26702 6846d5f0 106 API calls 26702->26713 26703->26705 26726 685634f0 165 API calls _ValidateLocalCookies 26703->26726 26716 684d1fe3 26705->26716 26706 684d19a1 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 26706->26713 26707 684d1a1b AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26707->26713 26708 684867e0 RaiseException EnterCriticalSection LeaveCriticalSection 26708->26713 26709 683f3ae0 RaiseException EnterCriticalSection LeaveCriticalSection 26709->26713 26713->26701 26713->26702 26713->26706 26713->26707 26713->26708 26713->26709 26714 684782e0 106 API calls CatchIt 26713->26714 26715 683d3bd0 128 API calls 2 library calls 26713->26715 26727 685357c0 216 API calls 2 library calls 26713->26727 26714->26713 26715->26713 26717 684d1fec IsProcessorFeaturePresent 26716->26717 26718 684d1feb 26716->26718 26720 684d2653 26717->26720 26718->26699 26728 684d2738 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26720->26728 26722 684d2736 26722->26699 26723->26705 26724->26705 26725->26705 26726->26705 26727->26713 26728->26722 27059 683d5e10 106 API calls 2 library calls 27060 684e807d 46 API calls ___std_exception_copy 27062 68458070 5 API calls 2 library calls 26729 683bc4c0 26730 683bc5f7 26729->26730 26731 683bc4e7 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 26729->26731 26776 683f55d0 26730->26776 26760 683f5660 26731->26760 26734 683bc51e 26766 683f56d0 26734->26766 26736 683bc5d9 26739 683bc5e1 26736->26739 26781 684601a0 26736->26781 26744 684d1fe3 _ValidateLocalCookies 5 API calls 26739->26744 26740 683bc53f GetLastError 26742 683bc550 26740->26742 26741 683bc55c 26784 683f27b0 218 API calls 26741->26784 26745 683bc555 SetLastError 26742->26745 26747 683bc5eb 26744->26747 26745->26741 26746 683bc561 GetCurrentThreadId 26785 683f2810 11 API calls _ValidateLocalCookies 26746->26785 26749 683bc572 26750 683bc5bc 26749->26750 26787 683f27b0 218 API calls 26749->26787 26751 683f5660 6 API calls 26750->26751 26753 683bc5c1 26751->26753 26786 683f5740 266 API calls _ValidateLocalCookies 26753->26786 26754 683bc61d GetCurrentThreadId 26788 683f2dc0 134 API calls _ValidateLocalCookies 26754->26788 26757 683bc5c8 GetCurrentThread GetThreadPriority 26757->26736 26758 683bc63e 26757->26758 26789 683f5580 225 API calls 26758->26789 26761 683f5687 26760->26761 26762 683f5680 26760->26762 26790 684d19a1 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 26761->26790 26762->26734 26764 683f5691 26764->26762 26791 684d1a1b AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26764->26791 26792 683766f0 GetCurrentThreadId 26766->26792 26768 683f56ed TryAcquireSRWLockExclusive 26769 683f56fa 26768->26769 26770 683f5701 26768->26770 26771 684046d0 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 26769->26771 26772 683f5b50 264 API calls 26770->26772 26771->26770 26773 683f5718 ReleaseSRWLockExclusive 26772->26773 26774 684d1fe3 _ValidateLocalCookies 5 API calls 26773->26774 26775 683bc52d 26774->26775 26775->26740 26775->26741 26775->26749 26777 683f55dc 26776->26777 26778 683f5600 26776->26778 26793 683bc370 26777->26793 26778->26736 26811 684869a0 26781->26811 26783 684601ae 26783->26739 26784->26746 26785->26749 26786->26757 26787->26754 26788->26750 26789->26736 26790->26764 26791->26762 26794 683bc39a GetCurrentThread 26793->26794 26795 683bc45e 26793->26795 26796 683bc3ab 26794->26796 26800 683bc3bb SetThreadPriority 26794->26800 26795->26794 26797 683bc46b 26795->26797 26798 683bc3af SetThreadPriority 26796->26798 26796->26800 26799 683bc3fc GetCurrentThread SetThreadInformation 26797->26799 26798->26800 26802 684d1fe3 _ValidateLocalCookies 5 API calls 26799->26802 26803 683bc3eb 26800->26803 26804 683bc3e3 26800->26804 26805 683bc42f 26802->26805 26803->26799 26810 6852a100 218 API calls 26803->26810 26804->26803 26806 683bc49a SetThreadInformation 26804->26806 26805->26736 26806->26803 26808 683bc484 26808->26799 26809 683bc48c SetThreadPriority 26808->26809 26809->26799 26810->26808 26812 684869af GetModuleHandleW GetProcAddress 26811->26812 26813 684869a9 26811->26813 26812->26813 26813->26783 27064 684d3bb0 6 API calls 4 library calls 27065 684f6530 49 API calls 2 library calls 27066 684f67f0 47 API calls 2 library calls

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 683F5EB0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 410COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 110 683f5eb0-683f5eda 111 683f6437-683f6438 110->111 112 683f5ee0-683f5ef0 110->112 115 683f643a-683f643e 111->115 113 683f5ef8-683f5f2b 112->113 114 683f5ef2-683f5ef5 112->114 116 683f5f2d-683f5f41 113->116 117 683f5f43-683f5f4c 113->117 114->113 118 683f6444-683f644a ReleaseSRWLockExclusive 115->118 116->117 119 683f609a-683f60b2 TryAcquireSRWLockExclusive 117->119 120 683f5f52-683f5f68 117->120 121 683f6451 118->121 122 683f60bb-683f60c5 119->122 123 683f60b4-683f60b6 call 684046d0 119->123 124 683f5f6f-683f5f87 120->124 125 683f5f6a call 684d2184 120->125 127 683f60cb-683f60d8 122->127 128 683f6346-683f6364 call 6841b3b0 122->128 123->122 130 683f5f8d-683f5f90 124->130 131 683f6064-683f6070 call 684036a0 124->131 125->124 135 683f60da-683f60eb 127->135 136 683f6093-683f6095 127->136 140 683f6369-683f636f 128->140 130->119 132 683f5f96-683f5fac 130->132 131->132 146 683f6076 131->146 137 683f6192-683f619e 132->137 138 683f5fb2-683f5fb8 132->138 142 683f6384-683f63d7 call 683f5ad0 call 682cc650 call 683f5ad0 call 682cc650 call 6841ada0 135->142 143 683f60f1-683f60fd 135->143 141 683f611c-683f6165 ReleaseSRWLockExclusive 136->141 148 683f61a2-683f61bb TryAcquireSRWLockExclusive 137->148 144 683f5fbe-683f5fc2 138->144 145 683f616c-683f618a call 68403f90 138->145 140->115 147 683f6375-683f637b 140->147 141->145 173 683f63dc-683f6432 call 683f5ad0 call 682cc650 call 683f5ad0 call 682cc650 call 6841ada0 142->173 143->142 150 683f6103-683f610f 143->150 151 683f5fc6-683f5fda call 68403ab0 144->151 145->151 164 683f6190 145->164 146->119 147->142 153 683f61bd-683f61bf call 684046d0 148->153 154 683f61c4-683f61d6 148->154 150->142 156 683f6115-683f6118 150->156 171 683f6060-683f6062 151->171 172 683f5fe0-683f5fee 151->172 153->154 160 683f61dc-683f61f5 154->160 161 683f62f6-683f631c call 6841b3b0 154->161 156->141 165 683f61fb-683f620d 160->165 166 683f6297-683f629d 160->166 176 683f6322-683f632c 161->176 177 683f6440 161->177 164->148 165->173 174 683f6213-683f621f 165->174 170 683f623a-683f6253 166->170 178 683f6257-683f628e ReleaseSRWLockExclusive 170->178 179 683f6009-683f6033 171->179 181 683f629f-683f62f1 call 683f5ad0 call 682cc650 call 683f5ad0 call 682cc650 call 6841ada0 172->181 182 683f5ff4-683f5ffc 172->182 173->111 174->173 183 683f6225-683f6231 174->183 176->121 185 683f6332-683f6341 176->185 177->118 178->166 189 683f6049-683f605d call 684d1fe3 179->189 190 683f6035-683f603b 179->190 181->161 182->181 188 683f6002-683f6005 182->188 183->173 191 683f6237 183->191 185->178 188->179 196 683f603d-683f6040 190->196 197 683f6078-683f6091 190->197 191->170 201 683f6043 196->201 197->201 201->189
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 683F60AA
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000040), ref: 683F615F
                                                                                                                                                                                                                                                                                      • Part of subcall function 68403F90: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 68403FD7
                                                                                                                                                                                                                                                                                      • Part of subcall function 68403F90: ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 6840410B
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 683F61B3
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,?,00000000), ref: 683F6288
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 683F6444
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID: 0Tbh$MBP+$first$second
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-2948675086
                                                                                                                                                                                                                                                                                    • Opcode ID: d36438f40758aac84fc4d0cc914423dcb03920595e0403fda7b2275e03c0e04b
                                                                                                                                                                                                                                                                                    • Instruction ID: 2857fcb0c381b2611818cef7dbeb6f616c7ebbcbe1c5183db4494e1b9534c67b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d36438f40758aac84fc4d0cc914423dcb03920595e0403fda7b2275e03c0e04b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2F1E275A087119FCB04CF28C894B6AB7E1FFC8318F54866DE9995B291E731E846CBC1
                                                                                                                                                                                                                                                                                    Function 6841ADE0 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 451 6841ade0-6841adf0 452 6841adf2-6841adf8 451->452 453 6841ae65-6841ae6b 451->453 454 6841ae46-6841ae4c 452->454 455 6841adfa-6841ae08 452->455 456 6841ae83-6841b0f6 453->456 457 6841ae6d-6841ae73 453->457 459 6841ae4f-6841ae5f 454->459 458 6841ae0a-6841ae1a 455->458 455->459 462 6841b0f9-6841b102 456->462 460 6841ae79-6841ae7e 457->460 461 6841b1cf-6841b243 call 684f4540 call 68404740 call 6841ade0 457->461 458->459 464 6841ae1c-6841ae2f 458->464 459->453 459->462 460->462 474 6841b283-6841b288 461->474 475 6841b245-6841b256 461->475 464->459 465 6841ae31-6841ae3f 464->465 465->459 467 6841ae41-6841b1ca 465->467 467->459 478 6841b2a7-6841b2aa 474->478 479 6841b28a-6841b2a2 474->479 476 6841b278 475->476 477 6841b258-6841b26e 475->477 481 6841b27a-6841b280 476->481 477->476 480 6841b270-6841b276 477->480 479->481 482 6841b2a4-6841b2a5 479->482 480->481 482->478
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: F0@h$first$second$slotsize$spansize
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-25170536
                                                                                                                                                                                                                                                                                    • Opcode ID: b24641f9ec205d75ee5f4b565c1c0e8c62307a18ba07b43cc5edc1a51c1ec235
                                                                                                                                                                                                                                                                                    • Instruction ID: b19e058798fbfe7a06cdf284d224f22da5d5de72ad9f0e795fd605e64f10224a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b24641f9ec205d75ee5f4b565c1c0e8c62307a18ba07b43cc5edc1a51c1ec235
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1C1E671F04A144FEB0AC93AC85535AB2E7AFE5380F14C737E81AF3285DB789C5A4A45
                                                                                                                                                                                                                                                                                    Function 68402E10 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 258COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32 ref: 68402E2F
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32 ref: 68402E48
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?), ref: 684030C5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 62ef13e0c2d38aa736ed82234b9dd677b5643a8e9bc3cfd427cac50e5763b388
                                                                                                                                                                                                                                                                                    • Instruction ID: a53a3e237060f5db635b2513b9b8ad90164d4158ff6f240b61beae074d2dc97a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62ef13e0c2d38aa736ed82234b9dd677b5643a8e9bc3cfd427cac50e5763b388
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9B10A70908B859AD701DF38C8447DAFFE0BF5A348F54876DE4994A282EB75A2D8C7C1
                                                                                                                                                                                                                                                                                    Function 683F5B50 Relevance: 3.3, APIs: 2, Instructions: 292COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4168288129-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 351b2f9d749c73d9bec0fc3273ad9189e6300ce0015221c08940b6aefd3d2e26
                                                                                                                                                                                                                                                                                    • Instruction ID: 9e30292b369e399eab8a42adbeba4bbf693d0e43166796ca63f77e710a7609cf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 351b2f9d749c73d9bec0fc3273ad9189e6300ce0015221c08940b6aefd3d2e26
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80A1EC31B15A1A8FC705CE69C48066EF3B2AF95310795C679D416EB344E772D883CBD1
                                                                                                                                                                                                                                                                                    Function 6841C950 Relevance: 37.7, APIs: 30, Instructions: 178sleepmemoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,00002000,00000000,00000000,00000000,?,6841CECE,00000000,00000000,00002000,00000001,?), ref: 6841C977
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841C991
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841C9AF
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841C9BB
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841C9CD
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841C9E7
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841C9F3
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841C9FD
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841CA17
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841CA23
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841CA2D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841CA4B
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841CA57
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841CA65
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841CA83
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841CA8F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841CA9D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841CABB
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841CAC7
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841CAD5
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841CAF3
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841CAFF
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841CB0D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841CB2B
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841CB37
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841CB45
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841CB63
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,?,?,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69), ref: 6841CB6F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000,?,?,?), ref: 6841CB7D
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,6841CECE,00000000,00000000,00002000,00000001,?,?,00000000,?,6841CCA8,6841CE69,00000000), ref: 6841CB9B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocErrorLastSleepVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2288223010-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 114a849e1df1c46c737744d019483ac82b86c8b3ce01cd4e958fa6bd76320a2b
                                                                                                                                                                                                                                                                                    • Instruction ID: b664a7b2c0d5d0d3e4d1d6b7ea416d8817c77a1a5d5dd848aae960708e050b79
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 114a849e1df1c46c737744d019483ac82b86c8b3ce01cd4e958fa6bd76320a2b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90517C72619945EFEF311B66CC4EF6F3B2DFB46399F544428F29581051CB70C681CA62
                                                                                                                                                                                                                                                                                    Function 683BC4C0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 133threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 683BC4F6
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 683BC4FA
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 683BC502
                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNELBASE(00000000,00000000,00000000,00000002,00000000,00000000,00000002), ref: 683BC511
                                                                                                                                                                                                                                                                                      • Part of subcall function 683F56D0: TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,?,683BC52D,00000000), ref: 683F56F0
                                                                                                                                                                                                                                                                                      • Part of subcall function 683F56D0: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,683BC52D,00000000), ref: 683F5719
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 683BC53F
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 683BC556
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 683BC563
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 683BC5C8
                                                                                                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 683BC5CF
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 683BC61F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Current$Thread$ErrorExclusiveLastLockProcess$AcquireDuplicateHandlePriorityRelease
                                                                                                                                                                                                                                                                                    • String ID: MBP+$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 25613288-3683453890
                                                                                                                                                                                                                                                                                    • Opcode ID: f2a74b1b3b1c1956d3a9c4722ee1b972585495d93939fa6b8d73824429c3bf5b
                                                                                                                                                                                                                                                                                    • Instruction ID: b6028a067df87622cab8ede88479f7e9f6d246c3620aac24eeb22bad1f2eab3c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2a74b1b3b1c1956d3a9c4722ee1b972585495d93939fa6b8d73824429c3bf5b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2141D6B9E002049BCB30ABB5CC48D7F7B6AAF95328B904539E95697341EF35DD0287E1
                                                                                                                                                                                                                                                                                    Function 68444D90 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,6843FF47,?,00000008), ref: 68444DA4
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 68444DB4
                                                                                                                                                                                                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,?,7FFFFFFF,00000000), ref: 68444E13
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressCreateLibraryLoadProcSemaphore
                                                                                                                                                                                                                                                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\synchronization\semaphore_win.cc$CreateSemaphore$MBP+$ProcessPrng$Semaphore$`%Mh$bcryptprimitives.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4071630139-1249009652
                                                                                                                                                                                                                                                                                    • Opcode ID: e58e1dda59e1df6255fcb808107353ea56d7b9dce7a49ab8e5deadaad91bee8d
