Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ftFxGrU7W4.exe

Overview

General Information

Sample name:ftFxGrU7W4.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:4a9f9560ca57e2b6a15a48ada96ed39a5e3e62d8822ad28bb6de2921acef8f98
Analysis ID:1562665
MD5:5f5e9ab72e28a8ef4241d82a8782d872
SHA1:2d187dba62b128fd434ce1cebb069c08c5634db5
SHA256:4a9f9560ca57e2b6a15a48ada96ed39a5e3e62d8822ad28bb6de2921acef8f98
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Contains functionality to detect sleep reduction / modifications
Installs a global keyboard hook
Sample or dropped binary is a compiled AutoHotkey binary
Uses Windows timers to delay execution
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check if the current machine is a sandbox (GetTickCount - Sleep)
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • ftFxGrU7W4.exe (PID: 2196 cmdline: "C:\Users\user\Desktop\ftFxGrU7W4.exe" MD5: 5F5E9AB72E28A8EF4241D82A8782D872)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.5% probability
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400AE280 FindFirstFileW,FindClose,FindFirstFileW,FindClose,0_2_00000001400AE280
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400AE180 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00000001400AE180
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014003C900 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,0_2_000000014003C900
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140066F70 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,0_2_0000000140066F70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400672D0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,free,malloc,0_2_00000001400672D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140081680 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,0_2_0000000140081680
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140067920 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,0_2_0000000140067920
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140081C70 GetFileAttributesW,FindFirstFileW,FindClose,0_2_0000000140081C70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007E4B0 _wcstoi64,InternetOpenW,InternetOpenUrlW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,GetTickCount,PeekMessageW,GetTickCount,InternetReadFile,InternetReadFileExA,GetTickCount,PeekMessageW,GetTickCount,InternetReadFileExA,InternetCloseHandle,InternetCloseHandle,fclose,DeleteFileW,0_2_000000014007E4B0
Source: ftFxGrU7W4.exeString found in binary or memory: https://autohotkey.com
Source: ftFxGrU7W4.exeString found in binary or memory: https://autohotkey.comCould

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global keyboard hook
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\ftFxGrU7W4.exeJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400065B0 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard,0_2_00000001400065B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140006210 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,0_2_0000000140006210
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B12E0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,0_2_00000001400B12E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140006490 GetClipboardFormatNameW,GetClipboardData,0_2_0000000140006490
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140054F30 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,malloc,0_2_0000000140054F30
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140016730 GetTickCount,PeekMessageW,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,0_2_0000000140016730
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140001ABC GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,KillTimer,0_2_0000000140001ABC

System Summary

barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeWindow found: window name: AutoHotkeyJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005F650: CreateFileW,DeviceIoControl,CloseHandle,0_2_000000014005F650
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140081CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_0000000140081CF0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400561500_2_0000000140056150
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004E3CB0_2_000000014004E3CB
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014000A8200_2_000000014000A820
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014001EFA00_2_000000014001EFA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140001ABC0_2_0000000140001ABC
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004A0100_2_000000014004A010
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004C0700_2_000000014004C070
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014003A0A50_2_000000014003A0A5
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400BE0C00_2_00000001400BE0C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400621000_2_0000000140062100
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005C1000_2_000000014005C100
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400BC1B00_2_00000001400BC1B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400201C30_2_00000001400201C3
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014008E1E00_2_000000014008E1E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400501F80_2_00000001400501F8
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009E2400_2_000000014009E240
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004624B0_2_000000014004624B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400A02F00_2_00000001400A02F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D63D00_2_00000001400D63D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004A3E00_2_000000014004A3E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014000A4000_2_000000014000A400
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004C4100_2_000000014004C410
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005A4400_2_000000014005A440
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007E4B00_2_000000014007E4B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400904CD0_2_00000001400904CD
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400904DC0_2_00000001400904DC
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400904F80_2_00000001400904F8
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009051A0_2_000000014009051A
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400DE5200_2_00000001400DE520
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009053B0_2_000000014009053B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400905470_2_0000000140090547
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009056D0_2_000000014009056D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004656B0_2_000000014004656B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400905AE0_2_00000001400905AE
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400885A10_2_00000001400885A1
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009A5E80_2_000000014009A5E8
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400926580_2_0000000140092658
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B26700_2_00000001400B2670
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400286C00_2_00000001400286C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014008A6D00_2_000000014008A6D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014000273B0_2_000000014000273B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014002A7700_2_000000014002A770
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B07E00_2_00000001400B07E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400808100_2_0000000140080810
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005C8600_2_000000014005C860
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007E8800_2_000000014007E880
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400988A00_2_00000001400988A0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004C8B00_2_000000014004C8B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400588C00_2_00000001400588C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009A8C50_2_000000014009A8C5
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400709200_2_0000000140070920
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400209300_2_0000000140020930
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005094D0_2_000000014005094D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005E9700_2_000000014005E970
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400869B00_2_00000001400869B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400409C00_2_00000001400409C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400AC9D00_2_00000001400AC9D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007A9E00_2_000000014007A9E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140008A400_2_0000000140008A40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D2AE40_2_00000001400D2AE4
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140072B000_2_0000000140072B00
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B8B300_2_00000001400B8B30
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400AEB800_2_00000001400AEB80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140052BB00_2_0000000140052BB0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140050BB20_2_0000000140050BB2
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140048BC00_2_0000000140048BC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014008CC400_2_000000014008CC40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014006EC400_2_000000014006EC40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007CC3F0_2_000000014007CC3F
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400C8C700_2_00000001400C8C70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140032C880_2_0000000140032C88
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140046CC00_2_0000000140046CC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140060CD90_2_0000000140060CD9
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140074D200_2_0000000140074D20
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140006D400_2_0000000140006D40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140094D500_2_0000000140094D50
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D6D5C0_2_00000001400D6D5C
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140076D600_2_0000000140076D60
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140058D800_2_0000000140058D80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400CEE400_2_00000001400CEE40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140080E400_2_0000000140080E40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140044E800_2_0000000140044E80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004AE900_2_000000014004AE90
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140012ED00_2_0000000140012ED0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140018ED00_2_0000000140018ED0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140054F300_2_0000000140054F30
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140050FD00_2_0000000140050FD0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001401270000_2_0000000140127000
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400150000_2_0000000140015000
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D70300_2_00000001400D7030
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400650500_2_0000000140065050
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B30D00_2_00000001400B30D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400110D00_2_00000001400110D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009712B0_2_000000014009712B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400971390_2_0000000140097139
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400971440_2_0000000140097144
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014006D1600_2_000000014006D160
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007B1700_2_000000014007B170
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400631800_2_0000000140063180
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014003F1C00_2_000000014003F1C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400751E00_2_00000001400751E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400972000_2_0000000140097200
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400972190_2_0000000140097219
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400972210_2_0000000140097221
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400032360_2_0000000140003236
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400172400_2_0000000140017240
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400972370_2_0000000140097237
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005B2900_2_000000014005B290
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400612A00_2_00000001400612A0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014000D2F00_2_000000014000D2F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005D3B00_2_000000014005D3B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400993D00_2_00000001400993D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400393D90_2_00000001400393D9
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400574000_2_0000000140057400
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009D4200_2_000000014009D420
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007F4400_2_000000014007F440
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005F4500_2_000000014005F450
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400594900_2_0000000140059490
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400254B00_2_00000001400254B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400994BB0_2_00000001400994BB
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007B4E00_2_000000014007B4E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004B5100_2_000000014004B510
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004F5100_2_000000014004F510
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400855D00_2_00000001400855D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400715F00_2_00000001400715F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400635F00_2_00000001400635F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400516900_2_0000000140051690
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400156D00_2_00000001400156D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400196F00_2_00000001400196F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005F7200_2_000000014005F720
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014003F7300_2_000000014003F730
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400437600_2_0000000140043760
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005B7D00_2_000000014005B7D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400997FC0_2_00000001400997FC
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400337FF0_2_00000001400337FF
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400658800_2_0000000140065880
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400898900_2_0000000140089890
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400358F80_2_00000001400358F8
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014001B9000_2_000000014001B900
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400179100_2_0000000140017910
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400A99200_2_00000001400A9920
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D19600_2_00000001400D1960
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D99B00_2_00000001400D99B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400539B00_2_00000001400539B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400059C00_2_00000001400059C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400719D00_2_00000001400719D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004DA400_2_000000014004DA40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007DA480_2_000000014007DA48
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140069A800_2_0000000140069A80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014006FA900_2_000000014006FA90
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140039AB00_2_0000000140039AB0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014003FAD00_2_000000014003FAD0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014008FB000_2_000000014008FB00
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140041B800_2_0000000140041B80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140073BC00_2_0000000140073BC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140031BB90_2_0000000140031BB9
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014008DC130_2_000000014008DC13
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005DC400_2_000000014005DC40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140099C410_2_0000000140099C41
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004BCA00_2_000000014004BCA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014002BCA00_2_000000014002BCA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097CC00_2_0000000140097CC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400CFCCC0_2_00000001400CFCCC
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140057CD00_2_0000000140057CD0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014001FD290_2_000000014001FD29
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007BD4E0_2_000000014007BD4E
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140047D600_2_0000000140047D60
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014000DDA00_2_000000014000DDA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014003DE200_2_000000014003DE20
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140013E400_2_0000000140013E40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140063E700_2_0000000140063E70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400A3EF00_2_00000001400A3EF0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140051F000_2_0000000140051F00
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140093F100_2_0000000140093F10
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014005FF220_2_000000014005FF22
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400DDF3C0_2_00000001400DDF3C
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140099F4D0_2_0000000140099F4D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004FF4B0_2_000000014004FF4B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140085F600_2_0000000140085F60
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014008FF700_2_000000014008FF70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400BBF8B0_2_00000001400BBF8B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014006DFA00_2_000000014006DFA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014006BFB00_2_000000014006BFB0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014000FFB00_2_000000014000FFB0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014004DFC00_2_000000014004DFC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: String function: 00000001400CAB94 appears 59 times
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: String function: 00000001400CA93C appears 395 times
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: String function: 0000000140040410 appears 62 times
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: String function: 0000000140040760 appears 465 times
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: String function: 00000001400CB634 appears 38 times
Source: ftFxGrU7W4.exeBinary or memory string: OriginalFilename vs ftFxGrU7W4.exe
Source: ftFxGrU7W4.exe, 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs ftFxGrU7W4.exe
Source: ftFxGrU7W4.exeBinary or memory string: OriginalFilename vs ftFxGrU7W4.exe
Source: classification engineClassification label: mal60.spyw.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140041B80 CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW,0_2_0000000140041B80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140081CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_0000000140081CF0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140060CD9 wcsncpy,GetDiskFreeSpaceW,GetLastError,free,malloc,0_2_0000000140060CD9
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140081F80 CreateToolhelp32Snapshot,Process32FirstW,_wcstoi64,Process32NextW,Process32NextW,CloseHandle,CloseHandle,CloseHandle,0_2_0000000140081F80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140062100 _wcstoi64,CoCreateInstance,powf,powf,powf,log10,free,malloc,free,malloc,0_2_0000000140062100
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400207F0 FindResourceW,SizeofResource,LoadResource,LockResource,0_2_00000001400207F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeMutant created: \Sessions\1\BaseNamedObjects\AHK Keybd
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeSection loaded: textshaping.dllJump to behavior
Source: ftFxGrU7W4.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: ftFxGrU7W4.exeStatic file information: File size 1232896 > 1048576
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B4320 LoadLibraryW,GetProcAddress,0_2_00000001400B4320
Source: ftFxGrU7W4.exeStatic PE information: section name: text
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014006CC28 push rsp; retf 0_2_000000014006CC29
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009D020 push rdx; retn 0009h0_2_000000014009D029
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D914C push rbp; iretd 0_2_00000001400D9644
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014009E240 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect,0_2_000000014009E240
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B24A0 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,0_2_00000001400B24A0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B2670 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,BringWindowToTop,0_2_00000001400B2670
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400508A2 IsZoomed,IsIconic,0_2_00000001400508A2
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400AE940 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,0_2_00000001400AE940
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014007A9E0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,free,malloc,free,malloc,0_2_000000014007A9E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400A2A10 CheckMenuItem,CheckMenuItem,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetForegroundWindow,GetWindowThreadProcessId,SetForegroundWindow,SetForegroundWindow,TrackPopupMenuEx,PostMessageW,GetForegroundWindow,SetForegroundWindow,0_2_00000001400A2A10
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140058D80 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,GetClassNameW,EnumChildWindows,free,malloc,0_2_0000000140058D80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140044E80 IsWindow,DestroyWindow,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,MonitorFromPoint,GetMonitorInfoW,IsWindow,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW,0_2_0000000140044E80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140054F30 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,malloc,0_2_0000000140054F30
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400570D0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,0_2_00000001400570D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140069820 GetTickCount,GetForegroundWindow,GetTickCount,GetWindowThreadProcessId,GetGUIThreadInfo,ClientToScreen,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_itow,0_2_0000000140069820
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400539B0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,SelectObject,DeleteDC,DeleteObject,free,free,malloc,GetPixel,ReleaseDC,free,malloc,free,malloc,0_2_00000001400539B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097CC0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,0_2_0000000140097CC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097CC0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,0_2_0000000140097CC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140091DAD GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_0000000140091DAD
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140091DBD MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_0000000140091DBD
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140091DB5 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_0000000140091DB5
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140091DCB MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_0000000140091DCB
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097DEF ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_0000000140097DEF
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097DE5 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_0000000140097DE5
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140091E0F MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_0000000140091E0F
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097E1A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_0000000140097E1A
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097E4C ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_0000000140097E4C
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140091E47 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_0000000140091E47
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140091E56 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_0000000140091E56
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097EAA ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_0000000140097EAA
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140093F10 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,GetWindowRect,GetClientRect,MulDiv,MulDiv,GetWindowRect,GetClientRect,MulDiv,MulDiv,_wcstoi64,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,0_2_0000000140093F10
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097F08 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_0000000140097F08
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140097F39 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_0000000140097F39
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014008FF70 SendMessageW,MulDiv,MulDiv,free,free,free,free,free,free,free,free,free,free,free,free,COMRefPtr,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,0_2_000000014008FF70

Malware Analysis System Evasion

barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140018ED00_2_0000000140018ED0
Uses Windows timers to delay execution
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeUser Timer Set: Timeout: 100msJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeWindow / User API: foregroundWindowGot 1017Jump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeAPI coverage: 1.0 %
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140018ED00_2_0000000140018ED0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014001A8F0 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014001AA6Dh country: Russian (ru)0_2_000000014001A8F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400229F7 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur)0_2_00000001400229F7
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400229F7 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu)0_2_00000001400229F7
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400229FF GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur)0_2_00000001400229FF
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400229FF GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu)0_2_00000001400229FF
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140022A06 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur)0_2_0000000140022A06
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140022A06 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu)0_2_0000000140022A06
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140022A2D GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur)0_2_0000000140022A2D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140022A2D GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu)0_2_0000000140022A2D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140022A51 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur)0_2_0000000140022A51
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140022A51 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu)0_2_0000000140022A51
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140022A75 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur)0_2_0000000140022A75
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140022A75 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu)0_2_0000000140022A75
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140015000 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 0000000140015362h country: Spanish (es)0_2_0000000140015000
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140059490 GetLocalTime followed by cmp: cmp word ptr [rbx], cx and CTI: je 00000001400597C3h0_2_0000000140059490
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140059490 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140059683h0_2_0000000140059490
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400AE280 FindFirstFileW,FindClose,FindFirstFileW,FindClose,0_2_00000001400AE280
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400AE180 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00000001400AE180
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014003C900 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,0_2_000000014003C900
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140066F70 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,0_2_0000000140066F70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400672D0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,free,malloc,0_2_00000001400672D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140081680 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,0_2_0000000140081680
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140067920 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,0_2_0000000140067920
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140081C70 GetFileAttributesW,FindFirstFileW,FindClose,0_2_0000000140081C70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeAPI call chain: ExitProcess graph end nodegraph_0-242472
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140017FF0 BlockInput,free,BlockInput,0_2_0000000140017FF0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400CEB34 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00000001400CEB34
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400B4320 LoadLibraryW,GetProcAddress,0_2_00000001400B4320
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D8698 GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,0_2_00000001400D8698
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400CEB34 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00000001400CEB34
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D37E4 SetUnhandledExceptionFilter,0_2_00000001400D37E4
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D1940 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00000001400D1940
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140041B80 CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW,0_2_0000000140041B80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140017240 GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput,0_2_0000000140017240
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140018A50 mouse_event,0_2_0000000140018A50
Source: ftFxGrU7W4.exeBinary or memory string: Program Manager
Source: ftFxGrU7W4.exeBinary or memory string: Shell_TrayWnd
Source: ftFxGrU7W4.exe, ftFxGrU7W4.exe, 00000000.00000002.3394630665.00000000007FB000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Progman
Source: ftFxGrU7W4.exeBinary or memory string: TextLEFTLRIGHTRMIDDLEMX1X2WUWDWLWR{Blind}{ClickLl{}^+!#{}RawTempASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt SYSTEM\CurrentControlSet\Control\Keyboard Layouts\Layout FileKbdLayerDescriptorsc%03Xvk%02XSCALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUPRtlGetVersionntdll.dll%u.%u.%uStdOutAllUnreachableClassOverwriteUseEnvLocalSameAsGlobalUseUnsetGlobalUseUnsetLocalYYYYYWeekYearYDayWorkingDirWinDirWinDelayWDayUserNameTitleMatchModeSpeedTitleMatchModeTimeSinceThisHotkeyTimeSincePriorHotkeyTimeIdlePhysicalTimeIdleMouseTimeIdleKeyboardTimeIdleTickCountThisMenuItemPosThisMenuItemThisMenuThisLabelThisHotkeyThisFuncStoreCapslockModeStartupCommonStartupStartMenuCommonStartMenuSecScriptNameScriptHwndScriptFullPathScriptDirScreenWidthScreenHeightScreenDPIRegViewPtrSizeProgramsCommonProgramsPriorKeyPriorHotkeyOSVersionOSTypeNumBatchLinesNowUTCNowMyDocumentsMSecMouseDelayPlayMouseDelayMonMMMMMMMMMMinMDayLoopRegTypeLoopRegTimeModifiedLoopRegSubKeyLoopRegNameLoopRegKeyLoopReadLineLoopFileTimeModifiedLoopFileTimeCreatedLoopFileTimeAccessedLoopFileSizeMBLoopFileSizeKBLoopFileSizeLoopFileShortPathLoopFileShortNameLoopFilePathLoopFileNameLoopFileLongPathLoopFileFullPathLoopFileExtLoopFileDirLoopFileAttribLoopFieldLineNumberLineFileLastErrorLanguageKeyDurationPlayKeyDurationKeyDelayPlayKeyDelayIsUnicodeIsSuspendedIsPausedIsCriticalIsCompiledIsAdminIs64bitOSIPAddress4IPAddress3IPAddress2IPAddress1InitialWorkingDirIndexIconTipIconNumberIconHiddenIconFileHourGuiYGuiXGuiWidthGuiHeightGuiEventGuiControlEventFormatIntegerFormatFloatExitReasonEventInfoEndCharDesktopCommonDesktopDefaultTreeViewDefaultMouseSpeedDefaultListViewDefaultGuiDDDDDDDDDCursorCoordModeToolTipCoordModePixelCoordModeMouseCoordModeMenuCoordModeCaretControlDelayComputerNameCaretYCaretXBatchLinesAppDataCommonAppDataAhkVersionAhkPathTrueProgramFilesFalseComSpecClipboardAllClipboard...%s[%Iu of %Iu]: %-1.60s%sPropertyRegExMatch\:\:REG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYDefault3264LineRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDestroyNamePriorityInterruptNoTimersLabelTypeCountLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPFuncRemoveClipboardFormatListeneruser32AddClipboardFormatListenerTrayNo tray memA_Clipboardstatus AHK_PlayMe modeclose AHK_PlayMeRegClassAutoHotkey2Shell_TrayWndCreateWindoweditConsolasLucida Console*ErrorLevel <>=/|^,:*&~!()[]{}+-?."'\;`IFWHILEClass>AUTOHOTKEY SCRIPT<Could not extract script from EXE./*#CommentFlag*/and<>=/|^,:<>=/|^,:.+-*&!?~::?*- Continuation section too long.JoinLTrimRTrimMissing ")"Functions cannot contain functions.Missing "{"Not a valid method, class or property definition.GetSetNot a valid property getter/setter.Hotke
Source: ftFxGrU7W4.exeBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400D4140 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00000001400D4140
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400693F0 GetComputerNameW,GetUserNameW,0_2_00000001400693F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_00000001400CF0E4 HeapCreate,GetVersion,HeapSetInformation,0_2_00000001400CF0E4
Source: ftFxGrU7W4.exeBinary or memory string: WIN_XP
Source: ftFxGrU7W4.exeBinary or memory string: WIN_VISTA
Source: ftFxGrU7W4.exeBinary or memory string: WIN_7
Source: ftFxGrU7W4.exeBinary or memory string: WIN_8
Source: ftFxGrU7W4.exeBinary or memory string: ?*A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003%04hX0x%Ix*pPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfo
Source: ftFxGrU7W4.exeBinary or memory string: WIN_8.1
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014001E990 Shell_NotifyIconW,RemoveClipboardFormatListener,ChangeClipboardChain,DestroyWindow,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,free,free,free,0_2_000000014001E990
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_000000014001F420 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,0_2_000000014001F420
Source: C:\Users\user\Desktop\ftFxGrU7W4.exeCode function: 0_2_0000000140073930 RemoveClipboardFormatListener,ChangeClipboardChain,0_2_0000000140073930