                                                                                                                                                                                                                                                                                    • Instruction ID: fd554f21037804bf568aef5f401e3cecff638089220a4592db1ce3a35c9c1c1c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e58e1dda59e1df6255fcb808107353ea56d7b9dce7a49ab8e5deadaad91bee8d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45213575B001196BAB289F26AC18D7F37ADDB862917C0042DF919E7380EF309D0187A1
                                                                                                                                                                                                                                                                                    Function 683BC370 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100threadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 215 683bc370-683bc394 216 683bc39a-683bc3a9 GetCurrentThread 215->216 217 683bc45e-683bc465 215->217 218 683bc3bb-683bc3be 216->218 219 683bc3ab-683bc3ad 216->219 217->216 220 683bc46b 217->220 223 683bc46d-683bc472 218->223 224 683bc3c4 218->224 219->218 221 683bc3af-683bc3b5 SetThreadPriority 219->221 222 683bc3fc-683bc42a GetCurrentThread SetThreadInformation call 684d1fe3 220->222 221->218 234 683bc42f-683bc436 222->234 225 683bc3ce-683bc3e1 SetThreadPriority 223->225 226 683bc43b-683bc44f 224->226 227 683bc3cb-683bc3cd 224->227 228 683bc477-683bc47a 224->228 229 683bc437-683bc439 224->229 230 683bc454-683bc459 224->230 232 683bc3eb-683bc3f2 225->232 233 683bc3e3-683bc3e5 225->233 226->225 227->225 228->225 229->225 230->225 232->222 236 683bc3f4-683bc3f6 232->236 233->232 235 683bc49a-683bc4af SetThreadInformation 233->235 235->232 236->222 237 683bc47f-683bc486 call 6852a100 236->237 237->222 240 683bc48c-683bc495 SetThreadPriority 237->240 240->222
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 683BC39A
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00020000,?,683BC600,?,?), ref: 683BC3B5
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,7FFFFFFF,?,683BC600,?,?), ref: 683BC3D0
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 683BC413
                                                                                                                                                                                                                                                                                    • SetThreadInformation.KERNEL32(00000000,00000003,?,0000000C,?,683BC600,?,?), ref: 683BC41F
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,000000FE,?,683BC600,?,?), ref: 683BC48F
                                                                                                                                                                                                                                                                                    • SetThreadInformation.KERNEL32(00000000,00000000,?,00000004,?,683BC600,?,?), ref: 683BC4A9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$Priority$CurrentInformation
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 3180331770-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 74bed5fe54e35b78c0d53f73799f12a90dc8952e97a6455e6fbcc6cdc750f398
                                                                                                                                                                                                                                                                                    • Instruction ID: f74460427eb6a853422038646f233463cac524b71ce7136b49ccf391ad8ac1a1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74bed5fe54e35b78c0d53f73799f12a90dc8952e97a6455e6fbcc6cdc750f398
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA3158B16083009FCF315F799848BAE3B78EB5B364FC0451AFDAA97680CB7948029660
                                                                                                                                                                                                                                                                                    Function 68533540 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 186fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 241 68533540-6853355f 242 68533561-68533577 call 684d1fe3 241->242 243 68533578-68533580 241->243 245 68533586-685335d4 call 684d1939 call 684d5a20 GetModuleFileNameW call 68457e10 243->245 246 68533618-6853361f 243->246 262 685335d6-685335d9 245->262 263 685335db-685335dd 245->263 246->242 249 68533625-68533629 246->249 251 6853362b 249->251 252 6853362d-6853365e CreateFileW 249->252 251->252 252->242 254 68533664-6853369f call 684d5a20 GetCurrentDirectoryW 252->254 260 68533741-68533743 254->260 261 685336a5-685336ac call 683b5040 254->261 260->242 267 685336b1-685336bd 261->267 262->263 265 68533604-68533612 call 6845eb90 263->265 266 685335df 263->266 265->246 271 685335e1-685335e3 266->271 268 685336c3-685336c5 267->268 269 68533748-6853374d 267->269 272 68533756-685337a9 call 68533dd0 call 68505100 * 2 call 68533a60 268->272 273 685336cb 268->273 269->272 275 6853374f-68533751 269->275 271->265 276 685335e5-685335f0 271->276 279 685336cd-685336d3 273->279 275->279 276->271 278 685335f2-685335f5 276->278 278->265 281 685335f7-685335ff call 68458fe0 278->281 282 685336e7-685336fc call 6845eb90 279->282 283 685336d5-685336e1 call 6845eb90 279->283 281->265 292 68533700-68533731 CreateFileW 282->292 293 685336fe 282->293 283->282 292->242 295 68533737 292->295 293->292 295->260
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 685335B3
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6853364F
                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 6853368F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$CreateCurrentDirectoryModuleName
                                                                                                                                                                                                                                                                                    • String ID: Check failed: false. $MBP+$debug.log
                                                                                                                                                                                                                                                                                    • API String ID: 3818821825-1672072062
                                                                                                                                                                                                                                                                                    • Opcode ID: 7beebc0b67f32a5da1105c463ac8dae9b1faa187c87a40940a0b6b807d7b56f8
                                                                                                                                                                                                                                                                                    • Instruction ID: 9c5192e60b72fea04a1b17320c61ddfb3f337bb52db8eb92dd580575b16d292a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7beebc0b67f32a5da1105c463ac8dae9b1faa187c87a40940a0b6b807d7b56f8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA513970A007249FDB20EF65EC49BAEBBF0AF82709F80851CE95597291EB709548C7D1
                                                                                                                                                                                                                                                                                    Function 683D0D50 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 415fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 298 683d0d50-683d0d7d call 68490890 301 683d10e4-683d10ed 298->301 302 683d0d83-683d0d8b 298->302 303 683d0dae-683d0db4 301->303 304 683d10f3-683d10f9 301->304 305 683d0d8d-683d0d90 302->305 306 683d0d92-683d0d97 302->306 309 683d0dd4-683d0dd9 303->309 312 683d1101-683d110a 304->312 305->306 307 683d0d9d-683d0da3 306->307 308 683d11c2 306->308 310 683d0da9-683d0dac 307->310 311 683d10a2-683d10a5 call 685044a0 307->311 315 683d11c4-683d11cb call 68533540 308->315 313 683d0ddb-683d0ddd 309->313 314 683d0de3-683d0de5 309->314 310->303 316 683d0db6-683d0dd1 call 684d1939 310->316 325 683d10aa-683d10ad call 685044a0 311->325 317 683d1110-683d1116 312->317 318 683d0f13-683d0f19 312->318 313->308 313->314 320 683d0de7-683d0def call 684d54a0 314->320 321 683d0df2-683d0e01 314->321 338 683d1035-683d1039 315->338 339 683d11d1-683d11fc WriteFile 315->339 316->309 333 683d111e-683d112c call 685338c0 317->333 324 683d0ec9-683d0ece 318->324 320->321 328 683d0e06-683d0e09 321->328 329 683d0e03 321->329 335 683d0ed8-683d0eda 324->335 336 683d0ed0-683d0ed2 324->336 344 683d10b2-683d10b5 call 685044d0 325->344 330 683d0e0b-683d0e13 call 684d1969 328->330 331 683d0e16-683d0e2e call 68459890 call 6845d390 328->331 329->328 330->331 364 683d0e33-683d0e7a call 68459a20 call 682cd780 call 682cc660 331->364 342 683d103f-683d1043 333->342 345 683d0edc-683d0ee4 call 684d54a0 335->345 346 683d0ee7-683d0efb 335->346 336->308 336->335 338->333 338->342 339->338 351 683d1045-683d104d call 684d1969 342->351 352 683d1050-683d1069 call 684908c0 call 684d1fe3 342->352 360 683d10ba-683d10bd call 685044a0 344->360 345->346 347 683d0efd 346->347 348 683d0f00-683d0f04 346->348 347->348 348->344 356 683d0f0a-683d0f0c 348->356 351->352 362 683d0f0e-683d0f11 356->362 363 683d0f47 356->363 370 683d10c2-683d10c6 360->370 368 683d0f4a-683d0f50 362->368 363->368 364->312 419 683d0e80-683d0e88 364->419 368->360 372 683d0f56-683d0f5b 368->372 374 683d10cd 370->374 375 683d10c8-683d10cb 370->375 376 683d0f5d-683d0f60 372->376 377 683d0f1b-683d0f45 call 684d1939 372->377 378 683d10d0-683d10df OutputDebugStringA 374->378 375->378 382 683d0f63-683d0f68 376->382 377->382 379 683d1019-683d101b 378->379 383 683d101d-683d1022 379->383 384 683d106a-683d107c 379->384 387 683d0f6a-683d0f6c 382->387 388 683d0f72-683d0f74 382->388 391 683d102a-683d102f 383->391 392 683d1024-683d1028 383->392 384->391 394 683d107e 384->394 387->308 387->388 389 683d0f76-683d0f7e call 684d54a0 388->389 390 683d0f81-683d0faa 388->390 389->390 397 683d1201-683d122c call 68533e20 390->397 398 683d0fb0-683d0fb4 390->398 391->315 391->338 392->384 392->391 395 683d1080-683d1095 call 684ea2d1 394->395 413 683d109b-683d10a0 395->413 414 683d1234-683d1238 395->414 397->414 402 683d0fb6-683d0fbe call 684d1969 398->402 403 683d0fc1-683d0fc5 398->403 402->403 409 683d0fcb-683d0fd3 403->409 410 683d1131-683d1139 403->410 416 683d100c-683d1013 409->416 417 683d0fd5-683d100a 409->417 410->409 418 683d113f-683d1161 410->418 413->391 414->395 420 683d123e 414->420 416->370 416->379 417->338 417->416 421 683d1167-683d117b call 68533810 418->421 422 683d1243-683d1257 call 684d19a1 418->422 423 683d0e8f-683d0e94 419->423 424 683d0e8a-683d0e8d 419->424 420->422 434 683d117d-683d1180 421->434 435 683d1183-683d1185 421->435 422->421 432 683d125d-683d1281 call 683f3ae0 call 684d1a1b 422->432 423->308 428 683d0e9a-683d0ea0 423->428 424->423 428->325 431 683d0ea6-683d0ea9 428->431 431->318 437 683d0eab-683d0ec6 call 684d1939 431->437 432->421 434->435 435->308 436 683d1187-683d1191 435->436 436->308 439 683d1193-683d11a7 call 683f3b00 436->439 437->324 447 683d11a9-683d11b1 call 684d1969 439->447 448 683d11b4-683d11bd 439->448 447->448 448->409
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68490890: GetLastError.KERNEL32(00000000,?,683D08F8,?,?,?,0000000C,?,00000000,?,?,685366B5,?,?,?,?), ref: 684908AA
                                                                                                                                                                                                                                                                                      • Part of subcall function 68490890: SetLastError.KERNEL32(00000000,?,683D08F8,?,?,?,0000000C,?,00000000,?,?,685366B5,?,?,?,?), ref: 684908B5
                                                                                                                                                                                                                                                                                    • OutputDebugStringA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,68492A93), ref: 683D10D1
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,FFFFFFFF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 683D11F6
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D19A1: AcquireSRWLockExclusive.KERNEL32(68645FE4,?,?,?,6845D29B,6864ACA4), ref: 684D19AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D19A1: ReleaseSRWLockExclusive.KERNEL32(68645FE4,?,6845D29B,6864ACA4), ref: 684D19E6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorExclusiveLastLock$AcquireDebugFileOutputReleaseStringWrite
                                                                                                                                                                                                                                                                                    • String ID: LOG_FATAL$MBP+$W$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 11340718-2082663240
                                                                                                                                                                                                                                                                                    • Opcode ID: a47b9723402973d6a56e558ef5b998b0232c3d1fef34b95eec75cd40e86598d2
                                                                                                                                                                                                                                                                                    • Instruction ID: 911d37500629d474eacfaafc23b1312bff9021cec00425404f8500415adffb3b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a47b9723402973d6a56e558ef5b998b0232c3d1fef34b95eec75cd40e86598d2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79F10E76E04254CFDF10DFA4D894AAEFBF9BF45708F94402AE815AB240E771A806CB91
                                                                                                                                                                                                                                                                                    Function 6841CBB0 Relevance: 10.2, APIs: 8, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 483 6841cbb0-6841cbc5 VirtualFree 484 6841cbd3-6841cbea 483->484 485 6841cbc7-6841cbd2 483->485 486 6841cc60-6841cc61 484->486 487 6841cbec-6841cbf2 484->487 508 6841cc63-6841cc64 486->508 488 6841cc00-6841cc05 487->488 489 6841cd80-6841cd85 487->489 490 6841cf80-6841cf8a 487->490 491 6841cc23-6841cc32 VirtualFree 487->491 492 6841cea3-6841cead 487->492 493 6841cec5-6841cec9 call 6841c950 487->493 494 6841cc07 487->494 495 6841cd8a-6841cd9a call 6841c950 487->495 496 6841cc0c-6841cc14 call 6841c950 487->496 497 6841cf8c-6841cf91 487->497 498 6841ceaf-6841ceb9 487->498 499 6841cd6e-6841cd78 487->499 500 6841ce30-6841ce3a 487->500 501 6841cf74-6841cf7e 487->501 502 6841ce97-6841cea1 487->502 503 6841ce16-6841ce20 487->503 504 6841cf96-6841cfa6 call 6841c950 487->504 505 6841cbf9-6841cbfe 487->505 506 6841cebb-6841cec0 487->506 507 6841cfbd-6841cfc7 487->507 488->496 489->495 490->504 512 6841cc20-6841cc22 491->512 513 6841cc34-6841cc3c GetLastError 491->513 492->493 519 6841cece-6841ced3 493->519 494->496 523 6841cd62-6841cd6c 495->523 524 6841cd9c-6841cdbc GetLastError call 6841ce70 495->524 517 6841cc19-6841cc1e 496->517 497->504 498->493 499->495 500->495 501->504 502->493 503->495 529 6841ced7 504->529 530 6841cfac-6841cfb8 GetLastError 504->530 505->496 506->493 507->504 516 6841d038-6841d03d 507->516 515 6841cc66-6841cc69 508->515 513->512 520 6841cc3e 513->520 515->499 521 6841d05a-6841d062 call 6841c950 516->521 517->512 526 6841cc40-6841cc4b GetLastError 517->526 527 6841cee5-6841cef5 GetLastError 519->527 528 6841ced5 519->528 520->515 536 6841d067 521->536 523->499 535 6841cd5a-6841cd61 523->535 549 6841cd58 524->549 550 6841cdbe-6841cdde 524->550 532 6841cc5a-6841cc5b call 683f5560 526->532 533 6841cc4d-6841cc52 526->533 534 6841cede-6841cee4 527->534 537 6841cef7-6841cf04 TryAcquireSRWLockExclusive 527->537 528->529 529->534 530->534 532->486 533->532 542 6841cc54-6841cc56 533->542 539 6841d06a-6841d070 536->539 540 6841cf10-6841cf17 537->540 541 6841cf06-6841cf0b call 684046d0 537->541 545 6841cf50-6841cf61 ReleaseSRWLockExclusive 540->545 546 6841cf19-6841cf2f VirtualFree 540->546 541->540 542->512 548 6841cc58 542->548 553 6841cf63-6841cf6d 545->553 554 6841cfcc-6841cfcd 545->554 551 6841cf35-6841cf46 546->551 552 6841cfcf-6841cfd2 546->552 548->508 549->535 550->535 558 6841cde4-6841cdf4 VirtualFree 550->558 551->545 552->516 553->490 553->497 553->501 553->504 553->507 553->516 553->521 555 6841d055 553->555 556 6841d03f-6841d04c VirtualFree 553->556 557 6841d04e-6841d053 553->557 554->552 555->521 556->539 557->521 559 6841cdf6-6841ce03 558->559 560 6841ce3f-6841ce40 558->560 561 6841ce42-6841ce64 call 6841cc70 559->561 562 6841ce05-6841ce0f 559->562 560->561 567 6841ce69-6841ce6d 561->567 562->489 562->490 562->492 562->493 562->495 562->497 562->498 562->499 562->500 562->501 562->502 562->503 562->504 562->506 562->507 562->516 562->521 562->555 562->556 562->557 567->502
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,6841AA7E,00000000,?,?,6841C16E,00000002,00000000,?,?,?,?,00000000), ref: 6841CBBD
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2d1af68fe8cfae099790f096c8baa880184ce870a3f15e09fd25c62952368ad0
                                                                                                                                                                                                                                                                                    • Instruction ID: e4fa3502bbd7a47908d45867cc99006539bb4413c484780c2d483c9869454b76
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d1af68fe8cfae099790f096c8baa880184ce870a3f15e09fd25c62952368ad0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4551E770B492059BFB280929CC29F3B3A5ADB82745F804439F759DB3C0EA79DD0247D5
                                                                                                                                                                                                                                                                                    Function 6841CE70 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 568 6841ce70-6841ce7e 569 6841ce84-6841ce90 568->569 570 6841cfc9-6841cfca 568->570 572 6841cf80-6841cf8a 569->572 573 6841cea3-6841cead 569->573 574 6841cec5-6841cec9 call 6841c950 569->574 575 6841cf8c-6841cf91 569->575 576 6841ceaf-6841ceb9 569->576 577 6841d04e-6841d053 569->577 578 6841d055 569->578 579 6841cf74-6841cf7e 569->579 580 6841ce97-6841cea1 569->580 581 6841cf96-6841cfa6 call 6841c950 569->581 582 6841d038-6841d03d 569->582 583 6841cebb-6841cec0 569->583 584 6841d05a-6841d062 call 6841c950 569->584 585 6841cfbd-6841cfc7 569->585 586 6841d03f-6841d04c VirtualFree 569->586 571 6841cfcc-6841cfcd 570->571 590 6841cfcf-6841cfd2 571->590 572->581 573->574 592 6841cece-6841ced3 574->592 575->581 576->574 577->584 578->584 579->581 580->574 597 6841ced7 581->597 598 6841cfac-6841cfb8 GetLastError 581->598 582->584 583->574 594 6841d067 584->594 585->581 585->582 587 6841d06a-6841d070 586->587 590->582 595 6841cee5-6841cef5 GetLastError 592->595 596 6841ced5 592->596 594->587 599 6841cede-6841cee4 595->599 600 6841cef7-6841cf04 TryAcquireSRWLockExclusive 595->600 596->597 597->599 598->599 601 6841cf10-6841cf17 600->601 602 6841cf06-6841cf0b call 684046d0 600->602 604 6841cf50-6841cf61 ReleaseSRWLockExclusive 601->604 605 6841cf19-6841cf2f VirtualFree 601->605 602->601 604->571 607 6841cf63-6841cf6d 604->607 605->590 606 6841cf35-6841cf46 605->606 606->604 607->572 607->575 607->577 607->578 607->579 607->581 607->582 607->584 607->585 607->586
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,6841B834,?,?), ref: 6841CEE5
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6865C2D8,?,?,?,?,?,?,00000000,?,6841B834,?,?), ref: 6841CEFC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,?,?,00000000,?,6841B834,?,?), ref: 6841CF27
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6865C2D8,?,?,?,?,?,?,00000000,?,6841B834,?,?), ref: 6841CF55
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6841CFAC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00003000,00000040,00004000), ref: 6841D046
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorExclusiveFreeLastLockVirtual$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1130761037-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3fa252098e069866d6afe22866f4df7645f4dc8bedc7a502308a0b21b88112cc
                                                                                                                                                                                                                                                                                    • Instruction ID: 57ea124ffa986230b89987d4bbf9a1cb2e04a1194e663398dc59d4f773ac4f01
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fa252098e069866d6afe22866f4df7645f4dc8bedc7a502308a0b21b88112cc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9931E871749201ABFB184A59CC29F3F361AEB82345F804439F3559B3C1EA79DD4287D5
                                                                                                                                                                                                                                                                                    Function 6841CC70 Relevance: 7.7, APIs: 6, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 608 6841cc70-6841cc86 609 6841cc88-6841cc8a call 684393a0 608->609 610 6841cc9b-6841ccad call 6841ce70 608->610 613 6841cc8f-6841cc98 609->613 615 6841ccb3-6841ccba 610->615 616 6841cd4f-6841cd56 610->616 613->610 619 6841ccc0-6841ccd4 VirtualFree 615->619 620 6841cd5a-6841cd61 615->620 617 6841cce6-6841cd02 call 6841ce70 616->617 618 6841cd58 616->618 627 6841cd43-6841cd4b 617->627 628 6841cd04-6841cd0a 617->628 618->620 622 6841ce45-6841ce46 619->622 623 6841ccda-6841cce4 619->623 624 6841ce48-6841ce64 call 6841cc70 622->624 623->617 633 6841ce69-6841ce6d 624->633 631 6841cd4d 627->631 632 6841cd2f-6841cd3c 627->632 628->620 630 6841cd0c-6841cd1c VirtualFree 628->630 630->622 634 6841cd22-6841cd28 630->634 631->618 635 6841cdab-6841cdbc call 6841ce70 632->635 636 6841cd3e 632->636 637 6841ce97-6841cea1 633->637 634->632 635->618 642 6841cdbe-6841cdde 635->642 636->624 640 6841cec5-6841cec9 call 6841c950 637->640 643 6841cece-6841ced3 640->643 642->620 644 6841cde4-6841cdf4 VirtualFree 642->644 645 6841cee5-6841cef5 GetLastError 643->645 646 6841ced5 643->646 647 6841cdf6-6841ce03 644->647 648 6841ce3f-6841ce40 644->648 652 6841cef7-6841cf04 TryAcquireSRWLockExclusive 645->652 653 6841cede-6841cee4 645->653 649 6841ced7 646->649 650 6841ce42-6841ce43 647->650 651 6841ce05-6841ce0f 647->651 648->650 649->653 650->622 651->637 651->640 656 6841cd80-6841cd85 651->656 657 6841cf80-6841cf8a 651->657 658 6841cea3-6841cead 651->658 659 6841cd8a-6841cd9a call 6841c950 651->659 660 6841cf8c-6841cf91 651->660 661 6841ceaf-6841ceb9 651->661 662 6841cd6e-6841cd78 651->662 663 6841d04e-6841d053 651->663 664 6841ce30-6841ce3a 651->664 665 6841d055 651->665 666 6841cf74-6841cf7e 651->666 667 6841ce16-6841ce20 651->667 668 6841cf96-6841cfa6 call 6841c950 651->668 669 6841d038-6841d03d 651->669 670 6841cebb-6841cec0 651->670 671 6841d05a-6841d062 call 6841c950 651->671 672 6841cfbd-6841cfc7 651->672 673 6841d03f-6841d04c VirtualFree 651->673 654 6841cf10-6841cf17 652->654 655 6841cf06-6841cf0b call 684046d0 652->655 678 6841cf50-6841cf61 ReleaseSRWLockExclusive 654->678 679 6841cf19-6841cf2f VirtualFree 654->679 655->654 656->659 657->668 658->640 688 6841cd62-6841cd6c 659->688 689 6841cd9c-6841cda8 GetLastError 659->689 660->668 661->640 662->659 663->671 664->659 665->671 666->668 667->659 668->649 690 6841cfac-6841cfb8 GetLastError 668->690 669->671 670->640 687 6841d067 671->687 672->668 672->669 675 6841d06a-6841d070 673->675 684 6841cf63-6841cf6d 678->684 685 6841cfcc-6841cfcd 678->685 682 6841cf35-6841cf46 679->682 683 6841cfcf-6841cfd2 679->683 682->678 683->669 684->657 684->660 684->663 684->665 684->666 684->668 684->669 684->671 684->672 684->673 685->683 687->675 688->620 688->662 689->635 690->653
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,00000000,?,6841B834,?,?), ref: 6841CCCC
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,00000000,?,6841B834,?,?), ref: 6841CD14
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6841B834), ref: 6841CD9C
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,00000000,?,6841B834,?), ref: 6841CDEC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4230811426-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 88120149e0e4dc9a836cc070e32625a04ca7ad90f43cab403f8d4d4c2feaf8a9
                                                                                                                                                                                                                                                                                    • Instruction ID: d9a2271d1344a6ee67a07e7c8d5dfce2b348956cf6b0391daa2620dc62342abd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88120149e0e4dc9a836cc070e32625a04ca7ad90f43cab403f8d4d4c2feaf8a9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD71E571B482059BFB148E69CC65F7F3AAAEB85304F444039FA59DB380EA79DD0287D1
                                                                                                                                                                                                                                                                                    Function 6841B3B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 754 6841b3b0-6841b3dc 755 6841b3e2-6841b3e8 754->755 756 6841b81b-6841b822 754->756 757 6841b6b5-6841b6bc 755->757 758 6841b3ee-6841b3f0 call 6841b2b0 755->758 759 6841b489-6841b49d call 684d1fe3 756->759 760 6841b828-6841b83b call 6841bbe0 756->760 757->759 764 6841b6c2-6841b6f8 757->764 758->759 770 6841b840-6841b843 760->770 771 6841b83d 760->771 767 6841ba97-6841bafc call 683f5ad0 call 682cc650 call 683f5ad0 call 682cc650 764->767 768 6841b6fe-6841b739 764->768 790 6841bba2-6841bba7 767->790 791 6841bb02-6841bb07 call 6841bfb0 767->791 772 6841b746-6841b7af call 68404750 768->772 773 6841b73b-6841b744 768->773 770->767 771->770 778 6841b7b1-6841b7cb 772->778 779 6841b7e8-6841b802 772->779 773->772 773->773 781 6841b7cd-6841b7df 778->781 783 6841bbd8-6841bbd9 779->783 784 6841b808-6841b814 779->784 781->781 785 6841b7e1-6841b7e5 781->785 787 6841bbdb-6841bbdf 783->787 784->756 785->779 790->791 793 6841bb0c-6841bb15 791->793 794 6841bb1b-6841bb28 793->794 795 6841bbac-6841bbb1 793->795 798 6841bb37-6841bb3f 794->798 799 6841bb2a-6841bb2e 794->799 796 6841bb41-6841bb50 795->796 797 6841bbb3-6841bbd6 ReleaseSRWLockExclusive call 6841c170 795->797 804 6841bb8a-6841bb97 797->804 798->796 800 6841bb55-6841bb74 798->800 799->798 800->787 802 6841bb76 800->802 802->804 804->790
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: MBP+$slotsize$spansize
                                                                                                                                                                                                                                                                                    • API String ID: 0-2014383884
                                                                                                                                                                                                                                                                                    • Opcode ID: a24de5a78fe0a3b8839a2e1b6c99b0f671170da8840c2057417641da2402e61d
                                                                                                                                                                                                                                                                                    • Instruction ID: 709bbd280b6b56a082a08e3c0f2c0fe3d7515d6a34ffcbad0f50c217642ae785
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a24de5a78fe0a3b8839a2e1b6c99b0f671170da8840c2057417641da2402e61d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B891F175B087058FC704CF28C890BAAB7E2EFD8354F54852DE89A8B795D734E842CB91
                                                                                                                                                                                                                                                                                    Function 684869A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 805 684869a0-684869a7 806 684869a9-684869ae 805->806 807 684869af-684869c8 GetModuleHandleW GetProcAddress 805->807 808 684869ca-684869d1 807->808 809 684869ef-684869f2 807->809 810 684869e9-684869ed 808->810 811 684869d3-684869db 808->811 812 684869dd 809->812 813 684869de call 683f5380 810->813 811->812 812->813 816 684869e3-684869e7 813->816 816->806
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,684601AE,?,00000000,685335CC,?,68457EF8,?,?,00000000,?,00000001,?,685335CC,?), ref: 684869B4
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 684869C0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                    • String ID: GetHandleVerifier$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 1646373207-778798633
                                                                                                                                                                                                                                                                                    • Opcode ID: 66af5d34b400f6aeb0842d335f096e58c1867c06bae5caf77fcb5ed22898595a
                                                                                                                                                                                                                                                                                    • Instruction ID: da68ccc09e3ee807629fda784dc2c6016349b0dbf4e205f30cefec48c76355da
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66af5d34b400f6aeb0842d335f096e58c1867c06bae5caf77fcb5ed22898595a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40E09BB1AB4204AFFFE0677AAD1EF6E3689A70170BFC00425B615C51C0DDA4D481C655
                                                                                                                                                                                                                                                                                    Function 6841D020 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00003000,00000040,00004000), ref: 6841D046
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6865C2D8,-00000100,?,00000000,?,?,6841BDF4,?,00000000,00000003,00000000,?,00000000), ref: 6841D08B
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,?,6841BDF4,?,00000000,00000003,00000000,?,00000000,?,?,?,?), ref: 6841D0B7
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6865C2D8,?,?,6841BDF4,?,00000000,00000003,00000000,?,00000000,?,?,?,?,?), ref: 6841D0E6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveFreeLockVirtual$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 448536242-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0fd48cf2c0233c5de5273ee40ef0bbb34fd7f3913d8da7bc38c4789a30cfe025
                                                                                                                                                                                                                                                                                    • Instruction ID: 039096fb73222684761bf1edac17833aa65ebaf3f719f49e310346ee4e67527f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fd48cf2c0233c5de5273ee40ef0bbb34fd7f3913d8da7bc38c4789a30cfe025
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B62137B1644204ABEB205AAA9C05F7B7B5CEB82B58F408519FA895B640D771EC0387E2
                                                                                                                                                                                                                                                                                    Function 683F56D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,?,683BC52D,00000000), ref: 683F56F0
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,683BC52D,00000000), ref: 683F5719
                                                                                                                                                                                                                                                                                      • Part of subcall function 684046D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 684046EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: d210b96d2813c001d5780375b94cf1606e5f0e8b5a8976d3927313ed93988ced
                                                                                                                                                                                                                                                                                    • Instruction ID: 72c4a2be927016e7f985781a889928055d1aeea78851211a1391712f880e9060
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d210b96d2813c001d5780375b94cf1606e5f0e8b5a8976d3927313ed93988ced
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3F062759002189B8F10AFA9DC54CFFB7BCEF49658B80442EE902A7201EB399905CBF4
                                                                                                                                                                                                                                                                                    Function 68404780 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,00000000,?,00000000,?,684045A9,00000001,?,?,00000000,0000007E,?,?,68403F38,?,00000000), ref: 68404A4E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLockRelease
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 1766480654-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 7b2ea34f5df0102ec23be917c09a368c0c44484f274efb25a1fbdcbf903266f4
                                                                                                                                                                                                                                                                                    • Instruction ID: 8d1dc9e285c3c2e4553896ad6df9165074ce075dfc51dac2096583ba1141498f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b2ea34f5df0102ec23be917c09a368c0c44484f274efb25a1fbdcbf903266f4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7391B576A00A018FC718CF69C881BA6B3B1FF94319F58867DE9258F395D739E941CB90
                                                                                                                                                                                                                                                                                    Function 683F5790 Relevance: 3.2, APIs: 2, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,?,68403B4D,68403B4D,?,6842FFF4,?,?,?,?,?,?,00000000), ref: 683F5967
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000001,00000001,?,6842FFF4,?,?,?,?,?,?,00000000), ref: 683F59D8
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-0
                                                                                                                                                                                                                                                                                    • Opcode ID: cd8e8ad230f0b4bc0d61151bbadf171f6dcc822c9eaab2798d9c7227d022e473
                                                                                                                                                                                                                                                                                    • Instruction ID: fc593d9eff299830e705e09283584408ede0e809c95c00930bfe86d6fdc852a8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd8e8ad230f0b4bc0d61151bbadf171f6dcc822c9eaab2798d9c7227d022e473
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD81DF71A00651CFDB28CF68C884B6AB7E5FF45328F84867DD8658B682D735E942CBC0
                                                                                                                                                                                                                                                                                    Function 684393A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68444690: TryAcquireSRWLockExclusive.KERNEL32(6865DE18,?,?,684393A9,?,?,6841CC8F,00000000,?,?,?,?,6841CE69,?,?,00000000), ref: 68444699
                                                                                                                                                                                                                                                                                      • Part of subcall function 68444690: ReleaseSRWLockExclusive.KERNEL32(6865DE18,?,684393A9,?,?,6841CC8F,00000000,?,?,?,?,6841CE69,?,?,00000000,00000000), ref: 684446CE
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,6841CC8F,00000000,?,?,?,?,6841CE69,?,?,00000000,00000000,?,?,?), ref: 684393D8
                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,68645E04,?,6841CC8F,00000000,?,?,?,?,6841CE69,?,?,00000000,00000000,?), ref: 684393E4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLockProcess$AcquireCurrentReleaseWow64
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2898688079-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 724bcaf472e9afdfe4f65678d29603612a09e8a7ee510a4162cfae300c1e18c5
                                                                                                                                                                                                                                                                                    • Instruction ID: d26823039637e77e94d56a5d78d37331f3867c7741f62b4be74862559fa6fb46
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 724bcaf472e9afdfe4f65678d29603612a09e8a7ee510a4162cfae300c1e18c5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3E065B1A4063047E7109ABB6A5DF1E7A988B0F765F844117E924C72C1DFA2DC0147D0
                                                                                                                                                                                                                                                                                    Function 68444690 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6865DE18,?,?,684393A9,?,?,6841CC8F,00000000,?,?,?,?,6841CE69,?,?,00000000), ref: 68444699
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6865DE18,?,684393A9,?,?,6841CC8F,00000000,?,?,?,?,6841CE69,?,?,00000000,00000000), ref: 684446CE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0359b1162c7e3833e811b31700aeb64701a21f82221d68ddcd125b5252d03954
                                                                                                                                                                                                                                                                                    • Instruction ID: 49da9e4e5553424a47612f22040928ec096b6c510922d6715b01a47d1c49ecb6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0359b1162c7e3833e811b31700aeb64701a21f82221d68ddcd125b5252d03954
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68E06D11B051602BEF215BEB7808B6A7A818BA329CFC00479E8119A3C1CB9907728BD3
                                                                                                                                                                                                                                                                                    Function 684F1CAB Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68525CA1,684E39EA,684E6763,?,00000003,684D6F9B), ref: 684F1CAF
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 684F1D51
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e269de02da8780933ec1de485f4e146fab164f6cc606e6e987318a944861f126
                                                                                                                                                                                                                                                                                    • Instruction ID: 05b0490856ef17c2342ae3846502c78d4d2b876284c0dae1797f8b767953e0b8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e269de02da8780933ec1de485f4e146fab164f6cc606e6e987318a944861f126
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD11C8B5644221AFD7132AB6DCC4E2F36ADEB867ACBA0023CF524D1290DF5558178194
                                                                                                                                                                                                                                                                                    Function 6841CFE0 Relevance: 2.5, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000001,00004000,?,68404B92,00000001,?,00000001,?,683BC52D,?,6841C1C5), ref: 6841CFEE
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,68404B92,00000001,?,00000001,?,683BC52D,?,6841C1C5), ref: 6841CFF8
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFreeLastVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 499627090-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 937c27cb546d59db69e20c7031945c98eeede0d373bb967f574bc6b7c815ec0c
                                                                                                                                                                                                                                                                                    • Instruction ID: a31ba4cd1b50931f89d40d9f985325bea38860f44c5a5c1205fecb2b54dbc5a6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 937c27cb546d59db69e20c7031945c98eeede0d373bb967f574bc6b7c815ec0c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2D0C971648208BB9B301E66EC09B293F6DAB41B99F404424FB5889510FB71D4529644

                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                    Function 684735B0 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$MBP+$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-158976530
                                                                                                                                                                                                                                                                                    • Opcode ID: c831aad9d0c4b15e3edcdfb0a57f8b44ab767df321d834e857933e9f39e43ca5
                                                                                                                                                                                                                                                                                    • Instruction ID: 3635840d86445b2816ba3c9ea15c25f82a082215fef323d31f9e90a98c7adb18