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Virtualization/Sandbox Evasion		121
Input Capture		11
System Time Discovery		Remote Services1
Screen Capture		1
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Access Token Manipulation		1
Disable or Modify Tools		LSASS Memory13
Security Software Discovery		Remote Desktop Protocol121
Input Capture		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Process Injection		1
Access Token Manipulation		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares1
Archive Collected Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Process Injection		NTDS3
Process Discovery		Distributed Component Object Model3
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets11
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information		Cached Domain Credentials1
Account Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync1
System Owner/User Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
File and Directory Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow14
System Information Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ftFxGrU7W4.exe3%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://autohotkey.comftFxGrU7W4.exefalse
    		high
    https://autohotkey.comCouldftFxGrU7W4.exefalse
      		high

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1562665
      Start date and time:2024-11-25 21:00:02 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 34s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:4
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:ftFxGrU7W4.exe
      (renamed file extension from none to exe, renamed because original name is a hash value)
      Original Sample Name:4a9f9560ca57e2b6a15a48ada96ed39a5e3e62d8822ad28bb6de2921acef8f98
      Detection:MAL
      Classification:mal60.spyw.evad.winEXE@1/0@0/0
      EGA Information:
      • Successful, ratio: 100%
      HCA Information:
      • Successful, ratio: 98%
      • Number of executed functions: 44
      • Number of non-executed functions: 188

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
      • Report size exceeded maximum capacity and may have missing disassembly code.
      • VT rate limit hit for: ftFxGrU7W4.exe

      Simulations

      Behavior and APIs

      TimeTypeDescription
      15:00:53API Interceptor1x Sleep call for process: ftFxGrU7W4.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32+ executable (GUI) x86-64, for MS Windows
      Entropy (8bit):6.441638297632495
      TrID:
      • Win64 Executable GUI (202006/5) 92.65%
      • Win64 Executable (generic) (12005/4) 5.51%
      • Generic Win/DOS Executable (2004/3) 0.92%
      • DOS Executable Generic (2002/1) 0.92%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:ftFxGrU7W4.exe
      File size:1'232'896 bytes
      MD5:5f5e9ab72e28a8ef4241d82a8782d872
      SHA1:2d187dba62b128fd434ce1cebb069c08c5634db5
      SHA256:4a9f9560ca57e2b6a15a48ada96ed39a5e3e62d8822ad28bb6de2921acef8f98
      SHA512:e9969e2a4aa6737787383f8979b5a1d36032b263861b04b0d54e6af49d4934b8ff64f614041fff4d368c3287dc8c117d863f19cef5ad721b362b401c062da2a6
      SSDEEP:24576:gUNxvqF6FGYJf6yjNQpNONZNlTX5PlGPgquLEIWxUc7N11QaSYx7Gq/r:gUNxvC6FGYJf6yjNQpNONZnTX5PlGPgG
      TLSH:E7457C0733A2C0E9DE6BD0F2C6296222D77274151B289BDF64E05E2DDFA3E915B36311
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........C...C...C...XTX.v...XTY.....J.p.D...J.t.B...J.`.^...C.......XTm.T...XT\.h...XTi.B...XTn.B...RichC...........PE..d....6.e...

      File Icon

      Icon Hash:8e172d4661e8c441

      Static PE Info

      General

      Entrypoint:0x1400cdb30
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x140000000
      Subsystem:windows gui
      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
      DLL Characteristics:
      Time Stamp:0x65F53619 [Sat Mar 16 06:03:05 2024 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:5
      OS Version Minor:2
      File Version Major:5
      File Version Minor:2
      Subsystem Version Major:5
      Subsystem Version Minor:2
      Import Hash:a649e6750bcf2911044dec744c57f40f

      Entrypoint Preview

      Instruction
      dec eax
      sub esp, 28h
      call 00007F8D14AF630Ch
      dec eax
      add esp, 28h
      jmp 00007F8D14AEFB57h
      int3
      int3
      dec eax
      mov dword ptr [esp+08h], ebx
      dec eax
      mov dword ptr [esp+10h], ebp
      dec eax
      mov dword ptr [esp+18h], esi
      push edi
      dec eax
      sub esp, 20h
      dec eax
      lea ebx, dword ptr [ecx+1Ch]
      dec eax
      mov ebp, ecx
      mov esi, 00000101h
      dec eax
      mov ecx, ebx
      inc esp
      mov eax, esi
      xor edx, edx
      call 00007F8D14AF2964h
      inc ebp
      xor ebx, ebx
      dec eax
      lea edi, dword ptr [ebp+10h]
      inc ecx
      lea ecx, dword ptr [ebx+06h]
      inc ecx
      movzx eax, bx
      inc esp
      mov dword ptr [ebp+0Ch], ebx
      dec esp
      mov dword ptr [ebp+04h], ebx
      rep stosw
      dec eax
      lea edi, dword ptr [000444EEh]
      dec eax
      sub edi, ebp
      mov al, byte ptr [edi+ebx]
      mov byte ptr [ebx], al
      dec eax
      inc ebx
      dec eax
      dec esi
      jne 00007F8D14AEFCF5h
      dec eax
      lea ecx, dword ptr [ebp+0000011Dh]
      mov edx, 00000100h
      mov al, byte ptr [ecx+edi]
      mov byte ptr [ecx], al
      dec eax
      inc ecx
      dec eax
      dec edx
      jne 00007F8D14AEFCF5h
      dec eax
      mov ebx, dword ptr [esp+30h]
      dec eax
      mov ebp, dword ptr [esp+38h]
      dec eax
      mov esi, dword ptr [esp+40h]
      dec eax
      add esp, 20h
      pop edi
      ret
      dec eax
      mov eax, esp
      dec eax
      mov dword ptr [eax+10h], ebx
      dec eax
      mov dword ptr [eax+18h], esi
      dec eax
      mov dword ptr [eax+20h], edi
      push ebp
      dec eax
      lea ebp, dword ptr [eax-00000488h]
      dec eax
      sub esp, 00000580h
      dec eax
      mov eax, dword ptr [0004529Bh]
      dec eax
      xor eax, esp

      Rich Headers

      Programming Language:
      • [C++] VS2010 SP1 build 40219
      • [ C ] VS2010 SP1 build 40219
      • [ C ] VS2008 SP1 build 30729
      • [IMP] VS2008 SP1 build 30729
      • [ASM] VS2010 SP1 build 40219
      • [RES] VS2010 SP1 build 40219
      • [LNK] VS2010 SP1 build 40219

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x10e39c0x12c.rdata
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1310000x7064.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x11f0000x7a58.pdata
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0xe00000xeb8.rdata
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000xde3e60xde4001b1d6dd14717b7a4a86bc608450d2229False0.5378805188413949data6.547530261634082IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      .rdata0xe00000x312fe0x3140009069cfe30350895756a1046ae0bd101False0.28075428299492383data4.968893111667075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .data0x1120000xc3b80x5000969162fa5a35d1af3366239c5d31d147False0.25data3.3115656660148853IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .pdata0x11f0000x7a580x7c00ee1089d1b53300da83162d138f4a39ccFalse0.4783581149193548data5.987995779242859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      text0x1270000x258d0x26006cae918481287a7ff0aaef42fc0b95eeFalse0.46484375data5.774323838239317IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE
      data0x12a0000x6ec00x70008f4275b626558a8640120f611553e570False0.47119140625data6.457359279664662IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .rsrc0x1310000x70640x720085cb0bf36eea4c8c62a8c83ce3357425False0.19188596491228072data4.650274657297926IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountryZLIB Complexity
      RT_ICON0x1313f80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0543221539914974
      RT_ICON0x1356200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6941489361702128
      RT_ICON0x135a880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6622340425531915
      RT_ICON0x135ef00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6453900709219859
      RT_ICON0x1363580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.6655405405405406
      RT_MENU0x1364800x2c8dataEnglishUnited States0.46207865168539325
      RT_DIALOG0x1367480xe8dataEnglishUnited States0.6206896551724138
      RT_ACCELERATOR0x1368300x48dataEnglishUnited States0.8194444444444444
      RT_RCDATA0x1368780x1075ASCII textEnglishUnited States0.20887728459530025
      RT_GROUP_ICON0x1378f00x14dataEnglishUnited States1.05
      RT_GROUP_ICON0x1379040x14dataEnglishUnited States1.25
      RT_GROUP_ICON0x1379180x14dataEnglishUnited States1.25
      RT_GROUP_ICON0x13792c0x14dataEnglishUnited States1.25
      RT_GROUP_ICON0x1379400x14dataEnglishUnited States1.25
      RT_VERSION0x1379540x21cdataEnglishUnited States0.4925925925925926
      RT_MANIFEST0x137b700x4f4ASCII text, with very long lines (1268), with no line terminatorsEnglishUnited States0.4755520504731861

      Imports

      DLLImport
      WSOCK32.dllgethostbyname, inet_addr, WSACleanup, gethostname, WSAStartup
      WINMM.dllmixerGetLineInfoW, mixerGetDevCapsW, mixerOpen, mciSendStringW, joyGetPosEx, mixerGetLineControlsW, mixerGetControlDetailsW, mixerSetControlDetails, waveOutGetVolume, mixerClose, waveOutSetVolume, joyGetDevCapsW
      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
      COMCTL32.dllImageList_Create, CreateStatusWindowW, ImageList_ReplaceIcon, ImageList_GetIconSize, ImageList_Destroy, ImageList_AddMasked
      PSAPI.DLLGetProcessImageFileNameW, GetModuleBaseNameW, GetModuleFileNameExW
      WININET.dllInternetOpenW, InternetOpenUrlW, InternetCloseHandle, InternetReadFileExA, InternetReadFile
      KERNEL32.dllGetModuleFileNameW, GetSystemTimeAsFileTime, FindResourceW, SizeofResource, LoadResource, LockResource, GetFullPathNameW, GetShortPathNameW, FindFirstFileW, FindNextFileW, FindClose, FileTimeToLocalFileTime, SetEnvironmentVariableW, Beep, MoveFileW, OutputDebugStringW, CreateProcessW, GetFileAttributesW, WideCharToMultiByte, MultiByteToWideChar, GetExitCodeProcess, WriteProcessMemory, ReadProcessMemory, GetCurrentProcessId, OpenProcess, TerminateProcess, SetPriorityClass, SetLastError, GetEnvironmentVariableW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetDiskFreeSpaceExW, SetVolumeLabelW, CreateFileW, DeviceIoControl, GetDriveTypeW, GetVolumeInformationW, GetDiskFreeSpaceW, GetCurrentDirectoryW, CreateDirectoryW, ReadFile, WriteFile, DeleteFileW, SetFileAttributesW, LocalFileTimeToFileTime, SetFileTime, DeleteCriticalSection, GetSystemTime, GetSystemDefaultUILanguage, GetComputerNameW, GetSystemWindowsDirectoryW, GetTempPathW, EnterCriticalSection, LeaveCriticalSection, VirtualProtect, QueryDosDeviceW, CompareStringW, RemoveDirectoryW, CopyFileW, GetCurrentProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetPrivateProfileStringW, GetPrivateProfileSectionW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, WritePrivateProfileSectionW, SetEndOfFile, GetACP, GetFileType, GetStdHandle, SetFilePointerEx, SystemTimeToFileTime, FileTimeToSystemTime, GetFileSize, IsWow64Process, VirtualAllocEx, VirtualFreeEx, EnumResourceNamesW, LoadLibraryExW, GlobalSize, HeapReAlloc, EncodePointer, HeapFree, DecodePointer, ExitProcess, HeapAlloc, IsValidCodePage, FlsGetValue, FlsSetValue, FlsFree, FlsAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, InitializeCriticalSection, GetCPInfo, GetVersionExW, GetModuleHandleW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLastError, CreateMutexW, CloseHandle, GetExitCodeThread, SetThreadPriority, CreateThread, GetStringTypeExW, lstrcmpiW, GetCurrentThreadId, GlobalUnlock, GlobalFree, GlobalAlloc, GlobalLock, SetErrorMode, SetCurrentDirectoryW, Sleep, GetTickCount, MulDiv, RtlCaptureContext, HeapSetInformation, GetVersion, HeapCreate, InitializeCriticalSectionAndSpinCount, HeapSize, HeapQueryInformation, GetCommandLineW, GetStartupInfoW, RtlUnwindEx, GetStringTypeW, RaiseException, RtlPcToFileHeader, LCMapStringW, GetConsoleCP, GetConsoleMode, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, QueryPerformanceCounter, GetOEMCP, SetFilePointer, WriteConsoleW, SetStdHandle, FlushFileBuffers, GetFileSizeEx, GetProcessHeap
      USER32.dllGetDlgItem, SetDlgItemTextW, MessageBeep, GetCursorInfo, GetLastInputInfo, GetSystemMenu, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuStringW, ExitWindowsEx, SetMenu, FlashWindow, GetPropW, SetPropW, RemovePropW, MapWindowPoints, RedrawWindow, SetWindowLongPtrW, SetParent, GetClassInfoExW, DefDlgProcW, GetAncestor, UpdateWindow, GetMessagePos, GetClassLongPtrW, CallWindowProcW, CheckRadioButton, IntersectRect, GetUpdateRect, PtInRect, CreateDialogIndirectParamW, GetWindowLongPtrW, CreateAcceleratorTableW, DestroyAcceleratorTable, InsertMenuItemW, SetMenuDefaultItem, RemoveMenu, SetMenuItemInfoW, IsMenu, GetMenuItemInfoW, CreateMenu, CreatePopupMenu, SetMenuInfo, AppendMenuW, DestroyMenu, TrackPopupMenuEx, CopyImage, CreateIconIndirect, CreateIconFromResourceEx, EnumClipboardFormats, GetWindow, BringWindowToTop, MessageBoxW, GetTopWindow, GetQueueStatus, SendDlgItemMessageW, SetClipboardViewer, LoadAcceleratorsW, EnableMenuItem, GetMenu, CreateWindowExW, RegisterClassExW, LoadCursorW, DestroyWindow, EnableWindow, MapVirtualKeyW, VkKeyScanExW, MapVirtualKeyExW, GetKeyboardLayoutNameW, ActivateKeyboardLayout, GetGUIThreadInfo, GetWindowTextW, mouse_event, WindowFromPoint, GetSystemMetrics, keybd_event, SetKeyboardState, GetKeyboardState, GetCursorPos, GetAsyncKeyState, AttachThreadInput, SendInput, UnregisterHotKey, RegisterHotKey, SendMessageTimeoutW, UnhookWindowsHookEx, SetWindowsHookExW, PostThreadMessageW, IsCharAlphaNumericW, IsCharUpperW, IsCharLowerW, ToUnicodeEx, GetKeyboardLayout, CallNextHookEx, CharLowerW, ReleaseDC, GetDC, OpenClipboard, GetClipboardData, GetClipboardFormatNameW, CloseClipboard, SetClipboardData, EmptyClipboard, PostMessageW, FindWindowW, EndDialog, IsWindow, DispatchMessageW, TranslateMessage, ShowWindow, CountClipboardFormats, SetWindowLongW, ScreenToClient, IsDialogMessageW, DialogBoxParamW, SetForegroundWindow, DefWindowProcW, FillRect, DrawIconEx, GetSysColorBrush, GetSysColor, RegisterWindowMessageW, EnumDisplayMonitors, IsIconic, IsZoomed, EnumWindows, ChangeClipboardChain, GetWindowTextLengthW, SendMessageW, IsWindowEnabled, GetWindowLongW, GetKeyState, TranslateAcceleratorW, KillTimer, PeekMessageW, GetFocus, GetClassNameW, GetWindowThreadProcessId, GetForegroundWindow, InvalidateRect, SetLayeredWindowAttributes, SetWindowPos, SetWindowRgn, SetFocus, SetActiveWindow, ClientToScreen, EnumChildWindows, MoveWindow, GetWindowRect, GetMonitorInfoW, MonitorFromPoint, GetClientRect, SystemParametersInfoW, AdjustWindowRectEx, DrawTextW, SetRect, GetIconInfo, SetWindowTextW, IsWindowVisible, BlockInput, GetMessageW, SetTimer, GetParent, GetDlgCtrlID, CharUpperW, IsClipboardFormatAvailable, CheckMenuItem, PostQuitMessage, IsCharAlphaW, LoadImageW, DestroyIcon
      GDI32.dllGetPixel, GetClipRgn, GetCharABCWidthsW, SetBkMode, CreatePatternBrush, SetBrushOrgEx, EnumFontFamiliesExW, CreateDIBSection, GdiFlush, SetBkColor, ExcludeClipRect, SetTextColor, GetClipBox, BitBlt, CreateCompatibleBitmap, GetSystemPaletteEntries, GetDIBits, CreateCompatibleDC, CreatePolygonRgn, CreateRectRgn, CreateRoundRectRgn, CreateEllipticRgn, DeleteDC, GetObjectW, GetTextMetricsW, GetTextFaceW, SelectObject, GetStockObject, CreateDCW, CreateSolidBrush, CreateFontW, FillRgn, GetDeviceCaps, DeleteObject
      COMDLG32.dllCommDlgExtendedError, GetSaveFileNameW, GetOpenFileNameW
      ADVAPI32.dllRegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, GetUserNameW, RegEnumKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegOpenKeyExW, RegCloseKey, RegConnectRegistryW, RegDeleteValueW
      SHELL32.dllDragQueryPoint, SHEmptyRecycleBinW, SHFileOperationW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetDesktopFolder, SHGetMalloc, SHGetFolderPathW, ShellExecuteExW, Shell_NotifyIconW, DragFinish, DragQueryFileW, ExtractIconW
      ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, CoInitialize, CoUninitialize, CLSIDFromString, CLSIDFromProgID, CoGetObject, StringFromGUID2, CreateStreamOnHGlobal
      OLEAUT32.dllSafeArrayGetLBound, GetActiveObject, SysStringLen, OleLoadPicture, SafeArrayUnaccessData, SafeArrayGetElemsize, SafeArrayAccessData, SafeArrayUnlock, SafeArrayPtrOfIndex, SafeArrayLock, SafeArrayGetDim, SafeArrayDestroy, SafeArrayGetUBound, VariantCopyInd, SafeArrayCopy, SysAllocString, VariantChangeType, VariantClear, SafeArrayCreate, SysFreeString

      Possible Origin

      Language of compilation systemCountry where language is spokenMap
      EnglishUnited States

      Network Behavior

      No network behavior found

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:15:00:53
      Start date:25/11/2024
      Path:C:\Users\user\Desktop\ftFxGrU7W4.exe
      Wow64 process (32bit):false
      Commandline:"C:\Users\user\Desktop\ftFxGrU7W4.exe"
      Imagebase:0x140000000
      File size:1'232'896 bytes
      MD5 hash:5F5E9AB72E28A8EF4241D82A8782D872
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Disassembly