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c831aad9d0c4b15e3edcdfb0a57f8b44ab767df321d834e857933e9f39e43ca5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2C16EB5E00219DFCB24DFA8D884EEDF7B6BF89318B954519E815A7350DB31AC02CB91
                                                                                                                                                                                                                                                                                    Function 6846F2B0 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 486COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6864B90C,?,68491F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 6846F2EB
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,68491F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 6846F4F6
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,68491F30,00000000,FFFFFFFF,?,?,?,F1645913), ref: 6846F50E
                                                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 6846F5F5
                                                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 6846F809
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release__floor_pentium4$Acquire
                                                                                                                                                                                                                                                                                    • String ID: `%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 2821508176-576353334
                                                                                                                                                                                                                                                                                    • Opcode ID: 0d7b01ca334ac885de34d12f432f7f68786119c01cc932f9a85d6bd70ec6e92d
                                                                                                                                                                                                                                                                                    • Instruction ID: faa5d8c33abe3002cb9758de67268fba14dcd53a46af17ebc4e9dfa04a971dc2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d7b01ca334ac885de34d12f432f7f68786119c01cc932f9a85d6bd70ec6e92d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F10B71F126058BCB04CF69C891D2EB3B2BF96370794862AD4A6E7741E771E8C2CB51
                                                                                                                                                                                                                                                                                    Function 684F6237 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 684F1B5A: GetLastError.KERNEL32(00000000,?,684EE24D), ref: 684F1B5E
                                                                                                                                                                                                                                                                                      • Part of subcall function 684F1B5A: SetLastError.KERNEL32(00000000), ref: 684F1C00
                                                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 684F633F
                                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(?), ref: 684F637D
                                                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 684F6390
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 684F63D8
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 684F63F3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 415426439-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 45147ce628fc3dd544435efc5fbf12bc57149dc4b7789073d07182cb17ac1286
                                                                                                                                                                                                                                                                                    • Instruction ID: 059337e3c14c0798e87567d5aec41b1e3fafc5c0e23ceaee9507a340a1434459
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45147ce628fc3dd544435efc5fbf12bc57149dc4b7789073d07182cb17ac1286
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6515F71D00615AFEF11DFA5CC44EBE77B8EF85700F91447EAA20E7250EB7099428BA1
                                                                                                                                                                                                                                                                                    Function 68341D10 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: MBP+$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-3683453890
                                                                                                                                                                                                                                                                                    • Opcode ID: b09dba2216ae62c77a5539f1c1b49069d6c184d8408b818fa75a0c9afd89a7ce
                                                                                                                                                                                                                                                                                    • Instruction ID: 038369dcbabe3b2c0ec7e92a09ef655c1ba1b01202d17722d0fda391f596e1be
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b09dba2216ae62c77a5539f1c1b49069d6c184d8408b818fa75a0c9afd89a7ce
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3E1B575A002058FDB04CF58C484AAEB7FAFF8D314F95816EE419AB351DB71AC46CBA0
                                                                                                                                                                                                                                                                                    Function 684F69B7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,684F636D,?,?), ref: 684F6A50
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,684F636D,?,?), ref: 684F6A79
                                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,684F636D,?,?), ref: 684F6A8E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                    • Opcode ID: f225f0a36329339fdd5399c22d6ba3a9e9589e25d5f66f898fdfaa58fe75be88
                                                                                                                                                                                                                                                                                    • Instruction ID: 25598eed5cf4d6d306f5d20579d05f4906b948f94ca88daef79983d49bd66b53
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f225f0a36329339fdd5399c22d6ba3a9e9589e25d5f66f898fdfaa58fe75be88
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88218362E44305E6E7248F69C905E8B72A6EBC2B54BD6C47CEA29D7204E732D943C750
                                                                                                                                                                                                                                                                                    Function 6846D5F0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                                                                                    • String ID: -$MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 3839614884-852902869
                                                                                                                                                                                                                                                                                    • Opcode ID: db9f599d2e9f653706e31e3b06cf71e74b6b334a7360100f8b427ddff9edb995
                                                                                                                                                                                                                                                                                    • Instruction ID: 3b794a80e540487f2bfea161eec1021baf0ccbe7c1eeff38beca7118d4b20053
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db9f599d2e9f653706e31e3b06cf71e74b6b334a7360100f8b427ddff9edb995
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66C1D571E002199FDB04CF68D894BAEFBA5EF89264F65822EE8199B341D7319944CBD0
                                                                                                                                                                                                                                                                                    Function 684F6530 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 684F1B5A: GetLastError.KERNEL32(00000000,?,684EE24D), ref: 684F1B5E
                                                                                                                                                                                                                                                                                      • Part of subcall function 684F1B5A: SetLastError.KERNEL32(00000000), ref: 684F1C00
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 684F6584
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 684F65CE
                                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 684F6694
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 661929714-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 105ab957f016b2bc80dd41f2a0521d6b3a41e121902dd84fd2bfa4d6fb1717f3
                                                                                                                                                                                                                                                                                    • Instruction ID: 3c99db6a8533fa59f85f0244f19f4498137a1a1d83e66bd4c3b78c08890a9329
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 105ab957f016b2bc80dd41f2a0521d6b3a41e121902dd84fd2bfa4d6fb1717f3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4961A0B1954217DFEB189F28CD85FAA77B8EF44304F50817DEA25C6284EB35D982CB50
                                                                                                                                                                                                                                                                                    Function 684E5274 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 684E536C
                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 684E5376
                                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 684E5383
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 3906539128-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: cbb9e66885d5410992e228ef19f36d11fdef42604a68c232f3909fb9523fc94b
                                                                                                                                                                                                                                                                                    • Instruction ID: 65bd96bc268a78d4f5585be89aafa27349c7b09103dd2c2ea557341617a0d8d0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbb9e66885d5410992e228ef19f36d11fdef42604a68c232f3909fb9523fc94b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9031A4759012289BCB21DF69DC88B9DBBB8BF08311F9045DAE41CA7251EB749B85CF44
                                                                                                                                                                                                                                                                                    Function 68532EC0 Relevance: 30.1, APIs: 3, Strings: 14, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 6847A350: _strlen.LIBCMT ref: 6847A38A
                                                                                                                                                                                                                                                                                      • Part of subcall function 68471850: _strlen.LIBCMT ref: 68471861
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 68532F3B
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D19A1: AcquireSRWLockExclusive.KERNEL32(68645FE4,?,?,?,6845D29B,6864ACA4), ref: 684D19AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D19A1: ReleaseSRWLockExclusive.KERNEL32(68645FE4,?,6845D29B,6864ACA4), ref: 684D19E6
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 6853314B
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 68533174
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen$ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: into $ under feature $ with string value $. Falling back to default value of $..\..\base\metrics\field_trial_params.cc$9FGh$Failed to parse field trial param $FieldTrialParams-default$FieldTrialParams-feature_name$FieldTrialParams-param_name$FieldTrialParams-value$LogInvalidValue$MBP+$Variations.FieldTriamParamsLogInvalidValue
                                                                                                                                                                                                                                                                                    • API String ID: 3829107669-3945801251
                                                                                                                                                                                                                                                                                    • Opcode ID: 9c6eff80cdc58a786ee9c13e98aff5734a00f0d87ef932e9660141e2b8bcc940
                                                                                                                                                                                                                                                                                    • Instruction ID: 9269236269a8a854d8a6aef7ce2faab3938cd7fb550b5de08c39b7238238df15
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c6eff80cdc58a786ee9c13e98aff5734a00f0d87ef932e9660141e2b8bcc940
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06B12AB9804350ABD710EF60EC95FBF77A4AB42728F84852CE8592B281F731A915C7D3
                                                                                                                                                                                                                                                                                    Function 6844B0D0 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 208threadtimeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6844B0F7
                                                                                                                                                                                                                                                                                    • QueryThreadCycleTime.KERNEL32(00000000,00000000), ref: 6844B103
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6844B191
                                                                                                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 6844B194
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6844B19E
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000002), ref: 6844B1A3
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6844B200
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6844B20B
                                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?), ref: 6844B216
                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6844B224
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6844B2F1
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$CurrentQuery$PerformancePriority$Counter$CycleFrequencyTime
                                                                                                                                                                                                                                                                                    • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\base\time.cc$MBP+$PERFETTO_CHECK(perf_counter_now >= perf_counter_initial)$PERFETTO_CHECK(tsc_now >= tsc_initial)
                                                                                                                                                                                                                                                                                    • API String ID: 649842374-361604425
                                                                                                                                                                                                                                                                                    • Opcode ID: 188a3cd7951dc22375c0ac0d31f12290586eed3c1fa7b88ec288eedcf0354b89
                                                                                                                                                                                                                                                                                    • Instruction ID: 00961f11fddb9ed15f719858e22494caf19a47fe4a2c19ea39aa37b72dd5e9a0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 188a3cd7951dc22375c0ac0d31f12290586eed3c1fa7b88ec288eedcf0354b89
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A81D075808A00DFEB11DF79E85591FB7F4FF86395F808619F986A3250EB31A842CB42
                                                                                                                                                                                                                                                                                    Function 683D08D0 Relevance: 21.4, APIs: 5, Strings: 7, Instructions: 351timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 68490890: GetLastError.KERNEL32(00000000,?,683D08F8,?,?,?,0000000C,?,00000000,?,?,685366B5,?,?,?,?), ref: 684908AA
                                                                                                                                                                                                                                                                                      • Part of subcall function 68490890: SetLastError.KERNEL32(00000000,?,683D08F8,?,?,?,0000000C,?,00000000,?,?,685366B5,?,?,?,?), ref: 684908B5
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 683D0903
                                                                                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,0000000C,?,00000000,?,?,685366B5,?,?), ref: 683D09DD
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 683D0AEF
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 683D0C58
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast_strlen$CountLocalTickTime
                                                                                                                                                                                                                                                                                    • String ID: )] $:$:$MBP+$UNKNOWN$VERBOSE$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 4112389128-950673088
                                                                                                                                                                                                                                                                                    • Opcode ID: e56843b5a23e6592bc734eb586bfb22e00f2580388b73a72b18464f723b0a140
                                                                                                                                                                                                                                                                                    • Instruction ID: cad666a7e5a143116051c7fd2222b274f31c13b3777a50d9a026d7503495d7b3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e56843b5a23e6592bc734eb586bfb22e00f2580388b73a72b18464f723b0a140
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20C107B5E04244AFDB14CFA4DCA4EBE77B8EF56708F80401DE815A7341EB369906CBA1
                                                                                                                                                                                                                                                                                    Function 68402BE0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 68402C1E
                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,00000000), ref: 68402C2A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentWow64
                                                                                                                                                                                                                                                                                    • String ID: `%Mh$allo$c$comm$iswo$it$ize$size$va_s$w64
                                                                                                                                                                                                                                                                                    • API String ID: 1905925150-244634372
                                                                                                                                                                                                                                                                                    • Opcode ID: 04bc8bd8a5150224e7d6ccdf998dbfe3bf2dac66950d8cbfb1af2a3c35e15f68