      Reset < >

        Execution Graph

        Execution Coverage:0.4%
        Dynamic/Decrypted Code Coverage:0%
        Signature Coverage:24.6%
        Total number of Nodes:756
        Total number of Limit Nodes:32
        execution_graph 241899 140056a05 241900 140056a17 241899->241900 241901 140056a3b 241899->241901 241902 140056a45 241900->241902 241904 140056a1d 241900->241904 241901->241902 241903 14005688e DefWindowProcW 241901->241903 241905 140056a4e PostMessageW 241902->241905 241906 140056a6a 241902->241906 241909 1400568a0 241903->241909 241904->241903 241907 140056a27 241904->241907 241905->241909 241906->241909 241911 140056a81 241906->241911 241913 1400a2a10 97 API calls 241907->241913 241910 140056a34 241910->241909 241914 1400570d0 167 API calls _wcsupr_s_l 241911->241914 241913->241910 241914->241910 241915 140036c57 241929 14004dfc0 241915->241929 241917 140038e5c 241918 1400325d7 241918->241917 241919 140032611 GetTickCount 241918->241919 241920 1400325ea GlobalUnlock 241918->241920 241921 1400325fe CloseClipboard 241918->241921 241922 140032630 PeekMessageW 241919->241922 241928 14003264f 241919->241928 241920->241921 241921->241919 241923 140032659 GetTickCount 241922->241923 241922->241928 241923->241928 241924 140032721 GetTickCount 241924->241928 241926 140038ad5 241926->241917 241927 140032530 171 API calls 241927->241928 241928->241917 241928->241918 241928->241923 241928->241924 241928->241926 241928->241927 242001 14008a1c0 171 API calls 3 library calls 241928->242001 242002 140043100 62 API calls 241929->242002 241931 14004dfdf 241932 14004e00e 241931->241932 241933 14004eb5b 241931->241933 241934 14004e846 241932->241934 241935 14004e01c 241932->241935 241936 14004eb62 241933->241936 241937 14004eb6c GetCurrentProcessId 241933->241937 241939 140081f80 73 API calls 241934->241939 241940 14004e025 241935->241940 241941 14004e396 241935->241941 241942 140081f80 73 API calls 241936->241942 241938 14004eb6a 241937->241938 241938->241918 241943 14004e84e 241939->241943 241951 14004e048 241940->241951 241968 14004e06b 241940->241968 242000 14004e094 __initmbctable 241940->242000 242051 1400cc9a0 64 API calls 2 library calls 241941->242051 241942->241938 241945 14004e854 OpenProcess 241943->241945 241946 14004e8af 241943->241946 241945->241946 241948 14004e86c TerminateProcess CloseHandle 241945->241948 241949 14004e8e1 241946->241949 241950 14004e8be 241946->241950 241947 14004e39e 241947->241950 241955 14004e658 241947->241955 241953 14004e89a 241948->241953 241959 14004e91d 241949->241959 241960 14004e90b 241949->241960 242053 1400b1500 94 API calls 3 library calls 241950->242053 242003 14001bfd0 66 API calls _wcstoi64 241951->242003 241953->241918 241955->241960 241961 14004e686 241955->241961 241956 14004e8da 241956->241918 241957 14004e053 GetTickCount 241957->241968 241963 14004e92f 241959->241963 241964 14004e956 241959->241964 241978 14004e96a 241959->241978 242054 140006090 21 API calls 2 library calls 241960->242054 241961->241963 241961->241964 241974 14004e6a6 241961->241974 241963->241918 242055 1400b1bb0 62 API calls free 241964->242055 241965 14004e916 241965->241918 241966 14004e0d3 241970 14004e0e2 241966->241970 241971 14004e100 241966->241971 241968->241966 241969 14004e0b4 GetTickCount 241968->241969 241968->242000 242004 140081f80 CreateToolhelp32Snapshot Process32FirstW 241968->242004 241969->241968 241969->242000 242024 1400b1500 94 API calls 3 library calls 241970->242024 241975 14004e125 241971->241975 241976 14004e132 241971->241976 241972 14004e965 241972->241918 241977 14004e700 241974->241977 241984 14004e6e3 241974->241984 241994 14004e6e7 __initmbctable 241974->241994 242025 140006090 21 API calls 2 library calls 241975->242025 241982 14004e185 241976->241982 241990 14004e196 241976->241990 241976->242000 241986 1400aa420 73 API calls 241977->241986 241980 1400aa420 73 API calls 241978->241980 241989 14004e721 241978->241989 241978->241994 241980->241989 241981 14004ead0 241988 1400ca9c4 malloc 62 API calls 241981->241988 241981->241994 242026 1400b1bb0 62 API calls free 241982->242026 241983 14004e80c 241993 1400ca9c4 malloc 62 API calls 241983->241993 241983->241994 241984->241983 241984->241994 242052 1400cb13c 62 API calls 2 library calls 241984->242052 241986->241989 241988->241994 241989->241981 241989->241994 242056 1400cb13c 62 API calls 2 library calls 241989->242056 241992 14004e1f0 241990->241992 241998 14004e1d3 241990->241998 241990->242000 242027 1400aa420 241992->242027 241993->241994 241994->241918 241995 14004e2ff 241995->242000 242034 1400ca9c4 241995->242034 241998->241995 241998->242000 242033 1400cb13c 62 API calls 2 library calls 241998->242033 242000->241918 242001->241928 242002->241931 242003->241957 242009 140081fb7 242004->242009 242006 1400820d5 Process32NextW 242007 14008219c CloseHandle 242006->242007 242020 1400820fb 242006->242020 242013 1400821a7 242007->242013 242008 1400820b7 242011 1400820ce 242008->242011 242012 1400820be 242008->242012 242009->242006 242010 140082025 242009->242010 242057 1400cbe84 65 API calls _wcsupr_s_l 242009->242057 242010->242006 242016 14008206d 242010->242016 242058 140014880 65 API calls 242010->242058 242060 1400cbb98 63 API calls _wcstoui64 242011->242060 242059 1400cc690 63 API calls _wcstoui64 242012->242059 242013->241968 242016->242006 242019 1400821bc CloseHandle 242019->242013 242020->242019 242022 1400821c9 CloseHandle 242020->242022 242023 140082189 Process32NextW 242020->242023 242061 1400cd3ac 62 API calls 242020->242061 242062 1400ca93c 62 API calls 2 library calls 242020->242062 242022->242013 242023->242007 242023->242020 242024->242000 242025->242000 242026->242000 242028 1400aa435 242027->242028 242031 1400aa462 242027->242031 242030 1400aa444 242028->242030 242063 1400aa4b0 242028->242063 242030->242031 242032 1400aa4b0 73 API calls 242030->242032 242031->242000 242032->242031 242033->241995 242035 1400ca9dc 242034->242035 242036 1400caa58 242034->242036 242038 1400caa14 HeapAlloc 242035->242038 242043 1400caa3d 242035->242043 242047 1400caa42 242035->242047 242050 1400ca9f4 242035->242050 242105 1400cf144 DecodePointer 242035->242105 242108 1400cf144 DecodePointer 242036->242108 242038->242035 242042 1400caa4d 242038->242042 242039 1400caa5d 242109 1400ced8c 62 API calls _errno 242039->242109 242042->242000 242106 1400ced8c 62 API calls _errno 242043->242106 242107 1400ced8c 62 API calls _errno 242047->242107 242050->242038 242102 1400cf0a0 62 API calls 2 library calls 242050->242102 242103 1400cee40 62 API calls 4 library calls 242050->242103 242104 1400cac68 GetModuleHandleW GetProcAddress ExitProcess malloc 242050->242104 242051->241947 242052->241983 242053->241956 242054->241965 242055->241972 242056->241981 242057->242010 242058->242008 242059->242016 242060->242016 242061->242020 242062->242020 242068 1400cbd60 242063->242068 242066 1400ca9c4 malloc 62 API calls 242067 1400aa4da _RunAllParam 242066->242067 242067->242030 242072 1400cbd6b 242068->242072 242069 1400ca9c4 malloc 62 API calls 242069->242072 242070 1400aa4c0 242070->242066 242070->242067 242072->242069 242072->242070 242075 1400cbd8a 242072->242075 242080 1400cf144 DecodePointer 242072->242080 242073 1400cbddb 242084 1400d107c 62 API calls std::exception::operator= 242073->242084 242075->242073 242081 1400cb2cc 242075->242081 242076 1400cbdec 242085 1400d1150 RaiseException __initmbctable 242076->242085 242079 1400cbe02 242080->242072 242086 1400cb1c0 242081->242086 242083 1400cb2d5 242083->242073 242084->242076 242085->242079 242101 1400cac80 242086->242101 242088 1400cb1e1 DecodePointer DecodePointer 242089 1400cb20b 242088->242089 242092 1400cb2a6 _cinit 242088->242092 242090 1400cd85c _cinit 63 API calls 242089->242090 242089->242092 242091 1400cb227 242090->242091 242093 1400cb284 EncodePointer EncodePointer 242091->242093 242094 1400cb243 242091->242094 242095 1400cb254 242091->242095 242092->242083 242093->242092 242096 1400d0b94 _cinit 66 API calls 242094->242096 242095->242092 242097 1400cb24b 242095->242097 242096->242097 242097->242095 242098 1400d0b94 _cinit 66 API calls 242097->242098 242099 1400cb26c EncodePointer 242097->242099 242100 1400cb267 242098->242100 242099->242093 242100->242092 242100->242099 242102->242050 242103->242050 242105->242035 242106->242047 242107->242042 242108->242039 242109->242042 242110 14002e64c 242111 14002e656 242110->242111 242117 14002e672 242111->242117 242140 1400ad230 89 API calls 242111->242140 242114 14002e7a1 242135 1400aa360 242114->242135 242116 14002e714 242129 14002e75a __initmbctable 242116->242129 242142 14002e2a0 242116->242142 242117->242129 242131 14002ec50 242117->242131 242120 14002e70c 242120->242114 242120->242116 242122 14002e7f2 242125 1400aa4b0 73 API calls 242122->242125 242128 14002e81c __initmbctable 242122->242128 242122->242129 242123 14002e7b3 242123->242122 242124 1400aa4b0 73 API calls 242123->242124 242123->242129 242124->242122 242125->242128 242126 14002e968 242126->242129 242158 1400cbba4 65 API calls 5 library calls 242126->242158 242128->242126 242128->242129 242130 1400ca9c4 malloc 62 API calls 242128->242130 242130->242126 242134 14002ec71 242131->242134 242132 14002e6e8 242132->242114 242132->242116 242141 1400ca93c 62 API calls 2 library calls 242132->242141 242134->242132 242159 1400ca93c 62 API calls 2 library calls 242134->242159 242136 1400aa379 242135->242136 242137 1400aa405 242135->242137 242136->242137 242138 1400aa420 73 API calls 242136->242138 242137->242123 242139 1400aa3b2 __initmbctable 242138->242139 242139->242123 242140->242117 242141->242120 242144 14002e2d5 wcsncpy 242142->242144 242157 14002e2c9 242142->242157 242147 14002e3a9 242144->242147 242144->242157 242160 1400ca93c 62 API calls 2 library calls 242144->242160 242146 14002e424 242148 14002e474 242146->242148 242149 14002e4b0 242146->242149 242146->242157 242147->242146 242147->242157 242161 1400ca93c 62 API calls 2 library calls 242147->242161 242150 14002e2a0 62 API calls 242148->242150 242151 14002e4ce 242149->242151 242156 14002e4f9 242149->242156 242150->242157 242153 14002e2a0 62 API calls 242151->242153 242152 14002e52e 242154 14002e2a0 62 API calls 242152->242154 242152->242157 242153->242157 242154->242157 242156->242152 242156->242157 242162 1400ca93c 62 API calls 2 library calls 242156->242162 242157->242129 242158->242129 242159->242134 242160->242144 242161->242147 242162->242156 242163 140056b39 242168 140004ea0 242163->242168 242165 140056b3e 242166 140056b46 PostMessageW 242165->242166 242167 1400568a0 242165->242167 242169 140004f19 242168->242169 242170 140004ead 242168->242170 242169->242165 242170->242169 242171 140004f0d 242170->242171 242172 140004ed8 GetTickCount 242170->242172 242171->242165 242172->242171 242173 140004ef3 242172->242173 242173->242171 242174 140003ede 242175 140003ec0 242174->242175 242212 140001c03 242174->242212 242257 1400a33f0 119 API calls 3 library calls 242175->242257 242178 140001c7d GetTickCount 242178->242212 242179 140004150 GetTickCount 242218 140002014 wcsncpy 242179->242218 242180 140004ea0 GetTickCount 242181 140001c9d GetMessageW 242180->242181 242181->242178 242182 140001cbe GetTickCount 242181->242182 242182->242212 242184 1400020ef GetFocus 242184->242212 242186 1400029b3 GetForegroundWindow 242187 1400029c5 GetWindowThreadProcessId 242186->242187 242189 1400029dc GetClassNameW 242187->242189 242188 1400024e3 IsDialogMessageW 242188->242212 242192 140002a0e IsDialogMessageW 242189->242192 242191 14000265a ShowWindow 242191->242212 242192->242212 242193 14000213a TranslateAcceleratorW 242193->242212 242195 140002a5e SetCurrentDirectoryW 242195->242212 242197 14000245d SendMessageW 242197->242212 242198 1400019f0 GetDlgCtrlID GetParent GetDlgCtrlID 242198->242212 242199 14000403e 242203 1400040b3 242199->242203 242208 14000408f KillTimer 242199->242208 242200 140002337 GetKeyState 242202 14000234e GetKeyState 242200->242202 242200->242212 242201 140002479 SendMessageW 242201->242212 242202->242212 242204 14000241b PostMessageW 242204->242218 242205 1400023a0 GetWindowLongW 242209 1400023b8 SendMessageW 242205->242209 242205->242212 242206 1400023de SendMessageW 242206->242212 242207 14000221e GetKeyState 242207->242212 242208->242203 242209->242212 242210 1400022b9 IsWindowEnabled 242210->242212 242211 140002248 GetWindowLongW 242211->242212 242212->242178 242212->242180 242212->242184 242212->242186 242212->242188 242212->242191 242212->242193 242212->242195 242212->242197 242212->242198 242212->242200 242212->242201 242212->242204 242212->242205 242212->242206 242212->242207 242212->242210 242212->242211 242213 140003080 DragFinish 242212->242213 242214 1400022d7 GetKeyState 242212->242214 242212->242218 242222 140004ae0 242212->242222 242251 1400b4210 GetWindowLongW GetParent GetWindowLongW 242212->242251 242252 14008bfb0 GetWindowLongW GetParent 242212->242252 242253 140004520 joyGetPosEx PostMessageW 242212->242253 242213->242212 242214->242218 242215 14009e8b0 191 API calls 242215->242218 242216 14000314a GetTickCount 242216->242218 242218->242178 242218->242179 242218->242199 242218->242212 242218->242215 242218->242216 242250 1400046c0 162 API calls 3 library calls 242218->242250 242254 1400041d0 157 API calls 2 library calls 242218->242254 242255 140001820 116 API calls 242218->242255 242256 140004980 SetCurrentDirectoryW GetTickCount LoadImageW Shell_NotifyIconW __initmbctable 242218->242256 242258 14000dc00 123 API calls _wcsupr_s_l 242218->242258 242220 1400031f0 GetTickCount 242220->242218 242223 140004b02 242222->242223 242224 140004b2d _RunAllParam 242222->242224 242223->242224 242259 1400cb13c 62 API calls 2 library calls 242223->242259 242231 140004b5d _RunAllParam 242224->242231 242260 1400cb13c 62 API calls 2 library calls 242224->242260 242226 140004bd1 242233 140004c31 242226->242233 242234 140004c21 242226->242234 242227 140004bb4 242262 1400b1500 94 API calls 3 library calls 242227->242262 242232 140004b82 _RunAllParam 242231->242232 242261 1400cb13c 62 API calls 2 library calls 242231->242261 242232->242226 242232->242227 242236 140004c68 242233->242236 242239 140004c82 242233->242239 242241 140004bcc __initmbctable 242233->242241 242263 140006090 21 API calls 2 library calls 242234->242263 242264 1400b1bb0 62 API calls free 242236->242264 242237 14001f758 242237->242212 242240 140004cdc 242239->242240 242239->242241 242249 140004cbf 242239->242249 242245 1400aa420 73 API calls 242240->242245 242241->242237 242242 14001f73b Shell_NotifyIconW 242241->242242 242243 14001f711 LoadImageW 242241->242243 242244 14001f708 242241->242244 242242->242237 242243->242242 242244->242242 242245->242241 242246 140004de7 242246->242241 242248 1400ca9c4 malloc 62 API calls 242246->242248 242248->242241 242249->242241 242249->242246 242265 1400cb13c 62 API calls 2 library calls 242249->242265 242250->242218 242251->242212 242252->242212 242253->242212 242254->242218 242255->242218 242256->242220 242257->242212 242258->242218 242259->242224 242260->242231 242261->242232 242262->242241 242263->242241 242264->242241 242265->242246 242266 14004e3eb 242267 14004e3f0 242266->242267 242268 14004e3f7 242267->242268 242269 14004e401 GetCurrentProcessId 242267->242269 242270 140081f80 73 API calls 242268->242270 242271 14004e3ff 242269->242271 242270->242271 242272 14004e468 242271->242272 242273 14004e40d OpenProcess 242271->242273 242274 14004e8be 242272->242274 242275 14004e47b 242272->242275 242273->242272 242276 14004e425 SetPriorityClass CloseHandle 242273->242276 242301 1400b1500 94 API calls 3 library calls 242274->242301 242280 14004e4a9 242275->242280 242281 14004e90b 242275->242281 242278 14004e453 242276->242278 242279 14004e8da 242283 14004e92f 242280->242283 242284 14004e956 242280->242284 242288 14004e4c9 242280->242288 242302 140006090 21 API calls 2 library calls 242281->242302 242303 1400b1bb0 62 API calls free 242284->242303 242285 14004e916 242287 14004e965 242289 14004e51e 242288->242289 242291 14004e506 242288->242291 242294 14004e50a __initmbctable 242288->242294 242292 1400aa420 73 API calls 242289->242292 242290 14004e60b 242290->242294 242295 1400ca9c4 malloc 62 API calls 242290->242295 242291->242290 242291->242294 242300 1400cb13c 62 API calls 2 library calls 242291->242300 242296 14004e721 242292->242296 242295->242294 242296->242294 242297 14004ead0 242296->242297 242304 1400cb13c 62 API calls 2 library calls 242296->242304 242297->242294 242299 1400ca9c4 malloc 62 API calls 242297->242299 242299->242294 242300->242290 242301->242279 242302->242285 242303->242287 242304->242297 242305 14001e5c0 242306 14001e7fb _scwprintf 242305->242306 242314 1400a1530 242306->242314 242308 14001e811 242310 14002e2a0 62 API calls 242308->242310 242311 14001e87a 242308->242311 242309 14002e2a0 62 API calls 242313 14001e902 242309->242313 242310->242311 242311->242309 242312 14001e960 InitializeCriticalSection OleInitialize 242313->242312 242315 1400a1549 242314->242315 242321 1400a15c3 242314->242321 242316 1400ca9c4 malloc 62 API calls 242315->242316 242315->242321 242317 1400a1581 242316->242317 242318 1400a163e 242317->242318 242319 1400cbd60 73 API calls 242317->242319 242318->242308 242320 1400a15bb 242319->242320 242320->242321 242323 1400cb13c 62 API calls 2 library calls 242320->242323 242321->242308 242323->242318 242324 14000bcf0 242325 14000bd00 GetMessageW 242324->242325 242325->242325 242327 14000bd18 242325->242327 242326 14000bd99 UnhookWindowsHookEx 242326->242327 242328 14000bda6 GetLastError 242326->242328 242327->242325 242327->242326 242329 14000bd62 SetWindowsHookExW 242327->242329 242330 14000be10 UnhookWindowsHookEx 242327->242330 242332 14000be44 PostThreadMessageW 242327->242332 242333 14000bde0 SetWindowsHookExW 242327->242333 242335 14000be90 10 API calls 242327->242335 242336 14000be84 242327->242336 242337 14000be90 242327->242337 242328->242327 242329->242327 242330->242327 242334 14000be1d GetLastError 242330->242334 242332->242327 242333->242327 242334->242327 242335->242333 242338 14000bec0 242337->242338 242339 14000c023 242338->242339 242340 14000c01f _scwprintf 242338->242340 242343 14000c088 242338->242343 242344 140019f40 9 API calls 242339->242344 242342 14000c04a FindWindowW 242340->242342 242342->242343 242343->242329 242344->242340 242345 1400cd994 GetStartupInfoW 242347 1400cd9c3 242345->242347 242385 1400cf0e4 HeapCreate 242347->242385 242349 1400cda2a 242390 1400ce9d0 242349->242390 242351 1400cda16 242471 1400cee40 62 API calls 4 library calls 242351->242471 242352 1400cda11 242470 1400cf0a0 62 API calls 2 library calls 242352->242470 242356 1400cda20 242472 1400cac68 GetModuleHandleW GetProcAddress ExitProcess malloc 242356->242472 242357 1400cda55 _RTC_Initialize 242406 1400d3e6c GetStartupInfoW 242357->242406 242359 1400cda3c 242473 