                                                                                                                                                                                                                                                                                    • Instruction ID: 1a75903b21ea8d7aa901e341b8aa766ab396ca9708d56b088eda7713b4a98925
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04bc8bd8a5150224e7d6ccdf998dbfe3bf2dac66950d8cbfb1af2a3c35e15f68
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE316BB58083409FD710DF64D898B6BBBE8BF88308F540A2DF58A8B240D7B5D6048B83
                                                                                                                                                                                                                                                                                    Function 683415B0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 124libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 683415FB
                                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,8B04C483,?,68342774,?,?,?,6850AA01), ref: 683416C0
                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(Kernel32.dll,?,?,8B04C483,?,68342774,?,?,?,6850AA01), ref: 683416FE
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThreadDescription), ref: 6834170A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressCurrentFreeHandleLocalModuleProcThread
                                                                                                                                                                                                                                                                                    • String ID: GetThreadDescription$Kernel32.dll$MBP+$`%Mh$t'4h
                                                                                                                                                                                                                                                                                    • API String ID: 4205643583-550095766
                                                                                                                                                                                                                                                                                    • Opcode ID: 5415f2f214880aaa68ceda3e2c196a11ebcfca4ab91253a79867b7286b89524b
                                                                                                                                                                                                                                                                                    • Instruction ID: 64f2c31365359c2d50bb114301a56224253936c4ffa4a6da324226734715201d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5415f2f214880aaa68ceda3e2c196a11ebcfca4ab91253a79867b7286b89524b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C412571D006148FDF10AFA4DC84EAEB7F9EF45218B94012ADC16A7250EB399C16CAA1
                                                                                                                                                                                                                                                                                    Function 68341310 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 6834143F
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 68341494
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen
                                                                                                                                                                                                                                                                                    • String ID: %*s:%s$%s%s %s$MBP+$[%03u.%03u] $[printf format error]$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 2172594012-1348387382
                                                                                                                                                                                                                                                                                    • Opcode ID: 748b41ab1d33dbf8f8ba25022ec0440dde3163891299aaf987c8322143f9dec3
                                                                                                                                                                                                                                                                                    • Instruction ID: f49196dc4bda6feb81ac49bf227f3ab3e40a5ec07bec4d7fb7a5c638895fd8ee
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 748b41ab1d33dbf8f8ba25022ec0440dde3163891299aaf987c8322143f9dec3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF5167B6900301ABEB048F24DC85E7FB7A9EFC6318F80862DF95556282FB31D521C792
                                                                                                                                                                                                                                                                                    Function 684D3BB0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 684D3BE7
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 684D3BEF
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 684D3C78
                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 684D3CA3
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 684D3CF8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: MBP+$`%Mh$csm
                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-2727728325
                                                                                                                                                                                                                                                                                    • Opcode ID: 825a2999c6d56954be4bbdf99375e1fe67f339624c7883a391e195850e103b59
                                                                                                                                                                                                                                                                                    • Instruction ID: 9ee08cdfd6486805b997abd12e36f868caf4c395606759d1dcce739a468d6839
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 825a2999c6d56954be4bbdf99375e1fe67f339624c7883a391e195850e103b59
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C418675E00219DBCF00CF69CC94F9EBBB5AF45758F508169E8249B351E731EA06CB91
                                                                                                                                                                                                                                                                                    Function 6844EB30 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: MBP+$MBP+$`%Mh$eDh
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-795343495
                                                                                                                                                                                                                                                                                    • Opcode ID: d2b09a2aa9e85025cc31754e2d1bebd8e813e1406db55ff725cd378ad9584930
                                                                                                                                                                                                                                                                                    • Instruction ID: a3c850a60f887f04707e03e33a13e0f936c387513b372b9217c119f0e2a53eb9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2b09a2aa9e85025cc31754e2d1bebd8e813e1406db55ff725cd378ad9584930
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97E16E75E002159FEB04CF58C884EAEB7F6FF89324F958169E415AB351DB35AC06CBA0
                                                                                                                                                                                                                                                                                    Function 684F058E Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 684F06AD
                                                                                                                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 684F080C
                                                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 684F090D
                                                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 684F0928
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CallCatchFramesNestedUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 2332921423-393685449
                                                                                                                                                                                                                                                                                    • Opcode ID: 13dd9f13dc516372bbe815a8e05d8cb810b048ae74eb0b25409291c59c12bec2
                                                                                                                                                                                                                                                                                    • Instruction ID: de5f5900207eb0b15fe4f802b2aaaaac9010570777b43482fcfb4ae010f6ce0e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13dd9f13dc516372bbe815a8e05d8cb810b048ae74eb0b25409291c59c12bec2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BB12575C01209EFDF14CFA4D984DAEBBB5BF84319B9041AEE8206B211D771DA52CFA1
                                                                                                                                                                                                                                                                                    Function 684F8A7C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea$Info
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 541289543-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: d093f8f99c481b3b7c78b776b3d66565a0c2254c32ad687ec19ee61744338e21
                                                                                                                                                                                                                                                                                    • Instruction ID: ce199a084482f78048537ccf7abf70dcb7048f7127da56a5deb37e3e71ae6f75
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d093f8f99c481b3b7c78b776b3d66565a0c2254c32ad687ec19ee61744338e21
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D71D5B2D802495BEF118E568C81FAE77B69FDA354F94007DE924AF380E735D80387A1
                                                                                                                                                                                                                                                                                    Function 683F2DC0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 683F2DD6
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 683F2ED0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: ..\..\base\threading\thread_id_name_manager.cc$MBP+$RemoveName$handle_to_name_iter != thread_handle_to_interned_name_.end()$id_to_handle_iter != thread_id_to_handle_.end()
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-3582857220
                                                                                                                                                                                                                                                                                    • Opcode ID: 58be150308aee6f4a11e794fb1de0c7f28d404685eb97c33be23c3cf1d17b752
                                                                                                                                                                                                                                                                                    • Instruction ID: 7bc86dc0f9fb9aa2c1b8d4b2012b90b429a47dd5359431c62c573ef69767f3bc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58be150308aee6f4a11e794fb1de0c7f28d404685eb97c33be23c3cf1d17b752
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E51B031B00745DFDB289F29C95096EB3F5AB987087D0453EE82997241EB32E906CBE1
                                                                                                                                                                                                                                                                                    Function 684E0C5E Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,2B50424D,?,?,00000000,685BB440,000000FF,?,684E0D1F,?,?,684E0DBB,?,?), ref: 684E0C93
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CorExitProcess), ref: 684E0CA5
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00000000,685BB440,000000FF,?,684E0D1F,?,?,684E0DBB,?,?,?,?,2B50424D), ref: 684E0CC7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$MBP+$`%Mh$mscoree.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4061214504-2433512819
                                                                                                                                                                                                                                                                                    • Opcode ID: 48888b6c498307d3e8d7cb21cd0983bc4cfa64d745f6e82fd12ffb10bc160dc9
                                                                                                                                                                                                                                                                                    • Instruction ID: 8ef47e82d18e9245dcf9c417f6d45fe55452a06622091a58a8c9904ade09168a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48888b6c498307d3e8d7cb21cd0983bc4cfa64d745f6e82fd12ffb10bc160dc9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E018131950A59AFDF259F51CD48FAEBBB9FB05B16F404929F832E2390DF749900CA90
                                                                                                                                                                                                                                                                                    Function 684F3E01 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f492ebc2efcad86b8d6e0f7bd2feb2b284066b83d153a20c6e5141718fdeff8b
                                                                                                                                                                                                                                                                                    • Instruction ID: 9fac0c023511b2f01168314215a2d5616565820f585557e7d82810378895edcd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f492ebc2efcad86b8d6e0f7bd2feb2b284066b83d153a20c6e5141718fdeff8b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AB15532E042559FDB118F68CC81FAA7BB5EF86350F54417DE914AB381E7749903CBA1
                                                                                                                                                                                                                                                                                    Function 68535570 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: FeatureList-early-access-allow-list$FeatureList-feature-accessed-too-early$MBP+$false$true
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-1570967565
                                                                                                                                                                                                                                                                                    • Opcode ID: 1ecf9d27ad8ebb03084a0ac4895d6af3276645ea80f34762b1c29cc526dc2cc5
                                                                                                                                                                                                                                                                                    • Instruction ID: 205cc17c84cbd00bcc8f6ffc6aa684369e5974684649c50efd1ead95daff10fd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ecf9d27ad8ebb03084a0ac4895d6af3276645ea80f34762b1c29cc526dc2cc5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0231E6B5D011149FCB10EBAAEC4AEAE77B5FB47314FC1412AD90557280E7316945CBE2
                                                                                                                                                                                                                                                                                    Function 68496DB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6847E30C,6840A300,?,00000000,?,?,684974E6,6865A83C,684306D0,?,?,6847E30C,00000001), ref: 68496DCE
                                                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6865A800,6840A300,?,00000000,6847E30C,00000001), ref: 68496E1A
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 68496E2F
                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 68496E3D
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 68496E46
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Once$ErrorExecuteInitLast$Value
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 4287946392-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: c532d79d81bcf689b90fd15973d6aaabd12bd9830e44acaff50aa03664b71438
                                                                                                                                                                                                                                                                                    • Instruction ID: c56c2c0715f41bcb7d417bb71a2e7ed3f5a87e9c66b194fc8a98e42b6557f205
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c532d79d81bcf689b90fd15973d6aaabd12bd9830e44acaff50aa03664b71438
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39218775A00108ABDF249F69DC48FAF7BA8EF45755F900429EA1997300EB35A910C6E1
                                                                                                                                                                                                                                                                                    Function 684F9A99 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea
                                                                                                                                                                                                                                                                                    • String ID: MBP+$a/p$am/pm
                                                                                                                                                                                                                                                                                    • API String ID: 240046367-2087800131
                                                                                                                                                                                                                                                                                    • Opcode ID: b3bc38b68bc9381a579cd49b7214b02bef44487e402fa82e21a568178460d04f
                                                                                                                                                                                                                                                                                    • Instruction ID: 8412a4475c4692227be4f9b2cc516b38d8a37b7e627805df2cfeb629e81b4e71
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3bc38b68bc9381a579cd49b7214b02bef44487e402fa82e21a568178460d04f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3C1BA35D04256DADB118F68C894FAA7BB1FF86304F90406DE925AB390D33B9953CFA1
                                                                                                                                                                                                                                                                                    Function 6842FD20 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 348COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(-00000300,?,?,00000000,?,00000000,?,68403B4D,FFFFFF79,00000000,?,?,684030A3,?,?), ref: 6842FD3E
                                                                                                                                                                                                                                                                                      • Part of subcall function 684046D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 684046EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AcquireExclusiveLock
                                                                                                                                                                                                                                                                                    • String ID: `%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 4021432409-576353334
                                                                                                                                                                                                                                                                                    • Opcode ID: 13348dfd9901acb7d6fd8e75f5058e9825fe4358bfc25c77cce2a98ee85184cf