1400cf0a0 62 API calls 2 library calls 242359->242473 242360 1400cda41 242474 1400cee40 62 API calls 4 library calls 242360->242474 242364 1400cda4b 242475 1400cac68 GetModuleHandleW GetProcAddress ExitProcess malloc 242364->242475 242367 1400cda6e GetCommandLineW 242419 1400d3de4 GetEnvironmentStringsW 242367->242419 242373 1400cda9a 242432 1400d3a24 242373->242432 242376 1400cdaad 242446 1400cad4c 242376->242446 242380 1400cdab7 242381 1400cdac2 _wwincmdln 242380->242381 242479 1400cafc4 62 API calls 2 library calls 242380->242479 242452 140005300 SetErrorMode 242381->242452 242384 1400cdae8 242386 1400cf10c GetVersion 242385->242386 242387 1400cda04 242385->242387 242388 1400cf130 242386->242388 242389 1400cf116 HeapSetInformation 242386->242389 242387->242349 242387->242351 242387->242352 242388->242387 242389->242388 242480 1400cac98 242390->242480 242392 1400ce9db 242484 1400cf178 242392->242484 242395 1400cea44 242494 1400ce714 65 API calls free 242395->242494 242396 1400ce9e4 FlsAlloc 242396->242395 242397 1400ce9fc 242396->242397 242488 1400d0b10 242397->242488 242401 1400cda2f 242401->242357 242401->242359 242401->242360 242402 1400cea13 FlsSetValue 242402->242395 242403 1400cea26 242402->242403 242493 1400ce73c 62 API calls 3 library calls 242403->242493 242405 1400cea30 GetCurrentThreadId 242405->242401 242407 1400d0b10 __onexitinit 62 API calls 242406->242407 242409 1400d3ea2 242407->242409 242408 1400cda60 242408->242367 242476 1400cafc4 62 API calls 2 library calls 242408->242476 242409->242408 242409->242409 242412 1400d0b10 __onexitinit 62 API calls 242409->242412 242414 1400d4054 242409->242414 242415 1400d3fc9 242409->242415 242410 1400d4079 GetStdHandle 242410->242414 242411 1400d40a9 GetFileType 242411->242414 242412->242409 242413 1400d4112 SetHandleCount 242413->242408 242414->242410 242414->242411 242414->242413 242416 1400d40d3 InitializeCriticalSectionAndSpinCount 242414->242416 242415->242414 242417 1400d4002 InitializeCriticalSectionAndSpinCount 242415->242417 242418 1400d3ff4 GetFileType 242415->242418 242416->242408 242416->242414 242417->242408 242417->242415 242418->242415 242418->242417 242420 1400cda80 242419->242420 242422 1400d3e08 242419->242422 242426 1400d3cf4 GetModuleFileNameW 242420->242426 242506 1400d0a90 62 API calls malloc 242422->242506 242424 1400d3e48 FreeEnvironmentStringsW 242424->242420 242425 1400d3e2f __initmbctable 242425->242424 242427 1400d3d34 __wsetargv 242426->242427 242428 1400cda8c 242427->242428 242429 1400d3d8f 242427->242429 242428->242373 242477 1400cafc4 62 API calls 2 library calls 242428->242477 242507 1400d0a90 62 API calls malloc 242429->242507 242431 1400d3d94 __wsetargv 242431->242428 242433 1400cda9f 242432->242433 242434 1400d3a57 _FF_MSGBANNER 242432->242434 242433->242376 242478 1400cafc4 62 API calls 2 library calls 242433->242478 242435 1400d0b10 __onexitinit 62 API calls 242434->242435 242439 1400d3a84 _FF_MSGBANNER 242435->242439 242436 1400d3aec 242509 1400cb13c 62 API calls 2 library calls 242436->242509 242438 1400d0b10 __onexitinit 62 API calls 242438->242439 242439->242433 242439->242436 242439->242438 242440 1400d3b41 242439->242440 242443 1400d3b2c 242439->242443 242508 1400d0dfc 62 API calls 2 library calls 242439->242508 242511 1400cb13c 62 API calls 2 library calls 242440->242511 242510 1400cec80 16 API calls _fltout2 242443->242510 242449 1400cad62 _cinit 242446->242449 242448 1400cad7f _initterm_e 242450 1400cb2cc _cinit 72 API calls 242448->242450 242451 1400cada2 _cinit 242448->242451 242512 1400cf718 242449->242512 242450->242451 242451->242380 242515 140063e20 242452->242515 242455 1400aa360 73 API calls 242456 140005343 __initmbctable 242455->242456 242521 1400053c0 242456->242521 242458 140005372 242461 140005389 242458->242461 242555 1400200c0 242458->242555 242460 140005380 242460->242461 242559 140005660 242460->242559 242461->242384 242465 1400053a3 242465->242461 242582 14000cd80 242465->242582 242469 1400058d2 242469->242384 242470->242351 242471->242356 242473->242360 242474->242364 242495 1400ce708 EncodePointer 242480->242495 242482 1400caca3 _initp_misc_winsig 242483 1400cf414 EncodePointer 242482->242483 242483->242392 242485 1400cf19b 242484->242485 242486 1400cf1a1 InitializeCriticalSectionAndSpinCount 242485->242486 242487 1400ce9e0 242485->242487 242486->242485 242486->242487 242487->242395 242487->242396 242490 1400d0b35 242488->242490 242491 1400cea0b 242490->242491 242492 1400d0b53 Sleep 242490->242492 242496 1400d52dc 242490->242496 242491->242395 242491->242402 242492->242490 242492->242491 242493->242405 242494->242401 242497 1400d52f1 242496->242497 242503 1400d530e 242496->242503 242498 1400d52ff 242497->242498 242497->242503 242504 1400ced8c 62 API calls _errno 242498->242504 242499 1400d5326 HeapAlloc 242502 1400d5304 242499->242502 242499->242503 242502->242490 242503->242499 242503->242502 242505 1400cf144 DecodePointer 242503->242505 242504->242502 242505->242503 242506->242425 242507->242431 242508->242439 242509->242433 242511->242433 242513 1400cf72e EncodePointer 242512->242513 242513->242513 242514 1400cf743 242513->242514 242514->242448 242625 1400d23d0 242515->242625 242518 140063e46 242519 14000531d 242518->242519 242627 140079940 73 API calls 2 library calls 242518->242627 242519->242455 242525 1400053e8 242521->242525 242534 1400054a6 242521->242534 242523 1400ca93c 62 API calls 242523->242525 242524 140005640 242524->242458 242525->242523 242525->242534 242655 1400cab94 64 API calls 2 library calls 242525->242655 242656 14001e070 67 API calls 242525->242656 242526 140005543 242528 140005593 242526->242528 242658 1400ca93c 62 API calls 2 library calls 242526->242658 242528->242524 242641 1400a4e40 242528->242641 242530 1400054c3 wcsncpy 242530->242524 242530->242526 242530->242528 242657 1400ca93c 62 API calls 2 library calls 242530->242657 242628 1400059c0 242534->242628 242536 140005606 _wcsupr_s_l 242538 14001ed3c GetModuleFileNameW 242536->242538 242539 14001ed63 242538->242539 242540 14001edb9 242538->242540 242542 14001ed6c 242539->242542 242544 1400aa360 73 API calls 242539->242544 242540->242542 242651 1400ae490 242540->242651 242542->242458 242543 14001ee09 242545 1400aa420 73 API calls 242543->242545 242546 14001ee3d __initmbctable 242543->242546 242547 14001ed81 242544->242547 242545->242546 242549 1400aa360 73 API calls 242546->242549 242550 14001eec3 242546->242550 242554 14001eef2 __initmbctable 242546->242554 242547->242540 242547->242542 242548 1400aa360 73 API calls 242547->242548 242548->242540 242549->242550 242551 1400aa360 73 API calls 242550->242551 242550->242554 242552 14001eee6 242551->242552 242553 1400aa420 73 API calls 242552->242553 242552->242554 242553->242554 242554->242458 242556 140020109 242555->242556 242674 1400207f0 FindResourceW 242556->242674 242558 1400201b7 242558->242460 242563 140005684 242559->242563 242560 140005741 242561 140005395 242560->242561 242562 14000574e FindWindowW 242560->242562 242561->242461 242572 140005810 242561->242572 242562->242561 242569 14000573a PostMessageW Sleep IsWindow 242562->242569 242563->242560 242563->242561 242563->242562 242564 1400056de FindWindowW 242563->242564 242564->242560 242568 1400056fa 242564->242568 242566 1400057e1 Sleep 242566->242561 242567 1400057c7 Sleep IsWindow 242567->242566 242570 1400057a0 242567->242570 242568->242561 242568->242569 242569->242566 242569->242570 242570->242567 242571 140005806 242570->242571 242571->242561 242698 14001efa0 242572->242698 242574 140005820 242575 140005824 242574->242575 242576 140005829 SystemParametersInfoW 242574->242576 242575->242465 242577 140005863 242576->242577 242578 140005844 242576->242578 242580 1400ca9c4 malloc 62 API calls 242577->242580 242581 140005885 _scwprintf 242577->242581 242578->242577 242579 14000584d SystemParametersInfoW 242578->242579 242579->242577 242580->242581 242581->242465 242590 14000cdc3 _wcsupr_s_l _scwprintf 242582->242590 242584 14000d234 242751 14000a820 242584->242751 242585 14000cefe 242585->242584 242588 14000d1d4 UnregisterHotKey 242585->242588 242593 14000d1a0 RegisterHotKey 242585->242593 242813 1400ca93c 62 API calls 2 library calls 242585->242813 242587 14000ce77 UnregisterHotKey 242587->242590 242588->242585 242589 14000d286 242591 1400058cc 242589->242591 242592 14000d298 SetTimer 242589->242592 242590->242585 242590->242587 242812 140006850 62 API calls 242590->242812 242595 14001f780 242591->242595 242592->242591 242593->242585 242596 1400ca9c4 malloc 62 API calls 242595->242596 242597 14001f79e __initmbctable 242596->242597 242598 14001f7ad 242597->242598 242599 14001f7d7 SetTimer 242597->242599 242598->242469 242600 14001f816 GetTickCount 242599->242600 242604 14001f809 242599->242604 242601 14001f871 GetTickCount 242600->242601 242602 14001f84a SetTimer 242600->242602 242820 140032530 242601->242820 242602->242601 242606 14001f920 __initmbctable _RunAllParam 242604->242606 242833 1400cb13c 62 API calls 2 library calls 242604->242833 242609 14001f9ee 242606->242609 242610 14001fa0f 242606->242610 242607 14001f8bb KillTimer 242607->242604 242834 1400b1500 94 API calls 3 library calls 242609->242834 242612 14001fa35 242610->242612 242614 14001fa45 242610->242614 242835 140006090 21 API calls 2 library calls 242612->242835 242615 14001fa7c 242614->242615 242617 14001fa90 242614->242617 242622 14001fa0a __initmbctable 242614->242622 242836 1400b1bb0 62 API calls free 242615->242836 242618 14001faef 242617->242618 242617->242622 242624 14001fad2 242617->242624 242619 1400aa420 73 API calls 242618->242619 242619->242622 242620 14001fbfa 242620->242622 242623 1400ca9c4 malloc 62 API calls 242620->242623 242622->242469 242623->242622 242624->242620 242624->242622 242837 1400cb13c 62 API calls 2 library calls 242624->242837 242626 140063e2c GetCurrentDirectoryW 242625->242626 242626->242518 242627->242519 242629 140005dc4 242628->242629 242636 140005a00 __initmbctable 242628->242636 242630 14002e2a0 62 API calls 242629->242630 242632 140005dbd 242630->242632 242632->242530 242633 14002e2a0 62 API calls 242633->242636 242636->242629 242636->242632 242636->242633 242638 1400aa420 73 API calls 242636->242638 242640 1400ca9c4 malloc 62 API calls 242636->242640 242659 1400cafec 89 API calls 4 library calls 242636->242659 242660 1400b1500 94 API calls 3 library calls 242636->242660 242661 140006090 21 API calls 2 library calls 242636->242661 242662 1400b1bb0 62 API calls free 242636->242662 242663 1400cb13c 62 API calls 2 library calls 242636->242663 242638->242636 242640->242636 242642 1400a4e7d _wcsupr_s_l 242641->242642 242643 1400cbd60 73 API calls 242642->242643 242645 1400a4ef9 242643->242645 242644 1400055f6 242644->242524 242647 1400b1880 242644->242647 242645->242644 242664 1400a5300 119 API calls 2 library calls 242645->242664 242648 1400b1896 242647->242648 242649 1400b190d 242648->242649 242665 1400cb13c 62 API calls 2 library calls 242648->242665 242649->242536 242652 1400ae4a0 _wcsupr_s_l 242651->242652 242653 1400ae4bc __initmbctable 242652->242653 242666 1400ae280 242652->242666 242653->242543 242655->242525 242656->242525 242657->242530 242658->242526 242659->242636 242660->242636 242661->242636 242662->242636 242663->242636 242664->242644 242665->242649 242668 1400ae2a3 __initmbctable 242666->242668 242667 1400ae3fb 242670 1400ae401 FindFirstFileW 242667->242670 242673 1400ae2fa __initmbctable 242667->242673 242668->242667 242669 1400ae380 FindFirstFileW 242668->242669 242668->242673 242672 1400ae39e FindClose 242669->242672 242669->242673 242671 1400ae419 FindClose 242670->242671 242670->242673 242671->242673 242672->242668 242672->242673 242673->242653 242675 140020901 242674->242675 242676 14002083c SizeofResource 242674->242676 242675->242558 242676->242675 242677 140020853 LoadResource 242676->242677 242677->242675 242678 140020867 LockResource 242677->242678 242678->242675 242679 14002087e 242678->242679 242680 1400cbd60 73 API calls 242679->242680 242681 140020888 242680->242681 242684 140020895 242681->242684 242693 14001e4d0 GetCPInfo 242681->242693 242683 1400208d8 242683->242558 242684->242683 242686 1400aab90 242684->242686 242687 1400aabbb GetCPInfo 242686->242687 242688 1400aabd0 242686->242688 242687->242688 242690 1400aac85 242688->242690 242691 1400aac07 242688->242691 242694 1400aa8e0 242688->242694 242690->242683 242691->242690 242692 1400aac77 GetCPInfo 242691->242692 242692->242690 242693->242684 242695 1400aa8f9 242694->242695 242697 1400aa900 242694->242697 242696 1400ca9c4 malloc 62 API calls 242695->242696 242696->242697 242697->242691 242699 14001f413 242698->242699 242700 14001efbe _scwprintf 242698->242700 242699->242574 242700->242699 242727 1400af3c0 242700->242727 242703 1400af3c0 13 API calls 242704 14001f055 LoadCursorW RegisterClassExW 242703->242704 242705 14001f0b0 RegisterClassExW 242704->242705 242711 14001f0d7 242704->242711 242706 14001f0fb GetForegroundWindow 242705->242706 242705->242711 242707 14001f13d CreateWindowExW 242706->242707 242708 14001f10e GetClassNameW 242706->242708 242707->242711 242712 14001f1bb 242707->242712 242708->242707 242710 14001f129 242708->242710 242747 1400ca93c 62 API calls 2 library calls 242710->242747 242711->242574 242714 14001f201 CreateWindowExW 242712->242714 242715 14001f1c4 GetMenu EnableMenuItem 242712->242715 242714->242711 242718 14001f298 9 API calls 242714->242718 242716 14001f1fa 242715->242716 242717 14001f1ed 242715->242717 242716->242714 242748 14001f510 EnableMenuItem EnableMenuItem EnableMenuItem EnableMenuItem 242717->242748 242720 14001f3c3 LoadAcceleratorsW 242718->242720 242721 14001f39d ShowWindow SetWindowLongW 242718->242721 242722 14001f3ee 242720->242722 242723 14001f3e5 242720->242723 242721->242720 242749 14001f570 Shell_NotifyIconW wcsncpy _scwprintf 242722->242749 242723->242711 242725 14001f3ff 242723->242725 242750 14001f420 PostMessageW SetClipboardViewer ChangeClipboardChain 242725->242750 242728 1400af3ed LoadLibraryExW 242727->242728 242729 1400af3fe 242727->242729 242728->242729 242730 1400af5b1 242729->242730 242731 1400af42e EnumResourceNamesW 242729->242731 242732 1400af422 242729->242732 242733 1400af5e2 ExtractIconW 242730->242733 242734 14001f02c GetSystemMetrics 242730->242734 242731->242732 242735 1400af46f FindResourceW 242732->242735 242736 1400af597 242732->242736 242733->242734 242734->242703 242735->242736 242737 1400af487 LoadResource 242735->242737 242736->242730 242738 1400af5bb FreeLibrary 242736->242738 242737->242736 242739 1400af49c LockResource 242737->242739 242738->242730 242739->242736 242740 1400af4b1 242739->242740 242741 1400af4bc GetSystemMetrics 242740->242741 242742 1400af4c7 242740->242742 242741->242742 242742->242736 242743 1400af529 FindResourceW 242742->242743 242743->242736 242744 1400af543 LoadResource 242743->242744 242744->242736 242745 1400af554 LockResource 242744->242745 242745->242736 242746 1400af565 SizeofResource CreateIconFromResourceEx 242745->242746 242746->242736 242747->242707 242749->242723 242750->242711 242752 14000a857 242751->242752 242753 14000a9e8 242751->242753 242754 14000a883 242752->242754 242782 14000b922 242752->242782 242766 14000ab64 242753->242766 242776 1400ca9c4 malloc 62 API calls 242753->242776 242796 14000aa85 _scwprintf 242753->242796 242755 14000a890 PostThreadMessageW 242754->242755 242756 14000a8bb GetTickCount 242755->242756 242757 14000a8ab Sleep 242755->242757 242758 14000a8d0 GetExitCodeThread 242756->242758 242757->242755 242757->242756 242759 14000a8f2 GetTickCount 242758->242759 242760 14000a90b CloseHandle 242758->242760 242761 14000a901 Sleep 242759->242761 242762 14000a924 242759->242762 242814 14000c140 62 API calls free 242760->242814 242761->242758 242764 14000a94c 242762->242764 242765 14000a92d 242762->242765 242768 14000a965 242764->242768 242769 14000a951 CloseHandle 242764->242769 242767 14000a932 CreateMutexW 242765->242767 242765->242768 242770 14000c1b9 242766->242770 242819 1400cb13c 62 API calls 2 library calls 242766->242819 242767->242768 242771 14000a98e 242768->242771 242772 14000a96e 242768->242772 242769->242768 242770->242589 242775 14000a994 CloseHandle 242771->242775 242777 14000a9a8 242771->242777 242774 14000a974 CreateMutexW 242772->242774 242772->242777 242774->242777 242775->242777 242778 14000aa72 242776->242778 242777->242589 242777->242782 242778->242766 242778->242796 242779 14000afdb 242811 14000b009 242779->242811 242816 1400cb780 62 API calls _errno 242779->242816 242782->242589 242783 14000b7d6 CreateThread 242785 14000b80e SetThreadPriority 242783->242785 242791 14000b8ad 242783->242791 242784 14000b81c 242786 14000b823 PostThreadMessageW 242784->242786 242785->242784 242787 14000b84e GetTickCount 242786->242787 242788 14000b83e Sleep 242786->242788 242794 14000b860 242787->242794 242788->242786 242788->242787 242789 14000b869 PeekMessageW 242792 14000b950 GetTickCount 242789->242792 242789->242794 242790 14000b92e GetExitCodeThread 242790->242792 242793 14000b970 CloseHandle 242790->242793 242791->242782 242817 1400cb13c 62 API calls 2 library calls 242791->242817 242795 14000b9fc 242792->242795 242797 14000b963 Sleep 242792->242797 242808 14000b990 242793->242808 242794->242789 242794->242790 242794->242795 242798 14000ba25 242795->242798 242799 14000ba06 242795->242799 242796->242779 242796->242811 242815 140006850 62 API calls 242796->242815 242797->242794 242802 14000ba3e 242798->242802 242803 14000ba2a CloseHandle 242798->242803 242801 14000ba0b CreateMutexExW 242799->242801 242799->242802 242801->242802 242804 14000ba68 242802->242804 242805 14000ba48 242802->242805 242803->242802 242804->242782 242807 14000ba6e CloseHandle 242804->242807 242805->242782 242806 14000ba4e CreateMutexW 242805->242806 242806->242782 242807->242782 242808->242795 242818 1400cb13c 62 API calls 2 library calls 242808->242818 242810 14000b9f5 242810->242795 242811->242782 242811->242783 242811->242784 242812->242590 242813->242585 242814->242762 242815->242796 242816->242811 242817->242782 242818->242810 242819->242770 242821 14001f8a9 242820->242821 242822 1400325ad 242820->242822 242821->242604 242821->242607 242823 140032611 GetTickCount 242822->242823 242824 1400325ea GlobalUnlock 242822->242824 242825 1400325fe CloseClipboard 242822->242825 242826 140032630 PeekMessageW 242823->242826 242832 14003264f 242823->242832 242824->242825 242825->242823 242827 140032659 GetTickCount 242826->242827 242826->242832 242827->242832 242828 140032721 GetTickCount 242828->242832 242830 140038ad5 242830->242821 242831 140032530 165 API calls 242831->242832 242832->242821 242832->242822 242832->242827 242832->242828 242832->242830 242832->242831 242838 14008a1c0 171 API calls 3 library calls 242832->242838 242833->242606 242834->242622 242835->242622 242836->242622 242837->242620 242838->242832

        Executed Functions

        Function 0000000140056150 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 462registrywindowCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 0 140056150-14005617b 1 14005617d-140056193 RegisterWindowMessageW 0->1 2 140056199-1400561aa 0->2 1->2 3 1400561fc-140056207 2->3 4 1400561ac-1400561b3 2->4 5 14005620f-140056226 3->5 6 140056209-14005620c 3->6 7 1400561b5-1400561bc 4->7 8 1400561be-1400561c5 4->8 9 14005638a-140056391 5->9 10 14005622c 5->10 6->5 7->3 7->8 8->3 11 1400561c7-1400561e9 call 1400045a0 8->11 14 140056397 9->14 15 14005691e-140056925 9->15 12 140056232-14005623a 10->12 13 14005636d-14005637d call 140056d60 10->13 35 1400561f5 11->35 36 1400561eb-1400561f0 11->36 19 140056845-14005684c 12->19 20 140056240-140056256 12->20 28 14005688e-14005689a DefWindowProcW 13->28 40 140056383-140056385 13->40 22 1400568d3-1400568dd 14->22 23 14005639d-1400563a4 14->23 17 1400569d9-1400569e4 15->17 18 14005692b 15->18 17->19 25 1400569ea-140056a00 17->25 26 140056968-14005696f 18->26 27 14005692d-140056934 18->27 19->28 29 14005684e-140056855 19->29 20->13 31 1400568df-1400568e8 22->31 32 1400568ea-1400568ed 22->32 33 1400563aa 23->33 34 14005682b-140056832 23->34 41 140056971-140056978 26->41 42 14005697a-140056997 PostMessageW 26->42 27->19 39 14005693a-140056952 PostMessageW call 140004ea0 27->39 48 1400568a0-1400568a8 28->48 29->28 47 140056857-140056868 Shell_NotifyIconW 29->47 31->48 37 140056961-140056963 32->37 38 1400568ef-14005691c SendMessageTimeoutW 32->38 43 1400563b0-1400563b8 33->43 44 1400567ea-14005681d GetMenu CheckMenuItem 33->44 45 140056838-14005683f 34->45 46 1400568ca-1400568d1 34->46 35->3 49 1400568b0-1400568c9 36->49 37->48 38->48 39->37 62 140056954-14005695c call 140001a70 39->62 40->48 41->42 51 14005699d-1400569a7 41->51 42->51 52 1400567b5-1400567bc 43->52 53 1400563be-1400563c0 43->53 44->28 54 14005681f-140056829 44->54 45->19 45->26 46->28 47->28 55 14005686a-140056887 Shell_NotifyIconW 47->55 48->49 51->37 59 1400569a9-1400569d4 SendMessageTimeoutW 51->59 57 1400567be-1400567c5 52->57 58 1400567cb-1400567d5 52->58 60 1400563c6-1400563c9 53->60 61 14005679a-14005679d 53->61 54->28 55->28 57->28 57->58 58->28 64 1400567db 58->64 59->48 60->19 65 1400563cf-1400563d3 60->65 61->28 63 1400567a3-1400567aa 61->63 62->37 63->37 67 1400567b0 63->67 68 1400567dd-1400567e5 ShowWindow 64->68 69 140056436-14005643d 65->69 70 1400563d5-1400563df 65->70 67->62 68->48 69->28 73 140056443-14005644a 69->73 71 1400563e1-1400563e7 70->71 72 14005641e-140056425 70->72 71->68 74 1400563ed-140056419 MoveWindow 71->74 72->28 75 14005642b-14005642f 72->75 73->28 76 140056450-14005645a 73->76 74->48 75->76 77 140056431 75->77 78 140056461-140056464 76->78 77->28 79 140056466-14005646f 78->79 80 140056471-140056479 78->80 79->78 79->80 81 1400564b2 80->81 82 14005647b-14005648c 80->82 84 1400564b9-1400564c7 81->84 83 140056490-140056493 82->83 85 140056495-14005649e 83->85 86 1400564a0-1400564a3 83->86 87 1400564cd-1400564d1 84->87 88 1400566ac-1400566b8 84->88 85->83 85->86 86->28 89 1400564a9-1400564b0 86->89 90 140056545-14005654c 87->90 91 1400564d3-1400564da 87->91 92 1400566c3-1400566e5 GetClientRect 88->92 93 1400566ba-1400566bd 88->93 89->84 97 140056678-14005667c 90->97 98 140056552-140056557 90->98 91->28 96 1400564e0-1400564e7 91->96 94 1400566e7-1400566ed 92->94 95 1400566ef 92->95 93->37 93->92 99 1400566f2-14005670e 94->99 95->99 100 1400564e9-1400564f0 96->100 101 1400564fb-1400564fe 96->101 97->28 104 140056682-1400566a7 GetClipBox FillRect 97->104 102 140056561 98->102 103 140056559-14005655f 98->103 105 140056754-140056795 MoveWindow InvalidateRect 99->105 106 140056710-140056717 99->106 100->28 107 1400564f6-1400564f9 100->107 108 14005650b-14005651f SetBkColor 101->108 109 140056564-140056572 102->109 103->109 104->48 105->48 110 14005672e-140056735 106->110 111 140056719-140056728 MoveWindow 106->111 107->101 112 140056500-140056505 GetSysColor 107->112 113 140056521-140056524 SetTextColor 108->113 114 14005652a-140056531 108->114 115 1400565d5-1400565fb DrawIconEx 109->115 116 140056574-1400565d3 CreateCompatibleDC SelectObject BitBlt SelectObject DeleteDC 109->116 117 140056737-14005674c MoveWindow 110->117 118 140056752 110->118 111->110 112->108 113->114 114->48 119 140056537-140056540 GetSysColorBrush 114->119 120 140056601-14005664b ExcludeClipRect CreateRectRgn GetClipRgn 115->120 116->120 117->118 118->105 119->48 121 140056656-140056673 FillRgn DeleteObject 120->121 122 14005664d-140056650 GetSysColorBrush 120->122 121->48 122->121
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageRegisterWindow
        • String ID: $TaskbarCreated
        • API String ID: 1814269913-2756569325
        • Opcode ID: 94e4697f1b54d3e95581d5b80e8b9b15aa115fc46969299653cc422c9fd158ea
        • Instruction ID: 3d2a4659ac04b8fd781bf1f1e5821c7e0ff0b23da157bbf93be823c0ca50bb91
        • Opcode Fuzzy Hash: 94e4697f1b54d3e95581d5b80e8b9b15aa115fc46969299653cc422c9fd158ea
        • Instruction Fuzzy Hash: 32227B352046408AEB6ACF67E4447EA77A1F78CBD4F544125EB8A57BB4DF3AD884CB00
        Function 000000014000A820 Relevance: 57.0, APIs: 28, Strings: 4, Instructions: 1046sleepsynchronizationthreadCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexSleepThreadTick$CodeExitMessagePostmalloc
        • String ID: 2$AHK Keybd$AHK Mouse$Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.
        • API String ID: 2185308758-62447575
        • Opcode ID: 4bfda9af8a9896fb664633e2ac2c58b683d106673624f1363ec0ac702c0586c6
        • Instruction ID: ebd41942e90c014abbbfa1dfacde388b2bc72a789e1f70ae703de7455ece9b52
        • Opcode Fuzzy Hash: 4bfda9af8a9896fb664633e2ac2c58b683d106673624f1363ec0ac702c0586c6
        • Instruction Fuzzy Hash: 6EB29BB2214A8085F76ACB26E4143F93BA0F75EB94F484126EB990B7F2DB7DC594C311
        Function 000000014001EFA0 Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 233windowregistryCOMMON
        Download Yara Rule

        Control-flow Graph

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Resource$Window$Load$Create$ClassShow$FindLockMenuMessageMetricsRegisterSendSystem$AcceleratorsCapsCursorDeviceEnableEnumFontForegroundFromIconItemLibraryLongNameNamesReleaseSizeof
        • String ID: AutoHotkey$AutoHotkey2$Consolas$CreateWindow$Lucida Console$P$RegClass$Shell_TrayWnd$edit
        • API String ID: 221421807-2636979444
        • Opcode ID: 9f0a374761176a418978be3c1379a1759a994d3ef96bc3faca75ebb80cc0896e
        • Instruction ID: 968f40cefe4a0f8d73f4e9c232b4fcd87372d36ebbf80ff45b512957cacca498
        • Opcode Fuzzy Hash: 9f0a374761176a418978be3c1379a1759a994d3ef96bc3faca75ebb80cc0896e
        • Instruction Fuzzy Hash: 76C16A35218B8182E7629F22F8547EA73A4F78DB94F540119EB895BBB8DF3DC485CB40
        Function 0000000140001ABC Relevance: 51.4, APIs: 28, Strings: 1, Instructions: 608timewindowclipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessageTimerUnlock
        • String ID: #32770
        • API String ID: 1115112458-463685578
        • Opcode ID: 053d57a55ae809349e8037f561e1ef5e31ca59676e365c3c37fe4c9ca857211b
        • Instruction ID: 16e9fd3f2d3deeb1c89529255d5b1a4cf61a1ee717150be675451d4bc97e3919
        • Opcode Fuzzy Hash: 053d57a55ae809349e8037f561e1ef5e31ca59676e365c3c37fe4c9ca857211b
        • Instruction Fuzzy Hash: E2528FB220468086FB67CB27F8503E93BA1F78DBD8F584115EB4A17AB5DB78C981C740
        Function 000000014000273B Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 430windowthreadCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$Windowwcsncpy$Message$ClassCurrentDialogDirectoryDragFinishForegroundNameProcessShowThread
        • String ID: #32770
        • API String ID: 1745663375-463685578
        • Opcode ID: fbe917881213136dd4fb58954175c1f166627a5a69082d15888b119d7f3c9d24
        • Instruction ID: ac4c83e85054edae261d361d87cebb4de6b7dce580e82fabf61456b9cdbc042f
        • Opcode Fuzzy Hash: fbe917881213136dd4fb58954175c1f166627a5a69082d15888b119d7f3c9d24
        • Instruction Fuzzy Hash: 32229FB2605A908AFB66CF27B8507EA37A4F78DBD8F544115EB4A17BB4DB34C881C710
        Function 0000000140081F80 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 159processCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1559 140081f80-140081fb4 CreateToolhelp32Snapshot Process32FirstW 1560 140081fb7-140081fbe 1559->1560 1561 140081fc0-140081fc4 1560->1561 1562 140081fc6-140081fca 1560->1562 1561->1562 1563 140081fcc-140081fea 1561->1563 1562->1560 1564 1400820af-1400820bc call 140014880 1563->1564 1565 140081ff0-140081ff6 1563->1565 1577 1400820ce-1400820d3 call 1400cbb98 1564->1577 1578 1400820be-1400820cc call 1400cc690 1564->1578 1567 140081ffc-140082000 1565->1567 1568 1400820d5-1400820f5 Process32NextW 1565->1568 1572 140082002 1567->1572 1573 140082006-14008200a 1567->1573 1569 1400820fb 1568->1569 1570 14008219c-1400821a5 CloseHandle 1568->1570 1576 140082100-140082102 1569->1576 1579 1400821a7-1400821bb 1570->1579 1572->1573 1574 14008200c-140082014 1573->1574 1575 140082034 1573->1575 1580 14008201c-140082027 call 1400cbe84 1574->1580 1581 140082016-14008201a 1574->1581 1585 140082036-140082041 1575->1585 1583 14008210e-140082158 call 1400cd3ac 1576->1583 1584 140082104-140082108 1576->1584 1577->1568 1578->1568 1580->1575 1599 140082029-140082032 1580->1599 1581->1575 1581->1580 1601 140082160-140082170 1583->1601 1584->1583 1590 1400821bc-1400821c7 CloseHandle 1584->1590 1591 140082091-140082098 1585->1591 1592 140082043-140082046 1585->1592 1590->1579 1594 14008209a-14008209e 1591->1594 1595 1400820a0-1400820a4 1591->1595 1592->1591 1597 140082048-14008204a 1592->1597 1594->1595 1600 1400820a6-1400820a9 1594->1600 1595->1591 1602 1400820ab-1400820ad 1597->1602 1603 14008204c-14008204f 1597->1603 1599->1585 1600->1568 1600->1602 1601->1601 1605 140082172-140082187 call 1400ca93c 1601->1605 1602->1564 1602->1568 1603->1568 1604 140082055-140082058 1603->1604 1607 14008205a-14008206b call 1400cc3f4 1604->1607 1608 140082077-14008207d 1604->1608 1614 1400821c9-1400821d3 CloseHandle 1605->1614 1615 140082189-140082196 Process32NextW 1605->1615 1609 14008206d-140082075 call 14000c540 1607->1609 1610 14008207f-14008208f 1607->1610 1608->1609 1608->1610 1609->1568 1610->1591 1610->1592 1614->1579 1615->1570 1615->1576
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CloseHandleProcess32$Next$CreateFirstSnapshotToolhelp32_wcstoi64
        • String ID: $.
        • API String ID: 3074079693-3929174939
        • Opcode ID: a073b43f13d5261475da1d8407fe2279b2438f4328bd4077b5019029635f5553
        • Instruction ID: 4533296359261cdf3c9d56e40923cd3aadf4856d2da79d96861ea0ca9e904dd4
        • Opcode Fuzzy Hash: a073b43f13d5261475da1d8407fe2279b2438f4328bd4077b5019029635f5553
        • Instruction Fuzzy Hash: AF51FE7360569181FBB69B17A1443FE62A0F74CBD0F844112FF8647AEADB38CA85CB40
        Function 000000014004E3CB Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 217COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1737 14004e3cb-14004e3f5 1739 14004e3f7-14004e3ff call 140081f80 1737->1739 1740 14004e401 GetCurrentProcessId 1737->1740 1742 14004e407-14004e40b 1739->1742 1740->1742 1744 14004e468-14004e475 1742->1744 1745 14004e40d-14004e423 OpenProcess 1742->1745 1746 14004e8be-14004e8dc call 1400b1500 1744->1746 1747 14004e47b-14004e48b 1744->1747 1745->1744 1748 14004e425-14004e467 SetPriorityClass CloseHandle call 140001090 1745->1748 1749 14004e496 1747->1749 1750 14004e48d-14004e494 1747->1750 1753 14004e499-14004e4a3 1749->1753 1750->1753 1756 14004e4a9-14004e4b3 1753->1756 1757 14004e90b-14004e918 call 140006090 1753->1757 1758 14004e4b5-14004e4b9 1756->1758 1759 14004e4bf-14004e4c3 1756->1759 1758->1759 1761 14004e92f-14004e94b call 140040760 1758->1761 1762 14004e956-14004e965 call 1400b1bb0 1759->1762 1763 14004e4c9-14004e4cf 1759->1763 1765 14004e4e7-14004e4f2 1763->1765 1766 14004e4d1-14004e4e0 1763->1766 1770 14004e4f8-14004e504 1765->1770 1771 14004eaff-14004eb06 1765->1771 1766->1765 1776 14004e506-14004e508 1770->1776 1777 14004e519-14004e51c 1770->1777 1773 14004eb15-14004eb28 1771->1773 1774 14004eb08-14004eb10 call 1400cb300 1771->1774 1774->1773 1778 14004e532-14004e536 1776->1778 1781 14004e50a-14004e514 1776->1781 1777->1778 1779 14004e51e-14004e522 1777->1779 1784 14004e538-14004e53d 1778->1784 1785 14004e542-14004e54a 1778->1785 1782 14004e528-14004e52d 1779->1782 1783 14004e70d-14004e715 1779->1783 1786 14004eaf3-14004eafb 1781->1786 1787 14004e719-14004e724 call 1400aa420 1782->1787 1783->1787 1788 14004e5ec-14004e5f7 1784->1788 1785->1788 1789 14004e550-14004e557 1785->1789 1786->1771 1802 14004e9ee-14004e9fb 1787->1802 1803 14004e72a-14004e72e 1787->1803 1790 14004e60d 1788->1790 1791 14004e5f9-14004e5fc 1788->1791 1792 14004e5a8-14004e5af 1789->1792 1793 14004e559-14004e565 1789->1793 1797 14004e610-14004e613 1790->1797 1791->1790 1796 14004e5fe-14004e60b call 1400cb13c 1791->1796 1800 14004e5b1-14004e5b8 1792->1800 1801 14004e5ba-14004e5c1 1792->1801 1798 14004e567 1793->1798 1799 14004e56f-14004e585 1793->1799 1796->1797 1805 14004e615-14004e620 call 1400ca9c4 1797->1805 1806 14004e626-14004e629 1797->1806 1798->1799 1807 14004e587-14004e58f 1799->1807 1808 14004e59e-14004e5a6 1799->1808 1800->1788 1809 14004e5e5 1801->1809 1810 14004e5c3-14004e5e3 1801->1810 1820 14004ea07-14004ea0f 1802->1820 1821 14004e9fd-14004ea02 1802->1821 1803->1786 1805->1806 1822 14004eaef 1805->1822 1814 14004eb2d-14004eb33 1806->1814 1815 14004e62f-14004e640 1806->1815 1807->1808 1813 14004e591-14004e59b 1807->1813 1808->1788 1809->1788 1810->1788 1813->1808 1816 14004eb36-14004eb56 call 140040760 1814->1816 1815->1816 1824 14004ea15-14004ea1c 1820->1824 1825 14004eab1-14004eabc 1820->1825 1821->1825 1822->1786 1828 14004ea6d-14004ea74 1824->1828 1829 14004ea1e-14004ea2a 1824->1829 1826 14004ead2 1825->1826 1827 14004eabe-14004eac1 1825->1827 1833 14004ead5-14004ead8 1826->1833 1827->1826 1832 14004eac3-14004ead0 call 1400cb13c 1827->1832 1830 14004ea76-14004ea7d 1828->1830 1831 14004ea7f-14004ea86 1828->1831 1834 14004ea34-14004ea4a 1829->1834 1835 14004ea2c 1829->1835 1830->1825 1840 14004ea88-14004eaa8 1831->1840 1841 14004eaaa 1831->1841 1832->1833 1838 14004e827-14004e82a 1833->1838 1839 14004eade-14004eae9 call 1400ca9c4 1833->1839 1836 14004ea63-14004ea6b 1834->1836 1837 14004ea4c-14004ea54 1834->1837 1835->1834 1836->1825 1837->1836 1844 14004ea56-14004ea60 1837->1844 1838->1814 1846 14004e830-14004e841 1838->1846 1839->1822 1839->1838 1840->1825 1841->1825 1844->1836 1846->1816
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ProcessProcess32$ClassCloseCreateCurrentFirstHandleNextOpenPrioritySnapshotToolhelp32freemalloc
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 2256640844-457448710
        • Opcode ID: d70210c70cf60830f0294bea8def767a19b83ac2d77039fc13af69c1104c8f73
        • Instruction ID: 070bc0a45c506fb490ab7eccf0b432d9d144fc932f9f39896afd936bbec60666
        • Opcode Fuzzy Hash: d70210c70cf60830f0294bea8def767a19b83ac2d77039fc13af69c1104c8f73
        • Instruction Fuzzy Hash: A391D272604B8086FB639B27D6543E95392EB8C7D8F464532FB0A1B6F5EA78C8418348
        Function 00000001400207F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 2015 1400207f0-140020836 FindResourceW 2016 140020901-140020926 call 140040760 2015->2016 2017 14002083c-14002084d SizeofResource 2015->2017 2017->2016 2019 140020853-140020861 LoadResource 2017->2019 2019->2016 2021 140020867-140020878 LockResource 2019->2021 2021->2016 2022 14002087e-14002088b call 1400cbd60 2021->2022 2025 14002089a 2022->2025 2026 14002088d-140020898 call 14001e4d0 2022->2026 2028 14002089c-1400208c3 2025->2028 2026->2028 2031 1400208d8-140020900 2028->2031 2032 1400208c5-1400208d3 call 1400aab90 2028->2032 2032->2031
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Resource$FindInfoLoadLockSizeofmalloc
        • String ID: >AUTOHOTKEY SCRIPT<$Could not extract script from EXE.
        • API String ID: 3366556718-1775548002
        • Opcode ID: a40408cb1bf94199baaa69e3b613d217fb0d26f8259f78298cce53bcdda4c896
        • Instruction ID: 4ca7666f5d533042d4ca9a9cad77b3cddb827c80f71eef5efff0dddd3ba21b57
        • Opcode Fuzzy Hash: a40408cb1bf94199baaa69e3b613d217fb0d26f8259f78298cce53bcdda4c896
        • Instruction Fuzzy Hash: 10317A31209B4481EB668B56F45439AA3A1F74CBD8F084529EF8D0BBBADF7DC444CB40
        Function 00000001400AE280 Relevance: 6.1, APIs: 4, Instructions: 137fileCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Find$CloseFileFirst
        • String ID:
        • API String ID: 2295610775-0
        • Opcode ID: f833d4a0713a5c8d6de575c904e800df0c91a906833fd943bef45137d0ba8481
        • Instruction ID: 869df9760f0148c9f829586e4073e97515fd48e62f034122f43eef2aed448627
        • Opcode Fuzzy Hash: f833d4a0713a5c8d6de575c904e800df0c91a906833fd943bef45137d0ba8481
        • Instruction Fuzzy Hash: A251AD32304B8491EE169B16D5483DAB3A9FB58BE4F958316EB69077E4DF38C58AC700
        Function 00000001400CF0E4 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Heap$CreateInformationVersion
        • String ID:
        • API String ID: 3563531100-0
        • Opcode ID: 2aae9347a45451b879d68f4c96062e5d6e9eb486b1f21193dd6ae4d59cce5ed9
        • Instruction ID: da4e4383b9ef4f05b0bc2872ceacfce4d983aefa46e52d53b2cc2322927a9f3f
        • Opcode Fuzzy Hash: 2aae9347a45451b879d68f4c96062e5d6e9eb486b1f21193dd6ae4d59cce5ed9
        • Instruction Fuzzy Hash: 49E09274221B4082FB8A5B53E845BE52261F78C780F800414FB4A03B74DF3CC49A8700
        Function 0000000140005660 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 102sleepwindowCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1070 140005660-140005682 1071 1400056c3-1400056c6 1070->1071 1072 140005684-14000568e 1070->1072 1075 140005741-140005748 1071->1075 1076 1400056c8-1400056cf 1071->1076 1073 1400056b7-1400056c1 1072->1073 1074 140005690-140005696 1072->1074 1073->1076 1074->1073 1077 140005698-14000569f 1074->1077 1078 1400057ec 1075->1078 1079 14000574e-140005768 FindWindowW 1075->1079 1076->1079 1080 1400056d1-1400056d8 1076->1080 1077->1073 1081 1400056a1-1400056a8 1077->1081 1084 1400057f1-140005805 1078->1084 1079->1078 1082 14000576e 1079->1082 1080->1078 1083 1400056de-1400056f8 FindWindowW 1080->1083 1081->1073 1085 1400056aa-1400056b1 1081->1085 1086 140005773-14000579e PostMessageW Sleep IsWindow 1082->1086 1083->1075 1087 1400056fa-140005703 1083->1087 1085->1073 1085->1075 1088 1400057e1-1400057e6 Sleep 1086->1088 1089 1400057a0-1400057a3 1086->1089 1090 140005705-14000570a 1087->1090 1091 14000570f-140005712 1087->1091 1088->1078 1092 1400057a5-1400057c3 call 1400b3f10 1089->1092 1093 1400057c7-1400057df Sleep IsWindow 1089->1093 1090->1084 1094 140005714-140005738 call 1400b3f10 1091->1094 1095 14000573a-14000573f 1091->1095 1100 1400057c5 1092->1100 1101 140005806-140005808 1092->1101 1093->1088 1093->1089 1094->1090 1094->1095 1095->1086 1100->1093 1101->1084
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$Sleep$Find$MessagePost
        • String ID: An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta$AutoHotkey$Could not close the previous instance of this script. Keep waiting?$d
        • API String ID: 1104075879-823662016
        • Opcode ID: 9be76a8b86065992f11beeb97ac03ba929bd344f95d33b48398e52f44b7c9567
        • Instruction ID: f46e981cd836c53c074747acff47b3a235bc4a799830d710d07ea1a2ac91e491
        • Opcode Fuzzy Hash: 9be76a8b86065992f11beeb97ac03ba929bd344f95d33b48398e52f44b7c9567
        • Instruction Fuzzy Hash: 63415CB0608A51C2FA67EB23F8403EA22A0F74EBD5F540126FB49976B4DB39C8819741
        Function 00000001400AF3C0 Relevance: 19.7, APIs: 13, Instructions: 164windowlibraryCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1102 1400af3c0-1400af3eb 1103 1400af3ed-1400af3fc LoadLibraryExW 1102->1103 1104 1400af3fe 1102->1104 1105 1400af405-1400af408 1103->1105 1104->1105 1106 1400af5ce-1400af5d1 1105->1106 1107 1400af40e-1400af420 1105->1107 1108 1400af5da-1400af5de 1106->1108 1109 1400af5d3-1400af5d8 1106->1109 1110 1400af42e-1400af461 EnumResourceNamesW 1107->1110 1111 1400af422-1400af42c 1107->1111 1112 1400af5e2-1400af5ea ExtractIconW 1108->1112 1109->1112 1113 1400af466-1400af469 1110->1113 1111->1113 1114 1400af5f0-1400af609 1112->1114 1115 1400af46f-1400af481 FindResourceW 1113->1115 1116 1400af597-1400af5aa 1113->1116 1115->1116 1117 1400af487-1400af496 LoadResource 1115->1117 1118 1400af5ac-1400af5af 1116->1118 1119 1400af5b6-1400af5b9 1116->1119 1117->1116 1122 1400af49c-1400af4ab LockResource 1117->1122 1118->1119 1123 1400af5b1-1400af5b4 1118->1123 1120 1400af5bb-1400af5be FreeLibrary 1119->1120 1121 1400af5c4-1400af5c7 1119->1121 1120->1121 1121->1106 1124 1400af5c9-1400af5cc 1121->1124 1122->1116 1125 1400af4b1-1400af4ba 1122->1125 1123->1121 1124->1114 1126 1400af4bc-1400af4c5 GetSystemMetrics 1125->1126 1127 1400af4c7-1400af4d7 1125->1127 1126->1127 1127->1116 1128 1400af4dd-1400af4e8 1127->1128 1129 1400af4f0-1400af4fe 1128->1129 1130 1400af500-1400af506 1129->1130 1131 1400af508-1400af50a 1129->1131 1132 1400af50d-1400af50f 1130->1132 1131->1132 1133 1400af511-1400af514 1132->1133 1134 1400af517-1400af522 1132->1134 1133->1134 1134->1129 1135 1400af524-1400af527 1134->1135 1135->1116 1136 1400af529-1400af541 FindResourceW 1135->1136 1136->1116 1137 1400af543-1400af552 LoadResource 1136->1137 1137->1116 1138 1400af554-1400af563 LockResource 1137->1138 1138->1116 1139 1400af565-1400af594 SizeofResource CreateIconFromResourceEx 1138->1139 1139->1116
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Resource$Load$FindIconLock$CreateEnumExtractFromLibraryMetricsNamesSizeofSystem
        • String ID:
        • API String ID: 1568753105-0
        • Opcode ID: 33d089be9ebdc0d64a94b64a1d3b0a3a67a64df8bae5bc6057e580e510e08665
        • Instruction ID: 9a0abc6b989a2079d1a8385865f242b4ed64abd64c1c020e43650a27a5f9203e
        • Opcode Fuzzy Hash: 33d089be9ebdc0d64a94b64a1d3b0a3a67a64df8bae5bc6057e580e510e08665
        • Instruction Fuzzy Hash: 5951C731701B5086EA6A8FA3A4447F96790BB5CBD4F584625EF4A5BBA4DF3CC881DB00
        Function 000000014001F780 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 296timeCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1140 14001f780-14001f7ab call 1400ca9c4 1143 14001f7b3-14001f807 call 1400cb300 SetTimer 1140->1143 1144 14001f7ad-14001f7b2 1140->1144 1147 14001f816-14001f848 GetTickCount 1143->1147 1148 14001f809-14001f811 1143->1148 1150 14001f871-14001f8a4 GetTickCount call 140032530 1147->1150 1151 14001f84a-14001f86a SetTimer 1147->1151 1149 14001f8e5-14001f8f3 1148->1149 1152 14001f8f5-14001f900 1149->1152 1153 14001f93a-14001f9ec call 1400cb300 1149->1153 1158 14001f8a9-14001f8b9 1150->1158 1151->1150 1155 14001f902-14001f905 1152->1155 1156 14001f90b-14001f919 1152->1156 1166 14001f9ee-14001fa0a call 1400b1500 1153->1166 1167 14001fa0f-14001fa1f 1153->1167 1155->1156 1159 14001f91b call 1400cb13c 1156->1159 1160 14001f920-14001f933 call 1400cb134 1156->1160 1162 14001f8bb-14001f8d8 KillTimer 1158->1162 1163 14001f8de 1158->1163 1159->1160 1160->1153 1162->1163 1163->1149 1175 14001fc53-14001fc6f 1166->1175 1168 14001fa21-14001fa25 1167->1168 1169 14001fa28-14001fa33 1167->1169 1168->1169 1172 14001fa45-14001fa4f 1169->1172 1173 14001fa35-14001fa40 call 140006090 1169->1173 1177 14001fa51-14001fa55 1172->1177 1178 14001fa76-14001fa7a 1172->1178 1185 14001fc4e 1173->1185 1177->1178 1180 14001fa57-14001fa71 call 140040760 1177->1180 1181 14001fa7c-14001fa8b call 1400b1bb0 1178->1181 1182 14001fa90-14001fa96 1178->1182 1180->1185 1181->1185 1183 14001fa98-14001faa6 1182->1183 1184 14001faad-14001fabd 1182->1184 1183->1184 1188 14001fc21-14001fc28 1184->1188 1189 14001fac3-14001fad0 1184->1189 1185->1175 1195 14001fc37-14001fc45 1188->1195 1196 14001fc2a-14001fc32 call 1400cb300 1188->1196 1193 14001fad2-14001fad4 1189->1193 1194 14001fae5-14001faed 1189->1194 1197 14001fb22-14001fb26 1193->1197 1198 14001fad6-14001fae0 1193->1198 1194->1197 1199 14001faef-14001faf3 1194->1199 1201 14001fc49 1195->1201 1196->1195 1202 14001fb32-14001fb3a 1197->1202 1203 14001fb28-14001fb2d 1197->1203 1204 14001fc15-14001fc1d 1198->1204 1205 14001faf5-14001fafa 1199->1205 1206 14001fafc-14001fb04 1199->1206 1201->1185 1207 14001fbdc-14001fbe7 1202->1207 1208 14001fb40-14001fb47 1202->1208 1203->1207 1204->1188 1209 14001fb08-14001fb13 call 1400aa420 1205->1209 1206->1209 1213 14001fbe9-14001fbec 1207->1213 1214 14001fbfc 1207->1214 1210 14001fb98-14001fb9f 1208->1210 1211 14001fb49-14001fb55 1208->1211 1209->1201 1229 14001fb19-14001fb1d 1209->1229 1219 14001fba1-14001fba8 1210->1219 1220 14001fbaa-14001fbb1 1210->1220 1216 14001fb57 1211->1216 1217 14001fb5f-14001fb75 1211->1217 1213->1214 1215 14001fbee-14001fbfa call 1400cb13c 1213->1215 1218 14001fbff-14001fc02 1214->1218 1215->1218 1216->1217 1225 14001fb77-14001fb7f 1217->1225 1226 14001fb8e-14001fb96 1217->1226 1223 14001fc04-14001fc0f call 1400ca9c4 1218->1223 1224 14001fc70-14001fc73 1218->1224 1219->1207 1227 14001fbb3-14001fbd3 1220->1227 1228 14001fbd5 1220->1228 1223->1224 1238 14001fc11 1223->1238 1231 14001fc86-14001fc8a 1224->1231 1232 14001fc75-14001fc84 1224->1232 1225->1226 1234 14001fb81-14001fb8b 1225->1234 1226->1207 1227->1207 1228->1207 1229->1204 1235 14001fc8e-14001fcac call 140040760 1231->1235 1232->1235 1234->1226 1235->1201 1238->1204
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno$AllocHeapTimer_callnewhfreemalloc
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 3883470740-457448710
        • Opcode ID: 8afe974486a8d800e565ee9075ffe8f511129c3e096d9f83695b6cb917d219cb
        • Instruction ID: 8f66554224957d9de1fb3b7a0c1da5cc8a2b031ce745352ae12844b27a401f91
        • Opcode Fuzzy Hash: 8afe974486a8d800e565ee9075ffe8f511129c3e096d9f83695b6cb917d219cb
        • Instruction Fuzzy Hash: 6CE1AD72204B8486EB169F22E8903E837A1F74CFD8F544125EF9A1B7B9CB39C491E740
        Function 00000001400CD994 Relevance: 18.1, APIs: 12, Instructions: 93COMMON
        Download Yara Rule