                                                                                                                                                                                                                                                                                    • Instruction ID: 21fcb995f00922de5ee65e99b5133891137546749897496cbebc97267c370444
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13348dfd9901acb7d6fd8e75f5058e9825fe4358bfc25c77cce2a98ee85184cf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BD1D171A00625CFDB14CF69C894BAAB7F2FF49318F944269D8299B341D775E842CF80
                                                                                                                                                                                                                                                                                    Function 684EFCE1 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,684EFCD8,684F04A0,?,?,?,?,684D3816,?,?,?,?,?,00000000,00000000), ref: 684EFCEF
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 684EFCFD
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 684EFD16
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,684D3816,?,?,?,?,?,00000000,00000000,00000000,?,?,?,?,?,6850C674), ref: 684EFD68
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 943c84e8bb8ced55da795acea0846ae2b51dfd490aa4e0160525fd3a3647b80b
                                                                                                                                                                                                                                                                                    • Instruction ID: 2a94c1cb61688adaf565a679653fc578fc1e6e92ec602986dd67143654a5e2ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 943c84e8bb8ced55da795acea0846ae2b51dfd490aa4e0160525fd3a3647b80b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5301DD3690F7119EE71037BABC8CD6E2A94EB8677EBB0127DF5B1852D0EF9154024180
                                                                                                                                                                                                                                                                                    Function 684F02B5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                    • String ID: `%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 1740715915-576353334
                                                                                                                                                                                                                                                                                    • Opcode ID: 7089ced384c55727cd81796860f8bd420e1ec2c57b6aabbd73386f7911f9c3da
                                                                                                                                                                                                                                                                                    • Instruction ID: ec5976ed08ae3cd47bf22e49fb2c4fb4e6ff699ee4386e2f997e19dcaf813525
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7089ced384c55727cd81796860f8bd420e1ec2c57b6aabbd73386f7911f9c3da
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C151E076A05606DFEB158F56C890FAE73A4EFC4715F90453EEC2197290EB31E892CB90
                                                                                                                                                                                                                                                                                    Function 68505450 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: ... (message truncated)$MBP+$`%Mh$pVPh
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-3239671992
                                                                                                                                                                                                                                                                                    • Opcode ID: 0a878e9cd8120122d07f22f8151ad39bcad07d673659d651f61f493391cffe72
                                                                                                                                                                                                                                                                                    • Instruction ID: b24032732061e665ef60614edc90a983f48b17f9cc1d91a1890f8084babc756f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a878e9cd8120122d07f22f8151ad39bcad07d673659d651f61f493391cffe72
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3541BF769002199BDF24DF54DC95EEEBB79FF45209F8040AEE909A7241EB305E40CF90
                                                                                                                                                                                                                                                                                    Function 68404470 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,0000007E,?,?,68403F38,?,00000000,?,00000000,?,68403B4D,FFFFFF79,00000000), ref: 68404496
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,00000001,?,?,00000000,0000007E,?,?,68403F38,?,00000000,?,00000000,?,68403B4D,FFFFFF79), ref: 684044B7
                                                                                                                                                                                                                                                                                      • Part of subcall function 684046D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 684046EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: MBP+$first$second
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-2476383081
                                                                                                                                                                                                                                                                                    • Opcode ID: 21dba88f3eeea9207489015639ec414473438737de5b1acbd339917b1e8ef2fe
                                                                                                                                                                                                                                                                                    • Instruction ID: 6f8f31db7445bdcbe7fac3a6325aa3d0b0e0df233e264964b750b561cd1ee308
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21dba88f3eeea9207489015639ec414473438737de5b1acbd339917b1e8ef2fe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1415C31A007419FD710CF29C844B6BF7A2AFD83A8F64C63CE6A94B384EB75D4128781
                                                                                                                                                                                                                                                                                    Function 6841BBE0 Relevance: 7.8, APIs: 5, Instructions: 280COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(-000000C0,?,?,?,?,00000000,?,6841B834,?,?), ref: 6841BC07
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 6841BE68
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?), ref: 6841BEBA
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,?,?,?), ref: 6841BED3
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(-00000140,?,?,?,?,00000000,?,6841B834,?,?), ref: 6841BF91
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1021914862-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 19a092ed4b23c217df921352777504b67ba1f7c2b7429681f4653602bd2be9d4
                                                                                                                                                                                                                                                                                    • Instruction ID: 86f65636ce7a55cfb45dff87325140ab88ccc3860da90239742bc1e6b1af3eb5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19a092ed4b23c217df921352777504b67ba1f7c2b7429681f4653602bd2be9d4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7B19D74A087059FDB14CF64DC80BFEB7B5BF88304F54442CE5AAAB381DB79A9418B90
                                                                                                                                                                                                                                                                                    Function 684F1919 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 240046367-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 45efe8043a371d8645b9551ac07b16efa12eaf53bcd95eb2853778ce31521a1f
                                                                                                                                                                                                                                                                                    • Instruction ID: 36f450676bc0abd53fc64c1909c577631cf96823d9127b9d34766fb46406a796
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45efe8043a371d8645b9551ac07b16efa12eaf53bcd95eb2853778ce31521a1f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D95182B2E00246ABEF128EA5CC84EBB76A9DFC5754B91413DFD24D6250EB31D852C7A0
                                                                                                                                                                                                                                                                                    Function 68529ED0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188sleepCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 68529FAF
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 68529FD9
                                                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(406D1388,00000000,00000004,?), ref: 6852A0BA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionRaiseSleepUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 360010522-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: b49a92c4c5106d04322f0ead82b6d89ecfc2e55c10a0a398b1ef63e60b04e1d5
                                                                                                                                                                                                                                                                                    • Instruction ID: 87073ee370d9236a514ef426dd38afd0ed1764ac997852303b90c20170702ce3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b49a92c4c5106d04322f0ead82b6d89ecfc2e55c10a0a398b1ef63e60b04e1d5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C151E372A043049FC704CF28C890B5AB7E6EBC9724F15893DE889D7380EB359C498B91
                                                                                                                                                                                                                                                                                    Function 684F09B3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,684F08B9,?,?,00000000,00000000,00000000,?), ref: 684F09D8
                                                                                                                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 684F0ABE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CatchEncodePointer
                                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                    • API String ID: 1435073870-2084237596
                                                                                                                                                                                                                                                                                    • Opcode ID: 5987beb01c8c9d924c2c3676d7ae7d11ef480d9f4d06dc9dc01029d4d47d1e43
                                                                                                                                                                                                                                                                                    • Instruction ID: e21ca676548119dc806aef1c818036d543976ba3e4892a1eb16c29cf2b72c0de
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5987beb01c8c9d924c2c3676d7ae7d11ef480d9f4d06dc9dc01029d4d47d1e43
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4413572D00209AFCF05CF94DD84EAEBBB5BF88304F5581A9F924A6250D3359962DF91
                                                                                                                                                                                                                                                                                    Function 68403D00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68644B40), ref: 68403D81
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68644B40), ref: 68403DC5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: @Kdh$MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-4011120717
                                                                                                                                                                                                                                                                                    • Opcode ID: b9cdc3a0aa274e2d2c353169b1b543fc2bd9251e5c0a98de3c874bc8ffe7b067
                                                                                                                                                                                                                                                                                    • Instruction ID: 2d4bcee9106c9f43ac9ba696d7b7b0e6ff073ea5fa524e8c2b82141a2da9be3c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9cdc3a0aa274e2d2c353169b1b543fc2bd9251e5c0a98de3c874bc8ffe7b067
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A241D8709057808BD3318F29C864B6BBFE4EF56358F84896DE8D64B392C7B9A184C791
                                                                                                                                                                                                                                                                                    Function 684F021E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 684F0495
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: `%Mh$csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 3493665558-4116940899
                                                                                                                                                                                                                                                                                    • Opcode ID: 7ea9d11b504ee790501250ea9a610fa6fc267e721bf1d3fc12caf54fcb80257e
                                                                                                                                                                                                                                                                                    • Instruction ID: 6979bab8ac827ec2f997c51fd15463c2cc69fb22bed6dfe6d79e9758f43164db
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ea9d11b504ee790501250ea9a610fa6fc267e721bf1d3fc12caf54fcb80257e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C031A375801219EBCF22CF90CC44D6ABBA6FFC9355B94566EFC6499211C3B2C863DB81
                                                                                                                                                                                                                                                                                    Function 68403AC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68644B40,?,684030A3,?,?), ref: 68403AC8
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68644B40,?,684030A3,?,?), ref: 68403AFD
                                                                                                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000001,00000000,FFFFFF79,00000000,?,?,684030A3,?,?), ref: 68403B62
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireReleaseValue
                                                                                                                                                                                                                                                                                    • String ID: @Kdh
                                                                                                                                                                                                                                                                                    • API String ID: 421378090-2221384393
                                                                                                                                                                                                                                                                                    • Opcode ID: 1c03360d5d33fb732db7c304fe4895aff94d7548f88bde8002e6f59f5ed783dc
                                                                                                                                                                                                                                                                                    • Instruction ID: c75adee572b98296aae42912ff0f45955ca90e46eb5db31abd4171f6fa17a1a7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c03360d5d33fb732db7c304fe4895aff94d7548f88bde8002e6f59f5ed783dc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F012634A44644AFCF209B6AA809F6F7F76DB82758F804025F41467B41C7B629468BA2
                                                                                                                                                                                                                                                                                    Function 6844B010 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(FFFFFFFF), ref: 6844B03D
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(FFFFFFFF), ref: 6844B058
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PerformanceQuery$CounterFrequency
                                                                                                                                                                                                                                                                                    • String ID: MBP+$auEh
                                                                                                                                                                                                                                                                                    • API String ID: 774501991-3344222239
                                                                                                                                                                                                                                                                                    • Opcode ID: 60145920a97d73997b72ed6396d5b5a72ad0343c2141096e5530d747e3c63547
                                                                                                                                                                                                                                                                                    • Instruction ID: 3f950aa790b3b2d56609f58d7a07cc62a1555483afdc7822134e42cee9a8d999
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60145920a97d73997b72ed6396d5b5a72ad0343c2141096e5530d747e3c63547
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB113A70408B05CBC711DF39C45545EFBE4FF8A3A1F504B0DE8EAA2291DB309256CB86
                                                                                                                                                                                                                                                                                    Function 684FEB4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,684FEBE8,00000000,00000000,-00000008,?,?,?,684FEAA6,00000002,FlsGetValue,685C18F0,685C18F8), ref: 684FEB59
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,684FEBE8,00000000,00000000,-00000008,?,?,?,684FEAA6,00000002,FlsGetValue,685C18F0,685C18F8,00000000,?,684EFD94), ref: 684FEB63
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,684EFD94,?,68447DE8,?,?,00000000,-00000008,00000000,?,683D095A,-00000008,?,00000001), ref: 684FEB8B
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                                                    • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                                    • Opcode ID: 069b28d5c5eebac35a2a3671502e9bbaef97897d43ebe541fc47a9413e70eb58
                                                                                                                                                                                                                                                                                    • Instruction ID: a56ff83f5177bb6c644d1c1a05e178bbfb4c33ee26378cec1b73acb9e2f58778
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 069b28d5c5eebac35a2a3671502e9bbaef97897d43ebe541fc47a9413e70eb58
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47E04F30684608BBEF301E62EC49F1C3E68AB51B56F504434FA1DAD5D2DBB2D9518A94
                                                                                                                                                                                                                                                                                    Function 684D1A1B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(68645FE4,?,?,6845D2DF,6864ACA4), ref: 684D1A25