        Control-flow Graph

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _amsg_exit$CommandInfoInitializeLineStartup__wsetargv_cinit_wwincmdln
        • String ID:
        • API String ID: 697445056-0
        • Opcode ID: b4475c2a61ccf680a2b57b882e77c30ad0794943197dd7ee3e36d7eef23a5246
        • Instruction ID: 609180317a09595b3129bb57f799dfd153210b2efc9d7a91502459921f4d60e3
        • Opcode Fuzzy Hash: b4475c2a61ccf680a2b57b882e77c30ad0794943197dd7ee3e36d7eef23a5246
        • Instruction Fuzzy Hash: 86415E3161834286FB6AB7A3A4513ED3291AB8D7C8F00403AB745472F3EF7CC846A652
        Function 0000000140002982 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 220threadwindowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$ClassCurrentDialogDirectoryDragFinishForegroundMessageNameProcessThread
        • String ID: #32770
        • API String ID: 3456408793-463685578
        • Opcode ID: 60cd076971c80a99909ccec28924f312fb6838927afc6aa3ff89a3eec4d90db2
        • Instruction ID: fd0e39c55082546efb900ab456086316c6b45ba5157be4ab6b2f3111c2a1b44d
        • Opcode Fuzzy Hash: 60cd076971c80a99909ccec28924f312fb6838927afc6aa3ff89a3eec4d90db2
        • Instruction Fuzzy Hash: 60B117B2205B818AEB67CF27B8543EA37A4B78DBD4F184115EB4A17BB9DB34D841C740
        Function 00000001400053C0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 318COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1618 1400053c0-1400053e2 1619 1400053e8-1400053ed 1618->1619 1620 1400054ae-1400054c5 call 1400059c0 1618->1620 1621 1400053f0-14000540c call 1400ca93c 1619->1621 1625 1400054cb-14000550a call 1400cd814 1620->1625 1626 140005640-140005650 1620->1626 1629 14000548b 1621->1629 1630 14000540e-14000541f call 1400ca93c 1621->1630 1634 140005543-140005556 1625->1634 1635 14000550c 1625->1635 1633 140005492-1400054a0 1629->1633 1630->1629 1639 140005421-140005432 call 1400ca93c 1630->1639 1633->1621 1637 1400054a6 1633->1637 1640 140005593 1634->1640 1641 140005558-14000555d 1634->1641 1638 140005510-14000552f call 1400ca93c 1635->1638 1637->1620 1650 140005531-140005534 1638->1650 1651 140005536 1638->1651 1653 140005482-140005489 1639->1653 1654 140005434-140005445 call 1400ca93c 1639->1654 1643 140005595-1400055c6 call 14002e5a0 1640->1643 1641->1640 1645 14000555f 1641->1645 1660 1400055c9-1400055dc 1643->1660 1649 140005560-14000557f call 1400ca93c 1645->1649 1662 140005581-140005584 1649->1662 1663 140005586 1649->1663 1657 14000553f-140005541 1650->1657 1658 14000553c 1651->1658 1659 140005620-14000562a 1651->1659 1653->1633 1654->1653 1667 140005447-14000545e call 1400cab94 1654->1667 1657->1634 1657->1638 1658->1657 1659->1660 1664 14000562c-14000563b 1659->1664 1660->1626 1665 1400055de-1400055f9 call 1400a4e40 1660->1665 1668 14000558f-140005591 1662->1668 1663->1659 1669 14000558c 1663->1669 1664->1643 1665->1626 1674 1400055fb-14001ed61 call 1400b1880 call 1400d23d0 GetModuleFileNameW 1665->1674 1675 1400054a8 1667->1675 1676 140005460-140005469 1667->1676 1668->1640 1668->1649 1669->1668 1686 14001ed63-14001ed6a 1674->1686 1687 14001edc5-14001ee04 call 1400ae490 1674->1687 1675->1620 1678 14000546b 1676->1678 1679 14000546e-140005480 call 14001e070 1676->1679 1678->1679 1679->1633 1689 14001ed77-14001ed8b call 1400aa360 1686->1689 1690 14001ed6c-14001ed76 1686->1690 1691 14001ee09-14001ee17 1687->1691 1689->1690 1697 14001ed8d-14001ed9f call 1400cc7cc 1689->1697 1693 14001ee19-14001ee43 call 1400aa420 1691->1693 1694 14001ee7d 1691->1694 1704 14001ee61-14001ee64 1693->1704 1705 14001ee45-14001ee5f call 140040760 1693->1705 1698 14001ee80-14001ee92 1694->1698 1697->1687 1712 14001eda1-14001edc3 call 1400aa360 1697->1712 1699 14001eef2-14001eef4 1698->1699 1700 14001ee94-14001eea9 call 1400cc7cc 1698->1700 1706 14001ef6e-14001ef96 1699->1706 1713 14001eed5 1700->1713 1714 14001eeab-14001eecd call 1400aa360 1700->1714 1710 14001ee76-14001ee7b 1704->1710 1711 14001ee66-14001ee71 call 1400cb300 1704->1711 1705->1698 1710->1698 1711->1710 1712->1687 1712->1690 1720 14001eeda-14001eef0 call 1400aa360 1713->1720 1714->1699 1723 14001eecf-14001eed3 1714->1723 1720->1699 1725 14001eef6-14001eefb 1720->1725 1723->1720 1726 14001ef5e-14001ef6c 1725->1726 1727 14001eefd-14001ef26 call 1400aa420 1725->1727 1726->1706 1730 14001ef45-14001ef48 1727->1730 1731 14001ef28-14001ef43 call 140040760 1727->1731 1733 14001ef5a 1730->1733 1734 14001ef4a-14001ef55 call 1400cb300 1730->1734 1731->1726 1733->1726 1734->1733
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno_invalid_parameter_noinfo$wcsncpy
        • String ID: /ErrorStdOut$/force$/restart$=$A_Args$Out of memory.
        • API String ID: 3818259516-673611611
        • Opcode ID: 30ee42c29ee8abd73bc7f287809120eae1f3a325f3f8523a907cf8667fa0fe56
        • Instruction ID: df151bc6e530dde0a0f471a7549e07a4e02559e32d04c0a7d5ab0e679c69e57f
        • Opcode Fuzzy Hash: 30ee42c29ee8abd73bc7f287809120eae1f3a325f3f8523a907cf8667fa0fe56
        • Instruction Fuzzy Hash: 6ED1DF72205B8181EA26DB26F8403EF63A1F78D7D8F840215BB4D4B6E9EF79C549C700
        Function 000000014000BCF0 Relevance: 12.1, APIs: 8, Instructions: 106windowthreadCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1848 14000bcf0-14000bcfc 1849 14000bd00-14000bd16 GetMessageW 1848->1849 1849->1849 1850 14000bd18-14000bd1f 1849->1850 1851 14000bd21-14000bd26 1850->1851 1852 14000bd36 1850->1852 1853 14000bd28-14000bd2b 1851->1853 1854 14000bd3b-14000bd42 1851->1854 1852->1854 1853->1849 1855 14000bd2d-14000bd34 1853->1855 1856 14000bd44-14000bd4b 1854->1856 1857 14000bd8d-14000bd97 1854->1857 1855->1849 1859 14000bdba-14000bdc6 1856->1859 1860 14000bd4d-14000bd52 1856->1860 1858 14000bd99-14000bda4 UnhookWindowsHookEx 1857->1858 1857->1859 1861 14000bdb3 1858->1861 1862 14000bda6-14000bdb1 GetLastError 1858->1862 1863 14000bdc8-14000bdcb 1859->1863 1864 14000be0b-14000be0e 1859->1864 1865 14000bd62-14000bd87 SetWindowsHookExW 1860->1865 1866 14000bd54-14000bd5d call 14000be90 1860->1866 1861->1859 1862->1859 1862->1861 1867 14000be3d-14000be42 1863->1867 1868 14000bdcd-14000bdd2 1863->1868 1864->1867 1869 14000be10-14000be1b UnhookWindowsHookEx 1864->1869 1865->1859 1871 14000bd89-14000bd8b 1865->1871 1866->1865 1872 14000be63-14000be68 1867->1872 1873 14000be44-14000be5c PostThreadMessageW 1867->1873 1874 14000bdd4-14000bddb call 14000be90 1868->1874 1875 14000bde0-14000be05 SetWindowsHookExW 1868->1875 1876 14000be33-14000be36 1869->1876 1877 14000be1d-14000be28 GetLastError 1869->1877 1871->1859 1872->1849 1878 14000be6e-14000be75 1872->1878 1873->1872 1874->1875 1875->1867 1880 14000be07-14000be09 1875->1880 1876->1867 1877->1876 1881 14000be2a-14000be31 1877->1881 1878->1849 1882 14000be7b-14000be7e 1878->1882 1880->1867 1881->1867 1882->1849 1883 14000be84-14000be8e 1882->1883
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: HookWindows$ErrorLastMessageUnhook$PostThread
        • String ID:
        • API String ID: 2811735471-0
        • Opcode ID: 16d4d3f01b71a8e01d453e2e6db01f33a87422ac06e8696e7cc018ab576d6605
        • Instruction ID: 2e36ca43ca18cf0ac84042a4cd25ea91332eaf64369059a0fe9feacd8af26c6f
        • Opcode Fuzzy Hash: 16d4d3f01b71a8e01d453e2e6db01f33a87422ac06e8696e7cc018ab576d6605
        • Instruction Fuzzy Hash: AC41DFB1105B4981FAA7DB23F894BE9A3D0E75DBD0F080026FB554BAB4EF38C8818741
        Function 000000014002E64C Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 245COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1884 14002e64c-14002e658 call 1400cbb68 1887 14002e672-14002e67c 1884->1887 1888 14002e65a-14002e65c 1884->1888 1892 14002e6cb-14002e6f0 call 14002ec50 1887->1892 1888->1887 1889 14002e65e-14002e670 call 1400cb634 1888->1889 1889->1887 1895 14002e67e-14002e6c5 call 1400ad230 call 140040760 1889->1895 1897 14002e7a1-14002e7ae call 1400aa360 1892->1897 1898 14002e6f6-14002e6f9 1892->1898 1895->1892 1910 14002e9dd 1895->1910 1908 14002e7b3-14002e7be 1897->1908 1900 14002e714-14002e717 1898->1900 1901 14002e6fb-14002e70e call 1400ca93c 1898->1901 1905 14002e719-14002e71f 1900->1905 1906 14002e78d-14002e79c 1900->1906 1901->1897 1901->1900 1905->1910 1912 14002e725-14002e75d call 14002e2a0 1905->1912 1914 14002e9d5-14002e9d8 call 140040760 1906->1914 1909 14002e7c4-14002e7ce 1908->1909 1908->1910 1915 14002e7e3-14002e7eb 1909->1915 1916 14002e7d0-14002e7e0 1909->1916 1919 14002e9df-14002e9f8 1910->1919 1912->1919 1926 14002e763-14002e788 call 14002e5a0 1912->1926 1914->1910 1920 14002e809-14002e815 1915->1920 1921 14002e7ed-14002e7fc call 1400aa4b0 1915->1921 1916->1915 1924 14002e837-14002e852 1920->1924 1925 14002e817-14002e82a call 1400aa4b0 1920->1925 1930 14002e9c7-14002e9ce 1921->1930 1932 14002e802 1921->1932 1924->1930 1931 14002e858-14002e88a call 14001c650 1924->1931 1925->1930 1936 14002e830 1925->1936 1926->1919 1930->1914 1931->1930 1940 14002e890-14002e8be 1931->1940 1932->1920 1936->1924 1943 14002e907-14002e946 1940->1943 1944 14002e8c0-14002e8cc 1940->1944 1952 14002e948-14002e953 1943->1952 1953 14002e955-14002e959 1943->1953 1945 14002e8ec-14002e8fd 1944->1945 1946 14002e8ce-14002e8e4 call 1400cb300 1944->1946 1945->1943 1949 14002e8ff-14002e902 1945->1949 1946->1945 1949->1919 1952->1953 1954 14002e95f-14002e966 1952->1954 1953->1954 1955 14002e968-14002e974 1954->1955 1956 14002e979-14002e97b 1954->1956 1957 14002ea08-14002ea1a call 1400cbba4 1955->1957 1956->1957 1958 14002e981-14002e988 1956->1958 1957->1930 1965 14002ea1c-14002ea4c 1957->1965 1958->1957 1960 14002e98a-14002e991 1958->1960 1962 14002e993-14002e998 1960->1962 1963 14002e9f9-14002ea00 1960->1963 1966 14002e9a7 1962->1966 1967 14002e99a-14002e9a5 1962->1967 1963->1957 1964 14002ea02 1963->1964 1964->1957 1972 14002ea68-14002ea7a 1965->1972 1973 14002ea4e-14002ea63 call 1400cb300 1965->1973 1969 14002e9ab-14002e9c5 call 1400ca9c4 1966->1969 1967->1969 1969->1930 1969->1957 1972->1919 1973->1972
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID: ErrorLevel$Illegal parameter name.$Out of memory.$The following %s name contains an illegal character:"%-1.300s"$_$#@$variable
        • API String ID: 0-1002950332
        • Opcode ID: 4a253c4075ca4afc0b89e78d4de4a40da552ec100a64879d0995958056df1955
        • Instruction ID: e20ac4bb486f400e216ba22a444663530b03c3c63c8afc318dcf4ca588859b31
        • Opcode Fuzzy Hash: 4a253c4075ca4afc0b89e78d4de4a40da552ec100a64879d0995958056df1955
        • Instruction Fuzzy Hash: E3C18D32205BC586EBA69B16E0403D963A1F78DBD4F54012AEB8D07BB9EF39C995C740
        Function 000000014001E5C0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 185comCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1976 14001e5c0-14001e81b call 1400d07d0 call 1400a1530 1981 14001e81d-14001e83d call 140040760 call 14001fd00 1976->1981 1982 14001e83f 1976->1982 1983 14001e843-14001e84b 1981->1983 1982->1983 1985 14001e851-14001e880 call 14002e2a0 1983->1985 1986 14001e8d9-14001e908 call 14002e2a0 1983->1986 1996 14001e882-14001e8a3 call 14002e5a0 1985->1996 1997 14001e8ab-14001e8ae 1985->1997 1994 14001e932-14001e935 1986->1994 1995 14001e90a-14001e92f call 14002e5a0 1986->1995 1999 14001e937-14001e93b 1994->1999 2000 14001e960-14001e980 InitializeCriticalSection OleInitialize 1994->2000 1995->1994 2006 14001e8a8 1996->2006 1997->1986 2002 14001e8b0-14001e8b4 1997->2002 2004 14001e941-14001e945 1999->2004 2005 14001e93d 1999->2005 2007 14001e8b6 2002->2007 2008 14001e8ba-14001e8be 2002->2008 2004->2000 2009 14001e947-14001e95c call 140001130 2004->2009 2005->2004 2006->1997 2007->2008 2008->1986 2010 14001e8c0-14001e8d5 call 140001130 2008->2010 2009->2000 2010->1986
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Initialize$CriticalSectionmalloc
        • String ID: A_Clipboard$Clipboard$No tray mem$Tray
        • API String ID: 2052168798-66866361
        • Opcode ID: ed2499b9edc8328269fbca50d421fff63701b1881e1851b1e7a3dc92aee2b278
        • Instruction ID: 34c4ee07c10a01aecee0d8bc948f6e5a51b5fd2068c90f0e7f9a28d9235baf38
        • Opcode Fuzzy Hash: ed2499b9edc8328269fbca50d421fff63701b1881e1851b1e7a3dc92aee2b278
        • Instruction Fuzzy Hash: 78B1F271104B4485FB1B8B57BD80BC9B7E8BB6CB98F58021ADB890BBB1DB78C554C740
        Function 00000001400026CF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64threadwindowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$ClassCurrentDialogDirectoryForegroundMessageNameProcessThread
        • String ID: #32770
        • API String ID: 2633243691-463685578
        • Opcode ID: 39f3f6b2c820b2adc62ec0c46248f4b1bb58d213936c8f867b0529768ee1e0a8
        • Instruction ID: 2df3fe5cf134a09a3c39c27088c360e089d1495c2714eb68477407849d860956
        • Opcode Fuzzy Hash: 39f3f6b2c820b2adc62ec0c46248f4b1bb58d213936c8f867b0529768ee1e0a8
        • Instruction Fuzzy Hash: 343145B1205B4586FB67CB16F9443E837A0A74DB98F180026EB0A276B4DF78D989C641
        Function 000000014000B4EE Relevance: 9.2, APIs: 6, Instructions: 189threadwindowsleepCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Thread$Message$CountCreatePeekPostPrioritySleepTick
        • String ID:
        • API String ID: 2785037528-0
        • Opcode ID: 6f2903994f9f0dd071cb65601b94e17217e65a96a21375288ae1fb37526dfa2d
        • Instruction ID: 0ba042fe028a092e18cc6b09935748a84d61711e1a6cb0792fc9e4c8f37b989b
        • Opcode Fuzzy Hash: 6f2903994f9f0dd071cb65601b94e17217e65a96a21375288ae1fb37526dfa2d
        • Instruction Fuzzy Hash: 2891AFB261479581E7AACB07E0507FA37A4FB5DB95F848122EB49077B1DB3DC8A4D310
        Function 000000014000B521 Relevance: 9.2, APIs: 6, Instructions: 189threadwindowsleepCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Thread$Message$CountCreatePeekPostPrioritySleepTick
        • String ID:
        • API String ID: 2785037528-0
        • Opcode ID: eb8891a3af8560fa8eee4a6e94b86ffb8101f849493c6342d1562406fb7e3f63
        • Instruction ID: 19b65fbb63ceac6258a053ee7b8882423f92cdae53e3f65395be620b60548393
        • Opcode Fuzzy Hash: eb8891a3af8560fa8eee4a6e94b86ffb8101f849493c6342d1562406fb7e3f63
        • Instruction Fuzzy Hash: D591BEB261479581E7AACB07E0507FA37A4FB5DB94F848122EB89077B1DB3CC8A4D310
        Function 000000014000B555 Relevance: 9.2, APIs: 6, Instructions: 188threadwindowsleepCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Thread$Message$CountCreatePeekPostPrioritySleepTick
        • String ID:
        • API String ID: 2785037528-0
        • Opcode ID: 3668caed14cebb90389da379cf07514920ee0517db728a7c123ceef38ad945e7
        • Instruction ID: ac9088f559e68c99835174571333dc1872e99b82857aeb2c91a9fa042a092975
        • Opcode Fuzzy Hash: 3668caed14cebb90389da379cf07514920ee0517db728a7c123ceef38ad945e7
        • Instruction Fuzzy Hash: 2A91AEB261479581E7AACB07E0507FA37A4FB5DB94F848122EB89077B1DB3DC8A4D310
        Function 0000000140036C57 Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 2836 140036c57-140036c6f call 14004dfc0 2838 140036c74-140038a7c 2836->2838 2841 140038a82-140038aa1 2838->2841 2842 140038e5e-140038e8b 2838->2842 2841->2842 2844 140038aa7-140038ab5 2841->2844 2845 140038ac1 2844->2845 2846 140038ac5-140038ac8 2845->2846 2847 140038e5c 2846->2847 2848 140038ace-140038ad0 2846->2848 2847->2842 2850 140032611-14003262e GetTickCount 2848->2850 2851 1400325e0-1400325e8 2848->2851 2854 140032667-14003266e 2850->2854 2855 140032630-14003264d PeekMessageW 2850->2855 2852 1400325ea-1400325f7 GlobalUnlock 2851->2852 2853 1400325fe-14003260a CloseClipboard 2851->2853 2852->2853 2853->2850 2856 1400326a4-1400326b2 2854->2856 2857 140032670-140032677 2854->2857 2858 140032659-140032661 GetTickCount 2855->2858 2859 14003264f-140032654 call 140001a70 2855->2859 2862 1400326b4-1400326b7 2856->2862 2863 1400326b9-1400326bf 2856->2863 2857->2856 2861 140032679-140032682 2857->2861 2858->2854 2859->2858 2861->2856 2864 140032684-140032689 2861->2864 2862->2863 2865 1400326cb-1400326d7 call 140001a70 2862->2865 2866 1400326c1-1400326c9 2863->2866 2867 1400326de-1400326e5 2863->2867 2868 14003268b-14003269c 2864->2868 2869 14003269e-1400326a1 2864->2869 2865->2867 2866->2865 2866->2867 2871 1400326e7 2867->2871 2872 14003270c-14003271f 2867->2872 2868->2856 2869->2856 2873 1400326f0-140032703 call 140001a70 2871->2873 2874 140032721-140032768 GetTickCount 2872->2874 2875 14003276d-140032773 2872->2875 2883 140032705 2873->2883 2874->2875 2878 1400327b1 2875->2878 2879 140032775-140032777 2875->2879 2881 1400327b8-1400327c4 2878->2881 2879->2878 2882 140032779-140032782 2879->2882 2885 1400327ca-1400327ce 2881->2885 2886 14003297e-140032991 2881->2886 2882->2881 2884 140032784-14003279d call 14008a1c0 2882->2884 2883->2872 2884->2842 2896 1400327a3-1400327af 2884->2896 2885->2886 2890 1400327d4-1400327e9 call 140039350 2885->2890 2888 140033c97-140033cc4 2886->2888 2889 140032997-1400329aa 2886->2889 2892 140038e51-140038e53 2888->2892 2893 140033cca-140033cd4 2888->2893 2897 140033c26-140033c2a 2889->2897 2899 1400328b6-1400328c8 2890->2899 2900 1400327ef-1400327fb 2890->2900 2892->2842 2898 140038ab7 2893->2898 2896->2881 2897->2898 2903 140038abc 2898->2903 2904 14003296c-140032973 2899->2904 2905 1400328ce-1400328d5 2899->2905 2901 14003282f-14003284d call 140032530 2900->2901 2902 1400327fd 2900->2902 2917 140032852-140032855 2901->2917 2906 140032800-14003282b call 140032530 2902->2906 2903->2845 2904->2847 2908 140032979 2904->2908 2909 1400328d7 2905->2909 2910 14003290f-14003292d call 140032530 2905->2910 2921 14003282d 2906->2921 2908->2845 2914 1400328e0-14003290b call 140032530 2909->2914 2920 140032932-140032939 2910->2920 2923 14003290d 2914->2923 2917->2845 2922 14003285b-140032862 2917->2922 2924 140038ad5-140038adc 2920->2924 2925 14003293f-140032942 2920->2925 2921->2917 2926 140038ae1-140038aea 2922->2926 2927 140032868-14003286b 2922->2927 2923->2920 2924->2847 2925->2924 2928 140032948-14003294b 2925->2928 2926->2842 2927->2926 2929 140032871-140032874 2927->2929 2928->2897 2930 140032951-140032959 2928->2930 2931 140032891-1400328a2 2929->2931 2932 140032876-14003287e 2929->2932 2933 140038aef-140038afb 2930->2933 2934 14003295f-140032967 2930->2934 2931->2846 2935 1400328a8-1400328b1 2931->2935 2932->2924 2936 140032884-14003288c 2932->2936 2933->2842 2933->2892 2934->2903 2935->2846 2936->2845
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 32c4a221dbbddeb90f78db417bacdbfc2be93c834418e794d7a2c37c98ac6879
        • Instruction ID: a2fbf90fff0e3be7ab64733bd63c16797d57b2a71fd77f5f22b8deaea7f4c573
        • Opcode Fuzzy Hash: 32c4a221dbbddeb90f78db417bacdbfc2be93c834418e794d7a2c37c98ac6879
        • Instruction Fuzzy Hash: AB917D32605B4486FB6B8B27E9847EA37A1F74DBE4F540116EB5A876F5CB38C881C740
        Function 0000000140056A91 Relevance: 7.5, APIs: 5, Instructions: 44timeclipboardCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 2938 140056a91-140056a98 2939 140056a9a-140056aa1 2938->2939 2940 140056acb-140056af4 GetCurrentProcessId EnumWindows 2938->2940 2941 140056ab7-140056ac4 CloseClipboard 2939->2941 2942 140056aa3-140056ab0 GlobalUnlock 2939->2942 2943 140056961-140056963 2940->2943 2944 140056afa-140056b12 call 1400b2670 2940->2944 2941->2940 2942->2941 2946 1400568a0-1400568c9 2943->2946 2944->2943 2949 140056b18-140056b34 SetTimer 2944->2949 2949->2946
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ClipboardCloseCurrentEnumGlobalProcessTimerUnlockWindows
        • String ID:
        • API String ID: 555064778-0
        • Opcode ID: b3aa6cb8a8f5b3ded0d6dcd204e045097ae81de683c751879e1074c6204f0191
        • Instruction ID: 1aa1a896c3b13dfc405faa8ba5e5f1160fa57b842e8c45d78e90df4c3ad6bb2a
        • Opcode Fuzzy Hash: b3aa6cb8a8f5b3ded0d6dcd204e045097ae81de683c751879e1074c6204f0191
        • Instruction Fuzzy Hash: 0621F336205B8685EB56CF62E8807D973A4F74CBE4F584026EB4967634DE78C885CB40
        Function 000000014000CD80 Relevance: 6.4, APIs: 4, Instructions: 379registrytimeCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Unregister$RegisterTimer
        • String ID:
        • API String ID: 1006365865-0
        • Opcode ID: 1a3cb21ec15428c6f4588a15878fa62b0b7a0eac8c9de4d73d5138e3bfe7ad8b
        • Instruction ID: a3b69c14189f9f8b403d18b09b6e2fe1963c99262312e42ede6895cc9cc4e967
        • Opcode Fuzzy Hash: 1a3cb21ec15428c6f4588a15878fa62b0b7a0eac8c9de4d73d5138e3bfe7ad8b
        • Instruction Fuzzy Hash: CA02CFB25156C495FB67CB23A4007E93BE1A31DBD8F08411BEB99076F2C739C999D322
        Function 0000000140005810 Relevance: 4.5, APIs: 3, Instructions: 41COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: System$ClassInfoParametersRegister$CursorLoadMetricsmalloc
        • String ID:
        • API String ID: 2336117585-0
        • Opcode ID: adeeed114d63920d911f1c57e51d90b0419fcba936161dfe887f5c35c37e2175
        • Instruction ID: aa6dd1fc03d2a4c48dc0af4e102b70f09245cbb967c09fcaf673b4fba339693a
        • Opcode Fuzzy Hash: adeeed114d63920d911f1c57e51d90b0419fcba936161dfe887f5c35c37e2175
        • Instruction Fuzzy Hash: D7015E70B0474081FB5AEB57B8957D66291ABCDB85F8C8039AF4C5B6F1EE3CC5858710
        Function 000000014004E3D2 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ProcessProcess32$ClassCloseCreateCurrentFirstHandleNextOpenPrioritySnapshotToolhelp32
        • String ID:
        • API String ID: 1771318894-0
        • Opcode ID: ef9edbf377b2a7e840aff60de5adf9dbd7feb1d909d8ca876a573373a60b7605
        • Instruction ID: 22852bffbe32204ec63ac2b8123a67d6999aa8dde5f465185d5f597d01fc84a2
        • Opcode Fuzzy Hash: ef9edbf377b2a7e840aff60de5adf9dbd7feb1d909d8ca876a573373a60b7605
        • Instruction Fuzzy Hash: 0EF0AF72B0064082FB139B6BA4183E912C1ABCDBE1F494031AF09473B1EE38C8868254
        Function 000000014004E3E0 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ProcessProcess32$ClassCloseCreateCurrentFirstHandleNextOpenPrioritySnapshotToolhelp32
        • String ID:
        • API String ID: 1771318894-0
        • Opcode ID: 829747cd70cd14996132b1a41e8b31b91bc1ca2e923c335aa63b5f1ae09952db
        • Instruction ID: 97446a14954eb81cfb5d31a3bc8f7032dad3a6429b7651870dff7d1687a30977
        • Opcode Fuzzy Hash: 829747cd70cd14996132b1a41e8b31b91bc1ca2e923c335aa63b5f1ae09952db
        • Instruction Fuzzy Hash: 0FF04F72B0164082FB179B6BA4583E912C1ABCDBE1F494135AF09473B5EE78C8868755
        Function 000000014004E3D9 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ProcessProcess32$ClassCloseCreateCurrentFirstHandleNextOpenPrioritySnapshotToolhelp32
        • String ID:
        • API String ID: 1771318894-0
        • Opcode ID: 7bc28cbb1aa2dc1b34b64ab0a1e17be295b47b07b2ae33ddfedccb265c5af020
        • Instruction ID: cb3374f4a5296659f8141f99a3e3a60566b93ec14164019558d3a217bdedb968
        • Opcode Fuzzy Hash: 7bc28cbb1aa2dc1b34b64ab0a1e17be295b47b07b2ae33ddfedccb265c5af020
        • Instruction Fuzzy Hash: 76F04F72B0164082FB179B6BA4583E912C1ABCDBE1F494135AF09473B5EE78C8868655
        Function 000000014004E3E7 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ProcessProcess32$ClassCloseCreateCurrentFirstHandleNextOpenPrioritySnapshotToolhelp32
        • String ID:
        • API String ID: 1771318894-0
        • Opcode ID: 9f7139f11e06a6345e544bf262a077ee3d70ffd5ff0a43ef230029bd4e193804
        • Instruction ID: 9e6652d27a0b8c89e48e43d5dfa14592c95d0e39f5d4b2e24a50f057e2a3f813
        • Opcode Fuzzy Hash: 9f7139f11e06a6345e544bf262a077ee3d70ffd5ff0a43ef230029bd4e193804
        • Instruction Fuzzy Hash: 28F0C232B0064083FB139B7BA4583E912C1ABCDBE1F494035AF05473B1EE38C8868350
        Function 000000014004E3EB Relevance: 4.5, APIs: 3, Instructions: 38COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ProcessProcess32$ClassCloseCreateCurrentFirstHandleNextOpenPrioritySnapshotToolhelp32
        • String ID:
        • API String ID: 1771318894-0
        • Opcode ID: 14958583bcd16c9cd936544688cd73251a04f4824191377e74294f93251e4b9c
        • Instruction ID: 2ee11113112613932fc6b43a36abc71ec63443c92b1d68fd3aa7e46580b46165
        • Opcode Fuzzy Hash: 14958583bcd16c9cd936544688cd73251a04f4824191377e74294f93251e4b9c
        • Instruction Fuzzy Hash: 07F04F72B0164042FB079B6BA4583E912C16BCDBE1F494135AF09473B5EE78C8868250
        Function 000000014000BE90 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 139COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: FindWindow
        • String ID: #32771
        • API String ID: 134000473-1822717788
        • Opcode ID: c6008a0b0e0e542c63bdf14c3264bed1d516f3078ff36275700f98caa614bba4
        • Instruction ID: 23a10c22c2ecffa83aee5b63840c17901200db1134498e78a575db741932760d
        • Opcode Fuzzy Hash: c6008a0b0e0e542c63bdf14c3264bed1d516f3078ff36275700f98caa614bba4
        • Instruction Fuzzy Hash: 2A6124725263C0C5E717CF1AE468BD97BA5FB2D780F89802AEB48473B6E73A8045C715
        Function 00000001400AAB90 Relevance: 3.1, APIs: 2, Instructions: 106COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Info
        • String ID:
        • API String ID: 1807457897-0
        • Opcode ID: 1a90680036c19e922d6c52027731fdc606d85e7d379e83badf0b7055807d3c2c
        • Instruction ID: e81c79421bb14a7be2457c43d923f3a937507750e9e2d4301a6a03fade4ed29e
        • Opcode Fuzzy Hash: 1a90680036c19e922d6c52027731fdc606d85e7d379e83badf0b7055807d3c2c
        • Instruction Fuzzy Hash: 82415D72604B4086FB668F26E45439977A1E7AEBE4F488215EB45077E8CB3DC881CB41
        Function 0000000140056A05 Relevance: 3.1, APIs: 2, Instructions: 51windowtimeCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Message$Post$SendTimeout$ProcWindow
        • String ID:
        • API String ID: 2617672042-0
        • Opcode ID: 452e0cbbef118e0098b41bc898a5ecd7b5c503e8964b8024d1a303133481c515
        • Instruction ID: dbf8fa8167f1aa047b5a89bb4eea0efaf6aafdde3deddb13f6630b496da13ff6
        • Opcode Fuzzy Hash: 452e0cbbef118e0098b41bc898a5ecd7b5c503e8964b8024d1a303133481c515
        • Instruction Fuzzy Hash: AA11A03131028085EFB6CB3794047EA2391E74CBD8F584912EF09277B0CE3AC842C700
        Function 00000001400562E2 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: FocusProcWindow
        • String ID:
        • API String ID: 1691694861-0
        • Opcode ID: 7f6fdec764571e86f1907e6865b635a467b3a95f3365bcbffd90c40c78c863ad
        • Instruction ID: 43be29760b6003af43ff3aabb428fde74b4e2e7218dfc3684602e9a5ca2171b3
        • Opcode Fuzzy Hash: 7f6fdec764571e86f1907e6865b635a467b3a95f3365bcbffd90c40c78c863ad
        • Instruction Fuzzy Hash: 8CF0E536220A84C9D6A6CB53A8083DA7325F78DFE8F984452DF4967778CE39C886C740
        Function 0000000140005300 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
        Download Yara Rule
        APIs
        • SetErrorMode.KERNELBASE ref: 0000000140005310
          • Part of subcall function 0000000140063E20: GetCurrentDirectoryW.KERNEL32(?,000000014000531D), ref: 0000000140063E3C
          • Part of subcall function 0000000140005660: FindWindowW.USER32 ref: 00000001400056EC
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CurrentDirectoryErrorFindModeWindow
        • String ID:
        • API String ID: 2401824476-0
        • Opcode ID: 8e5bb56eea2d6c595b5c99b0194fd3963056dda9a204920914395c88226d3757
        • Instruction ID: a767f65e330600fcd84777f9cc0cdf34d132e03d461d7ff85166b88e96f2a39c
        • Opcode Fuzzy Hash: 8e5bb56eea2d6c595b5c99b0194fd3963056dda9a204920914395c88226d3757
        • Instruction Fuzzy Hash: 4C3191B1A1160481FB5BFB23B8553EB22D1AB4E7E1F800525B72A8B2F1EE7CC5848310
        Function 0000000140056303 Relevance: 1.5, APIs: 1, Instructions: 28windowtimeCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Message$PostSendTimeout$ProcWindow
        • String ID:
        • API String ID: 2241355032-0
        • Opcode ID: 52b3c87fc0582bffd949f044ad4d3b2e21c1a90051e58b688e997ea240a15d43
        • Instruction ID: e8bd0f09ae92e8976c601995abb46682831f5666f2fb82043f7a4eea84b7b487
        • Opcode Fuzzy Hash: 52b3c87fc0582bffd949f044ad4d3b2e21c1a90051e58b688e997ea240a15d43
        • Instruction Fuzzy Hash: 19F08C3160468089EABBDB23A9047EA6354F75DBE4F880552EF49177B8CE39C882C701
        Function 00000001400562AF Relevance: 1.5, APIs: 1, Instructions: 27windowtimeCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Message$PostSendTimeout$ProcWindow
        • String ID:
        • API String ID: 2241355032-0
        • Opcode ID: 73769f3404a28d8316fd93cc677cfca1075c57be5523aa1eb7f863a1f34821c0
        • Instruction ID: 51854d67a934218697dbb0bed4505ae7712fb3b0623df01f16fe71c5103f5623
        • Opcode Fuzzy Hash: 73769f3404a28d8316fd93cc677cfca1075c57be5523aa1eb7f863a1f34821c0
        • Instruction Fuzzy Hash: 0FF0E231220A8094EBA2DB33A8083E63311F74CBF4F880202EF59537B4CE35C482C700
        Function 0000000140056330 Relevance: 1.5, APIs: 1, Instructions: 27windowtimeCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Message$PostSendTimeout$DrawIconProcWindow
        • String ID:
        • API String ID: 2027319081-0
        • Opcode ID: 08578b2a9eee807a6cd43f69dd54896c4b6916bfde4dd0ba2f78ade3ed896f34
        • Instruction ID: 1af1e95ca84cacf10ff083a3b160eb6954cdc5e7fa65472f6dec53d82aed3348
        • Opcode Fuzzy Hash: 08578b2a9eee807a6cd43f69dd54896c4b6916bfde4dd0ba2f78ade3ed896f34
        • Instruction Fuzzy Hash: 4AF0A03170468089EABBDB23A9047E66354F75CFE4F880552EF48177B8DE39C882C701
        Function 000000014005625B Relevance: 1.5, APIs: 1, Instructions: 23COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ProcWindow
        • String ID:
        • API String ID: 181713994-0
        • Opcode ID: a1a2dc6b5c5f2252d2a6f71790d7efdfbdae763811175e89f4c7e69d753ad5bf
        • Instruction ID: 09ac8345ab926d3f659aa5b10624fa1af9c94c2182bb39313a7b5bdfb659d8d7
        • Opcode Fuzzy Hash: a1a2dc6b5c5f2252d2a6f71790d7efdfbdae763811175e89f4c7e69d753ad5bf
        • Instruction Fuzzy Hash: 10F0A936220A84D5D6A2DB12E4087DA2321F78CBE8F844412DF4813738CE34C88ACB40
        Function 0000000140056B39 Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountMessagePostTick
        • String ID:
        • API String ID: 1233319983-0
        • Opcode ID: 559b25f915f190700bafda9ec81ed6373ac053419a0defaa4b3700ea00f2d7c2
        • Instruction ID: dbf9eac6577d8fa7336361ee20d3d890234e70cc5ed3963604f3a4ff82f5720a
        • Opcode Fuzzy Hash: 559b25f915f190700bafda9ec81ed6373ac053419a0defaa4b3700ea00f2d7c2
        • Instruction Fuzzy Hash: 00E08636314AC1C4D7A2CB63A4043DA5315F74CFD4F984052EF8963765DE35D846C300
        Function 00000001400AA8E0 Relevance: 1.3, APIs: 1, Instructions: 35COMMON
        Download Yara Rule
        APIs
        • malloc.LIBCMT ref: 00000001400AA8FB
          • Part of subcall function 00000001400CA9C4: _FF_MSGBANNER.LIBCMT ref: 00000001400CA9F4
          • Part of subcall function 00000001400CA9C4: HeapAlloc.KERNEL32(?,?,00000000,00000001400D0AC0,?,?,00000000,00000001400CF2FD,?,?,?,00000001400CF3A7,?,?,00000000,00000001400CE795), ref: 00000001400CAA19
          • Part of subcall function 00000001400CA9C4: _callnewh.LIBCMT ref: 00000001400CAA32
          • Part of subcall function 00000001400CA9C4: _errno.LIBCMT ref: 00000001400CAA3D
          • Part of subcall function 00000001400CA9C4: _errno.LIBCMT ref: 00000001400CAA48
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno$AllocHeap_callnewhmalloc
        • String ID:
        • API String ID: 908589684-0
        • Opcode ID: e8415347e7a035ba761bbc2622fb1c7cb660b6b0b126d0e4fd6f6fb66c3e52f0
        • Instruction ID: c81b00bb37ac1c51701ff997527113ff163bba93f9151a614237ab336f08699d
        • Opcode Fuzzy Hash: e8415347e7a035ba761bbc2622fb1c7cb660b6b0b126d0e4fd6f6fb66c3e52f0
        • Instruction Fuzzy Hash: 70F0813270464086EF95CF2AE08436D23A1E79CB98F195125EB4D47399DB38C8C1CB00
        Function 00000001400AA4B0 Relevance: 1.3, APIs: 1, Instructions: 28COMMON
        Download Yara Rule
        APIs
        • malloc.LIBCMT ref: 00000001400AA4D5
          • Part of subcall function 00000001400CA9C4: _FF_MSGBANNER.LIBCMT ref: 00000001400CA9F4
          • Part of subcall function 00000001400CA9C4: HeapAlloc.KERNEL32(?,?,00000000,00000001400D0AC0,?,?,00000000,00000001400CF2FD,?,?,?,00000001400CF3A7,?,?,00000000,00000001400CE795), ref: 00000001400CAA19
          • Part of subcall function 00000001400CA9C4: _callnewh.LIBCMT ref: 00000001400CAA32
          • Part of subcall function 00000001400CA9C4: _errno.LIBCMT ref: 00000001400CAA3D
          • Part of subcall function 00000001400CA9C4: _errno.LIBCMT ref: 00000001400CAA48
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errnomalloc$AllocHeap_callnewh
        • String ID:
        • API String ID: 3069281513-0
        • Opcode ID: dce769f4384ba7f9329884e7849865cb8c0fa210c1ebbf421af3de28cba1bde4
        • Instruction ID: cc2869e1643afeacdc4934b6a57c6d6c748a122b421dba749d8fb7c5255d004d
        • Opcode Fuzzy Hash: dce769f4384ba7f9329884e7849865cb8c0fa210c1ebbf421af3de28cba1bde4
        • Instruction Fuzzy Hash: D3F01531642B0481EB5F9B67A4653A822D0EB9DB84F081528BF890B3E2EF7C84E18750