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68645FE4,?,6845D2DF,6864ACA4), ref: 684D1A58
                                                                                                                                                                                                                                                                                    • WakeAllConditionVariable.KERNEL32(68645FE0,?,6845D2DF,6864ACA4), ref: 684D1A63
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireConditionReleaseVariableWake
                                                                                                                                                                                                                                                                                    • String ID: _dh
                                                                                                                                                                                                                                                                                    • API String ID: 1466638765-239546162
                                                                                                                                                                                                                                                                                    • Opcode ID: 6aeac67b4e66d79c24d84ec9434942fde9475cbeb6069d53e3506a59f91015e3
                                                                                                                                                                                                                                                                                    • Instruction ID: e03631e4204dd0a0500617b6bbee0a4c9ead86bd91f0509794d841dae5905f1a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6aeac67b4e66d79c24d84ec9434942fde9475cbeb6069d53e3506a59f91015e3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04F03974500600DFCB24EF5AE448C9C3BE8EB4E754B40801AF909C7301CB326981CFA1
                                                                                                                                                                                                                                                                                    Function 684E74D6 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 665046b43509027bcfdcefa7b919de81c4d65f6659a030b3d0121509856602de
                                                                                                                                                                                                                                                                                    • Instruction ID: 4577d9e173220186e430daa5759bbd39e80a494ef203d56ca1e906e6032fa0a0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 665046b43509027bcfdcefa7b919de81c4d65f6659a030b3d0121509856602de
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E21C97560C209AFDB11DF65CC4CD6BBBB9AF4537A7804518F825C7A52EB30ED418B90
                                                                                                                                                                                                                                                                                    Function 68486A00 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000001,?,6841D124,00000001,00000001,?,00000000), ref: 68486A1E
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000001,?,6841D124,00000001,00000001,?,00000000,?,?,?,6841BDF4,?,00000000,00000003), ref: 68486A2C
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000000,?,?,?,?,?), ref: 68486A4C
                                                                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?,?,?,?,00000001,?,6841D124,00000001,00000001,?,00000000,?,?,?,6841BDF4,?), ref: 68486A95
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorEventLast$CreateReset
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 77579966-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f037c74085c3d05bbe028418bc1e6af123a5080b4e2a0f2ffe87f705e9974da3
                                                                                                                                                                                                                                                                                    • Instruction ID: a3e55ca20b6ce53992af4ab78f59358b8f08b189575fcf060bcf88614687f389
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f037c74085c3d05bbe028418bc1e6af123a5080b4e2a0f2ffe87f705e9974da3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4011C4B1510304AFD7309F79DC88A2BBBEAFB46354F50883DE696C3200EB32E8418791
                                                                                                                                                                                                                                                                                    Function 6850062E Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,684FA3A2,?,00000001,?,?,?,684EAAA4,?,00000000,00000000), ref: 68500645
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,684FA3A2,?,00000001,?,?,?,684EAAA4,?,00000000,00000000,?,?,?,684EA3EA,?), ref: 68500651
                                                                                                                                                                                                                                                                                      • Part of subcall function 685006B0: CloseHandle.KERNEL32(FFFFFFFE,68500661,?,684FA3A2,?,00000001,?,?,?,684EAAA4,?,00000000,00000000,?,?), ref: 685006C0
                                                                                                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 68500661
                                                                                                                                                                                                                                                                                      • Part of subcall function 68500683: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6850061F,684FA38F,?,?,684EAAA4,?,00000000,00000000,?), ref: 68500696
                                                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,684FA3A2,?,00000001,?,?,?,684EAAA4,?,00000000,00000000,?), ref: 68500676
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c06996d45b4f8863c2bd2269d68182af3b08bc0dcbebc6f3193dc1707a46e2fd
                                                                                                                                                                                                                                                                                    • Instruction ID: 500f381d246d13cb2212c74cd493533eb67c96faa87b2f254aa38c73c15202e2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c06996d45b4f8863c2bd2269d68182af3b08bc0dcbebc6f3193dc1707a46e2fd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7F01236440118BBCF325FEADC08A9E3F27FF493E1B844111FA1995510CB728960DF90
                                                                                                                                                                                                                                                                                    Function 683F2810 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000,?,683BC572,00000000,00000000), ref: 683F2826
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?), ref: 683F2979
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 310bffbfa9796b3fe32f54c1687f44988eaa5cbb2fe7e496308a2bab4917f241
                                                                                                                                                                                                                                                                                    • Instruction ID: 978f6d540753094f9b41f0855a6fe3ba20692afb42bf69570476158ddffc8a03
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 310bffbfa9796b3fe32f54c1687f44988eaa5cbb2fe7e496308a2bab4917f241
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F47136B5A00645DFCB04CF68C980A6ABBF5FF4D310B54426AD859EB311E731E952CBE1
                                                                                                                                                                                                                                                                                    Function 684F5927 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 684F1B5A: GetLastError.KERNEL32(00000000,?,684EE24D), ref: 684F1B5E
                                                                                                                                                                                                                                                                                      • Part of subcall function 684F1B5A: SetLastError.KERNEL32(00000000), ref: 684F1C00
                                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,684E193C,?,?,?,?,?,-00000050,?,?,?), ref: 684F59E6
                                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,684E193C,?,?,?,?,?,-00000050,?,?), ref: 684F5A1D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                                    • String ID: utf8
                                                                                                                                                                                                                                                                                    • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                                    • Opcode ID: 73908d4339798a1eeff24371db829da902aad9fc6371f58c17cb988e8b5ab1e5
                                                                                                                                                                                                                                                                                    • Instruction ID: e55260e04442505b743dc26f92db183f3f5d7189063da9a1490e71a0f0d6ded8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73908d4339798a1eeff24371db829da902aad9fc6371f58c17cb988e8b5ab1e5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0510375A00701AAE715AF748C49F6A73A8EF85719F82843DE5259B280EB70E442C6E1
                                                                                                                                                                                                                                                                                    Function 684F2D98 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 684F2F9D: GetOEMCP.KERNEL32(00000000), ref: 684F2FC8
                                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?), ref: 684F2DF9
                                                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,?), ref: 684F2E35
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CodeInfoPageValid
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 546120528-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: d16b76a12bbde9cd6eac143c0c20b14f09783a16d45af74f7157fd193397baba
                                                                                                                                                                                                                                                                                    • Instruction ID: 729a39257e773a1897609cc47a25e31c9c58c4cb273c434930ca51741acbfd40
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d16b76a12bbde9cd6eac143c0c20b14f09783a16d45af74f7157fd193397baba
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0051F470E042A59FD711CF65C850AAABBF5EF89304FA0843ED0A68B251DB789547CB90
                                                                                                                                                                                                                                                                                    Function 68342330 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: MBP+$MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-3572817330
                                                                                                                                                                                                                                                                                    • Opcode ID: 1041fe8b4bd0cfada025ce194d958958f85248f089085346ee652cbcef1e018b
                                                                                                                                                                                                                                                                                    • Instruction ID: badf996ccd02fbba7ed26d2142abf75f17a713ab7f8fa57d5b15e5f8c52f6a98
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1041fe8b4bd0cfada025ce194d958958f85248f089085346ee652cbcef1e018b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88512675A002049FDB04CF68D884A6EBBFAEF89318F95842DD414EB341DB31AD06CBE1
                                                                                                                                                                                                                                                                                    Function 683F2660 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,00000000,?,00000000,?,683F27E8), ref: 683F26C5
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,683F27E8), ref: 683F270A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 22b63b1802e288e66b3f2fae72f7481b486259bad18729ff5c45411f0709c454
                                                                                                                                                                                                                                                                                    • Instruction ID: f65a90163861a0ed3b25d957ceec182b75f3ace52d008a72d4ad11cf26b2eb7b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22b63b1802e288e66b3f2fae72f7481b486259bad18729ff5c45411f0709c454
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A415BB5900748CFCB10DFAAC8809AABBF5FF4D314B50466ED859A7311E730A945CFA1
                                                                                                                                                                                                                                                                                    Function 683CF470 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(6864B954,00000000,00000000,?,6846FFEA,00000000,?), ref: 683CF535
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6864B954,?,?,?,?,?,6846FFEA,00000000,?), ref: 683CF5AD
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D19A1: AcquireSRWLockExclusive.KERNEL32(68645FE4,?,?,?,6845D29B,6864ACA4), ref: 684D19AC
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D19A1: ReleaseSRWLockExclusive.KERNEL32(68645FE4,?,6845D29B,6864ACA4), ref: 684D19E6
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D1A1B: AcquireSRWLockExclusive.KERNEL32(68645FE4,?,?,6845D2DF,6864ACA4), ref: 684D1A25
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D1A1B: ReleaseSRWLockExclusive.KERNEL32(68645FE4,?,6845D2DF,6864ACA4), ref: 684D1A58
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D1A1B: WakeAllConditionVariable.KERNEL32(68645FE0,?,6845D2DF,6864ACA4), ref: 684D1A63
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 4258034872-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 18b086044959ef05adfef488e9a01faee4f476c0503a02bba4c9c15fb7218fb1
                                                                                                                                                                                                                                                                                    • Instruction ID: a040212a222cfce6cbf0d442273e9bcd678e0d928f7518706921e2f44ab6e142
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18b086044959ef05adfef488e9a01faee4f476c0503a02bba4c9c15fb7218fb1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 684113729402419FCF10DFA8D880BAE77B5AB87328FD08129D910A7340D7B26D45CBE6
                                                                                                                                                                                                                                                                                    Function 68491E10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: MBP+$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-3683453890
                                                                                                                                                                                                                                                                                    • Opcode ID: 7dbca3965fe2c587e65f8655be52da7150bc84161281168685e8a84fbb470070
                                                                                                                                                                                                                                                                                    • Instruction ID: b8fcd6559f463696653dc1e2145a4d2f6f14649dbaceffceb5807d8809d6b692
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dbca3965fe2c587e65f8655be52da7150bc84161281168685e8a84fbb470070
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3414175E002059FDF64CFA9C8C5EAEBBF9BF4C204F544469DA15AB381DB3899018BA0
                                                                                                                                                                                                                                                                                    Function 684EACA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 684EAD8E
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 684EADBE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 442123175-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 5ab4b3e0ded1e9a001d72d1495c1023dec7adc348178c8b5993bc4af08a9c8bf
                                                                                                                                                                                                                                                                                    • Instruction ID: 6bc14886b74a6ab236d677d48d811b262ad1067357faedf3edfe98c72222b5a8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ab4b3e0ded1e9a001d72d1495c1023dec7adc348178c8b5993bc4af08a9c8bf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9319271A00219AFDB28CF59CC85EEDB3B6EF58346F5440A9E505E7290DB70ED818B60
                                                                                                                                                                                                                                                                                    Function 6841AB50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,?,?,bitset set argument out of range,?,00000000,?,6841C0F6,?,00000000,?,?,?,?,00000000), ref: 6841AB60
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,bitset set argument out of range,?,00000000,?,6841C0F6,?,00000000,?,?,?,?,00000000,-00000140,?), ref: 6841ABF0
                                                                                                                                                                                                                                                                                      • Part of subcall function 684046D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 684046EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • bitset reset argument out of range, xrefs: 6841ABFC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: bitset reset argument out of range
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-1934458321
                                                                                                                                                                                                                                                                                    • Opcode ID: 17be2dab5dc5e48d003896f1df0fdc12cb8ed5a75d84d62f95c548ecde5ad3f2
                                                                                                                                                                                                                                                                                    • Instruction ID: 82d30f5ecc2006d372a8502a47fcab05c927e8b843ddba8845d5e1b8a8ac8f46
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17be2dab5dc5e48d003896f1df0fdc12cb8ed5a75d84d62f95c548ecde5ad3f2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71217932B081148BCB04DA39E805FBE3393EFD33A5F854128E566E7391DB708846C390
                                                                                                                                                                                                                                                                                    Function 68340B70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: @vbh$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-2641722795
                                                                                                                                                                                                                                                                                    • Opcode ID: d6f14a224afb0ff5f1ada57a7846626d263413f6349bfa91d60ab6268a82a56e
                                                                                                                                                                                                                                                                                    • Instruction ID: 5af5e7f9a125cf49ed01018d7c5780d9a8d4486accfa5d6d923fc801e9541f64
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6f14a224afb0ff5f1ada57a7846626d263413f6349bfa91d60ab6268a82a56e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A31126363052096BDB404E59EC94E6B77EDDB862A8B400026FC2CCB300DA72ED56CAF4
                                                                                                                                                                                                                                                                                    Function 684EABBC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,684EA448,?,?,?,?), ref: 684EAC66
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,684EA448,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 684EAC8C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 442123175-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 0fbcc8ebb05e880ef6c0cd5baddfe34daac40294ed9ba0f309aa4173f802ccc8
                                                                                                                                                                                                                                                                                    • Instruction ID: a72b18fb0e733fc7425b4c6d5a1b608113ebe32091ee14289825630f5803a689
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fbcc8ebb05e880ef6c0cd5baddfe34daac40294ed9ba0f309aa4173f802ccc8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE219131A002199FDB24CF19CC8499DB3B5FF59355F5045A9E909EB250D730EE81CAA1
                                                                                                                                                                                                                                                                                    Function 684EAAE1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,684EA473,?,?,?,?), ref: 684EAB7D
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,684EA473,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 684EABA3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                    • String ID: MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 442123175-757310022
                                                                                                                                                                                                                                                                                    • Opcode ID: 4cb11da4b7e03abb1477931778c611869d9df83d1ff9d0d80a04943a8d994031
                                                                                                                                                                                                                                                                                    • Instruction ID: 33c371ccf99c36e3d6a5a4a931ebd0bf14a5a56f504e220f8cbe043db2a87486
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cb11da4b7e03abb1477931778c611869d9df83d1ff9d0d80a04943a8d994031
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C721B434E002189FCB25CF29C8849DDB7BAEF99342F5440A9EA46E7211D730DE42CB60
                                                                                                                                                                                                                                                                                    Function 68403B80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(68644B40,FFFFFF79,?,684030B7,?,?,?), ref: 68403BB4
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68644B40,?,684030B7,?,?,?), ref: 68403BED
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: @Kdh
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-2221384393
                                                                                                                                                                                                                                                                                    • Opcode ID: dcd7347ca2e62bc9a144e57f860676e1bb7b94df0586095e4af4fd34c13b4f50
                                                                                                                                                                                                                                                                                    • Instruction ID: 4e4d68ba837a129eb13750ba59ed2c3fbaf0982dd53e58a1559a09432f9d90a6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcd7347ca2e62bc9a144e57f860676e1bb7b94df0586095e4af4fd34c13b4f50
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6112732D886589FEF30473D9809F5F3BA25712349FC44839D95097752D6B540868B83
                                                                                                                                                                                                                                                                                    Function 6841AA90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,00000000,?,6841C0F6,?,00000000,?,?,?,?,00000000,-00000140,?,00000000), ref: 6841AAA0
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00000000,?,6841C0F6,?,00000000,?,?,?,?,00000000,-00000140,?,00000000), ref: 6841AB30
                                                                                                                                                                                                                                                                                      • Part of subcall function 684046D0: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040), ref: 684046EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • bitset set argument out of range, xrefs: 6841AB3C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                                                                                                    • String ID: bitset set argument out of range
                                                                                                                                                                                                                                                                                    • API String ID: 1678258262-3990704234
                                                                                                                                                                                                                                                                                    • Opcode ID: 333339fd24c377e0e37d63b95cd01dcdc1b6da00df69141fc10968ec0eb7ab42
                                                                                                                                                                                                                                                                                    • Instruction ID: bcae4bcc3402b9308ba611e96e44ea6c28f3d81bc56984487b78efc0f795e9a7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 333339fd24c377e0e37d63b95cd01dcdc1b6da00df69141fc10968ec0eb7ab42
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32110832A0455487C7189E25D408FBD3717DFD23A9F90412AE5A2A7751DFB0D886C780
                                                                                                                                                                                                                                                                                    Function 684FEB97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,-00000008,?,?,?,684FEAA6,00000002,FlsGetValue,685C18F0,685C18F8,00000000,?,684EFD94,?,68447DE8), ref: 684FEC1A
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,684EFD94), ref: 684FEC24
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                    • String ID: }Dh
                                                                                                                                                                                                                                                                                    • API String ID: 3013587201-2685049118
                                                                                                                                                                                                                                                                                    • Opcode ID: f561527b9ba35136abf0847bbcd8ff263daf6c79cffc941aff7771f92e175d7d
                                                                                                                                                                                                                                                                                    • Instruction ID: bbd1c1a6d15a000eaf2997807aa3f0bf3bbf34898e1da4ec59e47b57848c37bc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f561527b9ba35136abf0847bbcd8ff263daf6c79cffc941aff7771f92e175d7d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59117936A045599F9F12CE69D8C4D8E73A6EB86751791017EEA22DF350EB30E903CB90
                                                                                                                                                                                                                                                                                    Function 68525170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 684D331C: RaiseException.KERNEL32(E06D7363,00000001,00000003,684D21F9,?,5BC38140,?,?,684D21F9,68333999,6863F66C,68333999), ref: 684D337C
                                                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 685251F2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                                                                    • String ID: 6Z^h$MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 3109751735-3501173179
                                                                                                                                                                                                                                                                                    • Opcode ID: 090a2e2fef194d96cc367bdf04210402ab3a63626b4136dd662a068e54b2795d
                                                                                                                                                                                                                                                                                    • Instruction ID: 0ee100ebc4097c0ad2c53acbc17d9ae022eba769d72991035826f9978c495e5a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 090a2e2fef194d96cc367bdf04210402ab3a63626b4136dd662a068e54b2795d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 351179B09003049FDB14DF69C859A9AFBF5EF09700F84C56EE45A5B352EB70A544CB91
                                                                                                                                                                                                                                                                                    Function 68533810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                                                    • String ID: %s:%d: %s$MBP+
                                                                                                                                                                                                                                                                                    • API String ID: 3213747228-619156242
                                                                                                                                                                                                                                                                                    • Opcode ID: 75a2e269674f56229087830303005790d938ed5d36d2c699ca6b80ae16201aba
                                                                                                                                                                                                                                                                                    • Instruction ID: 2515da30a8992d61861f716f38f55ba8e5828e21dbbea544e63bdd00573986e1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75a2e269674f56229087830303005790d938ed5d36d2c699ca6b80ae16201aba
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2811E375A01228AFDB009B64DC58FEFBB68EF45718F890028E908BB202E7606905C6F1
                                                                                                                                                                                                                                                                                    Function 684759E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,?,684741F0,00000000,?,6849534C,00000000,684741F0), ref: 684759EE
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,6849534C,00000000,684741F0), ref: 68475A59
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: LSIh
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-4239308118
                                                                                                                                                                                                                                                                                    • Opcode ID: 1d5d2985461214b66a308329c215a4443796baf0ce76850b9a44e668f1eba8a9
                                                                                                                                                                                                                                                                                    • Instruction ID: 04a084c6417f425bce1209cd03dc71be9bf17e0df33ee0fec96f8e854145840f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d5d2985461214b66a308329c215a4443796baf0ce76850b9a44e668f1eba8a9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D611C231700214DBDF609E99DC80FAE77A9EF8A764B454038E9299B340CB31AC00C780
                                                                                                                                                                                                                                                                                    Function 685364F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: Check failed: $WNDh
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-2030722521
                                                                                                                                                                                                                                                                                    • Opcode ID: d99613acb260031706677db99ac4d1718a09a8236622f384c1d3d6eb0d150635
                                                                                                                                                                                                                                                                                    • Instruction ID: bd813b1057fcbdca0fcf4687fa0e1619984e6c0204ef0b9f4c4f10d1a9cc2330
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d99613acb260031706677db99ac4d1718a09a8236622f384c1d3d6eb0d150635
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DF0F6BAA002183FEB005BA0EC86EBB779CDF8526DF800835FE0897251F761AD1543E1
                                                                                                                                                                                                                                                                                    Function 68509B40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 68509B70
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                                    • String ID: Bad variant access$bad_variant_access.cc
                                                                                                                                                                                                                                                                                    • API String ID: 4194217158-4004146108
                                                                                                                                                                                                                                                                                    • Opcode ID: da7311ab1fbdbccaa68a64d6730d76133d4cec162541602a8a2f862806f42b40
                                                                                                                                                                                                                                                                                    • Instruction ID: e0bb0742db4ca6f070a1d8b6f2a12ed64bed16ddb6b64b3a8a44d84570068966
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da7311ab1fbdbccaa68a64d6730d76133d4cec162541602a8a2f862806f42b40
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CE020B654420877FA00769D5C06F9B764CCB1172CFC40075FE0896242E6B29615C2D7
                                                                                                                                                                                                                                                                                    Function 68471850 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                                                    • String ID: /9Gh$`%Mh
                                                                                                                                                                                                                                                                                    • API String ID: 4218353326-1939338660
                                                                                                                                                                                                                                                                                    • Opcode ID: 4fbb7391baff72e81cc8459fb22e4e8926ec34053ac6143a06a6a460db244d7d
                                                                                                                                                                                                                                                                                    • Instruction ID: 9ca707f427f6e395e42e40e7e96be9fb0ba3a5f8592634f1956bde7c107dba65
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fbb7391baff72e81cc8459fb22e4e8926ec34053ac6143a06a6a460db244d7d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2E0927AB015242BDB205A15AC84DAF375DDFC6669B050025FA09AB301D625ED0046F1
                                                                                                                                                                                                                                                                                    Function 684D19A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(68645FE4,?,?,?,6845D29B,6864ACA4), ref: 684D19AC
                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(68645FE4,?,6845D29B,6864ACA4), ref: 684D19E6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.4170061061.0000000068251000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68250000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4169978264.0000000068250000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171279056.0000000068642000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171310505.0000000068643000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171340897.0000000068644000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.0000000068658000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171451166.000000006865D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171525323.000000006865E000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171559865.0000000068661000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.4171591896.0000000068662000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_68250000_setup.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                    • String ID: _dh
                                                                                                                                                                                                                                                                                    • API String ID: 17069307-239546162
                                                                                                                                                                                                                                                                                    • Opcode ID: b47212dc0bd69e8927d1ccee7e3afaaf6db1621c3de2753b32a5e177d391f530
                                                                                                                                                                                                                                                                                    • Instruction ID: 226c5d061121e50846f9d420d2e1077a4d2e9afc6ffb1df2f8d59508b316de82
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b47212dc0bd69e8927d1ccee7e3afaaf6db1621c3de2753b32a5e177d391f530
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EF01C35504600DBDB20AF1AD498E69FBB9EB87739F50436EEDA587390CB311882CA51