        Non-executed Functions

        Function 0000000140015000 Relevance: 84.7, APIs: 42, Strings: 6, Instructions: 746threadkeyboardlibraryCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Thread$CountTickWindow$Process$AsyncCloseHandleInputState$AddressAttachBlockCreateCurrentErrorForegroundFreeInfoKeyboardLastLayoutLibraryMessageMutexPeekProc_errno_invalid_parameter_noinfo
        • String ID: AHK Keybd$KbdLayerDescriptor$^+!#{}${Blind}${Click${Text}
        • API String ID: 4276635616-2714328142
        • Opcode ID: 59a7694801dc7813bc4d93d965764625739caa19ed8db1c2fdb9cad20351eab2
        • Instruction ID: 0860cf20998349ac46e59709059a1ad11ae8c3e82860a789d493fd3134482ed3
        • Opcode Fuzzy Hash: 59a7694801dc7813bc4d93d965764625739caa19ed8db1c2fdb9cad20351eab2
        • Instruction Fuzzy Hash: 0772DE322046808AF76B9F37A8503E93BA1E74DB99F484119FB560F6F5DB3AC944C750
        Function 0000000140059490 Relevance: 53.5, APIs: 15, Strings: 15, Instructions: 1026COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: wcsncpy
        • String ID: $%03d$LongDate$Memory limit reached (see #MaxMem in the help file).$Out of memory.$ShortDate$Sys$Time$WDay$YDay$YDay0$YWeek$YearMonth$dMyg$hHmst
        • API String ID: 322933527-1989723997
        • Opcode ID: 38cbedc918e546283e374eda6a316d214977181464338bf7a9308a5e35d7ace9
        • Instruction ID: f094ba77bebd9a3990d619dc445c7f06b459f7537eaba7ee8b73b16baf7b6a80
        • Opcode Fuzzy Hash: 38cbedc918e546283e374eda6a316d214977181464338bf7a9308a5e35d7ace9
        • Instruction Fuzzy Hash: E292123260868086EB62CF27D5417EE67A6FB9D7D4F454116FB8A476F8EB3AC845C300
        Function 00000001400612A0 Relevance: 51.4, APIs: 19, Strings: 10, Instructions: 692COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: mixer$Close$Line$Info$ControlDetailsfree$CapsControlsOpen_wcstoi64malloc
        • String ID: $Can't Change Setting$Can't Get Current Setting$Can't Open Specified Mixer$Component Doesn't Support This Control Type$Memory limit reached (see #MaxMem in the help file).$Mixer Doesn't Have That Many of That Component Type$Mixer Doesn't Support This Component Type$Off$Out of memory.
        • API String ID: 1278014356-3934002841
        • Opcode ID: 5bcaef830cf30f64d29c6108cff121e107a57f944d8335d673c76b0379514d4e
        • Instruction ID: bb15fa6409e08cbcdf131759eaec7dde90ddef0f16fbf5f6a193b4e3b657ff69
        • Opcode Fuzzy Hash: 5bcaef830cf30f64d29c6108cff121e107a57f944d8335d673c76b0379514d4e
        • Instruction Fuzzy Hash: FE62CF32214A8186EB628B27D8543EE63A6F7CC7D8F684A11FB4E17BB4DB78C545C740
        Function 0000000140003236 Relevance: 46.2, APIs: 23, Strings: 3, Instructions: 730windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$Long$MessageRectSend$free$ClientDragFinishScreenShow
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$call
        • API String ID: 1298873099-3963558559
        • Opcode ID: 40b7f8bf0a042c4511a4156588bcb4cde021b6ad3e565325829d5f095b8f7e8f
        • Instruction ID: ceb96e6e940a86436d1104c4e662abd7b2f3a10282a9207ffcfeb287d8b57534
        • Opcode Fuzzy Hash: 40b7f8bf0a042c4511a4156588bcb4cde021b6ad3e565325829d5f095b8f7e8f
        • Instruction Fuzzy Hash: 9F72BCB2604B848AEB67CF26E4447ED37A9F74CBD8F554225EB4A17BA8DB38C540C740
        Function 000000014009E240 Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 252windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$Rect$FocusMessageSendShow$InvalidateLong$EnableIconicPointsPropUpdateVisible
        • String ID: ahk_dlg
        • API String ID: 2875520219-2093416220
        • Opcode ID: 68c8d808155ae5766832122fd42fb1921bac80d3489f7ef294baf8f57cf22d8b
        • Instruction ID: e6f5c87fc398643b063a8809f91e205ab52c95b8707eaf4d0365a99a1d36e6bb
        • Opcode Fuzzy Hash: 68c8d808155ae5766832122fd42fb1921bac80d3489f7ef294baf8f57cf22d8b
        • Instruction Fuzzy Hash: BFB17232108AC086EB628B27E5547AB67A1F78CBD9F148115FF8A07AB5DF38CD84C750
        Function 000000014007B170 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 192windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$CreateSystem$Metrics$FontObject$CapsClientDeleteDestroyDeviceEnumFaceFamiliesInfoMessageParametersRectSelectSendShowStockTextwcsncpy
        • String ID: AutoHotkey2$DISPLAY$Segoe UI$static
        • API String ID: 318928480-4085670783
        • Opcode ID: 3d9e7554f856616607bdba244c398c7b843aa41e97c6d1c648e04fae9b795416
        • Instruction ID: 31d5d4e9383a9daa4673fe859a93be3b694af2c3670b88ac9da1f2bd46cb53c8
        • Opcode Fuzzy Hash: 3d9e7554f856616607bdba244c398c7b843aa41e97c6d1c648e04fae9b795416
        • Instruction Fuzzy Hash: E6917C72204B818AE755CF66F8807DA77A4F78CB94F140129EB8A67B78CB3DC485CB40
        Function 000000014007F440 Relevance: 39.8, APIs: 15, Strings: 7, Instructions: 1251comCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: free$malloc$CreateInitializeInstanceUninitialize
        • String ID: $ $ $ $ $Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 3846668080-3083028912
        • Opcode ID: 8efa29bb937e9688e4e937eb5313fd3027c3e58f69e2ed9fdacb05ea4b845542
        • Instruction ID: 24d23ebf811e875dc21f519999cbb223ad35fc2322bc0f284fa2c5a4035c2a4a
        • Opcode Fuzzy Hash: 8efa29bb937e9688e4e937eb5313fd3027c3e58f69e2ed9fdacb05ea4b845542
        • Instruction Fuzzy Hash: F3C2FC32304B8482FBA38B26D0587EA23A2FB4CBD8F554612FB5A176F5EB78C545D311
        Function 00000001400D7030 Relevance: 39.6, APIs: 26, Instructions: 573fileCOMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno$ErrorFileLast$CloseCreateHandle__doserrno_lseek_nolock$_invalid_parameter_noinfo$Type_get_daylight
        • String ID:
        • API String ID: 6860575-0
        • Opcode ID: 445b1690d209de46c1df0dfb894a0b52653c4a4e6651d37fa25beeaca9a11dea
        • Instruction ID: 07816edda11750760eab9b0d84292ae9485dd87831621d75fdcba698ae89c25c
        • Opcode Fuzzy Hash: 445b1690d209de46c1df0dfb894a0b52653c4a4e6651d37fa25beeaca9a11dea
        • Instruction Fuzzy Hash: DF32E532710A5089FB678B7AD450BEC26A1AB4C7E8F544615FF1A877F5EB38C842C721
        Function 00000001400B30D0 Relevance: 37.5, APIs: 19, Strings: 2, Instructions: 703windowtimememoryCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageProcessSendTimeout$CloseCountHandleTickVirtualWindow$AllocFreeMemoryOpenReadThread
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 2761252263-457448710
        • Opcode ID: 4e148e458d5288412ee9f6f7c3cd070bcefc5ca313b2385e7b3221fab8e4dd75
        • Instruction ID: ead2ff81f1ff95c29bd010f9c56181b48e695424291b4e408234bc24f66c1db5
        • Opcode Fuzzy Hash: 4e148e458d5288412ee9f6f7c3cd070bcefc5ca313b2385e7b3221fab8e4dd75
        • Instruction Fuzzy Hash: 0262DC72204E8496EA739FA7E5143EA63B1F74CBD4F644512FB9A17AB5EB78C484C300
        Function 0000000140062100 Relevance: 34.1, APIs: 10, Strings: 9, Instructions: 824comCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: powf$freemalloc$CreateInstance_wcstoi64
        • String ID: Can't Change Setting$Can't Get Current Setting$Can't Open Specified Mixer$Component Doesn't Support This Control Type$Memory limit reached (see #MaxMem in the help file).$Mixer Doesn't Have That Many of That Component Type$Mixer Doesn't Support This Component Type$Off$Out of memory.
        • API String ID: 545791434-609076530
        • Opcode ID: 3b3f29247c2570ac68965ad940f4be1a35e1323ce43aa06a5d6118ad62416587
        • Instruction ID: 4fe8900142f2625c942088093b6c1168b90d48ef294a9f323286c306f438c17b
        • Opcode Fuzzy Hash: 3b3f29247c2570ac68965ad940f4be1a35e1323ce43aa06a5d6118ad62416587
        • Instruction Fuzzy Hash: 1D82BF32604E8496EB639F26D8447E823A2FB5D7D8F258A12FB4D27BB4DB34C595C340
        Function 000000014004A3E0 Relevance: 33.9, APIs: 16, Strings: 3, Instructions: 672COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$ChildClientEnumForegroundRectScreenVisibleWindows
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$X
        • API String ID: 63631066-3772643972
        • Opcode ID: 980438c41360b662ba557f54fbc948f48416c7c654c1e644e71abdf079b21b9a
        • Instruction ID: d59ced3f3ad466f5faf0b7366960b44406eede55143f28e7ee53de4ec92bb604
        • Opcode Fuzzy Hash: 980438c41360b662ba557f54fbc948f48416c7c654c1e644e71abdf079b21b9a
        • Instruction Fuzzy Hash: EC52FF32B04A5086FB669B2794003ED23A1F74E7D8F564126FF5A17AE5DB3CC896C348
        Function 0000000140065050 Relevance: 33.8, APIs: 18, Strings: 1, Instructions: 527fileCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ErrorLast$CloseFileHandlefree$CreateReadSize_wcstoui64
        • String ID: Out of memory.
        • API String ID: 144052852-4087320997
        • Opcode ID: 49f5170b2c8a34eb11e5896d9c44adeb612d4aeedd3cd92f65c9da58cbf524f2
        • Instruction ID: 3e7ede080246a4f00161a1d7367a582e6a5b08f718aef361cdbb375fe852fd20
        • Opcode Fuzzy Hash: 49f5170b2c8a34eb11e5896d9c44adeb612d4aeedd3cd92f65c9da58cbf524f2
        • Instruction Fuzzy Hash: BE220A7120468085FB66AB27A8103EA67A2FB9DBE5FA44611FF5E0B7F5DB38C445C700
        Function 000000014000D2F0 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 141sleepsynchronizationthreadCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexSleepThreadTick$CodeExitHookMessagePostUnhookUnregisterWindows
        • String ID: 2$AHK Keybd$AHK Mouse$Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.
        • API String ID: 2263482667-62447575
        • Opcode ID: 3fbfa8c04e88573c215f387af4c2d6bf94647df07d155914e15343c3a48a5061
        • Instruction ID: d92d0c0bb4aedd84c4ee01a266829731a3ef285425fab7798c8d1f3778efdbf3
        • Opcode Fuzzy Hash: 3fbfa8c04e88573c215f387af4c2d6bf94647df07d155914e15343c3a48a5061
        • Instruction Fuzzy Hash: D8613676200B4486FB5ADF63F8403EA37A1BB4DBE4F584126AB46476B4DF38C8818650
        Function 0000000140006210 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 135clipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Global$Unlock$Clipboard$Close$Free$Empty
        • String ID: Can't open clipboard for writing.$EmptyClipboard$SetClipboardData
        • API String ID: 1414016178-2690908087
        • Opcode ID: fe18a3bd9d13f56f1eb653d6fea6f17a4154fd68d7a6e2c60458300421ec3116
        • Instruction ID: 7f79bef57d48f757aa7e08dfa71b8aae4a0c87a5a05be85d81ac8e5e10ec4be1
        • Opcode Fuzzy Hash: fe18a3bd9d13f56f1eb653d6fea6f17a4154fd68d7a6e2c60458300421ec3116
        • Instruction Fuzzy Hash: 12511672601B5082EB669F22E6403AD73A5F74CFD4F044026FB4A63A64DF78D9A1CB80
        Function 0000000140097144 Relevance: 27.2, APIs: 18, Instructions: 180windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$Long$ErrorLast$Rect
        • String ID:
        • API String ID: 986955251-0
        • Opcode ID: 4a14f5c41efe0c57633b2c806eb334a5605a47c4c3e6f15bda656988a7c1f97f
        • Instruction ID: dd2a31af02820dca9a610a7f5b560f02d7c7d334e36579c06d81f3cd7b362529
        • Opcode Fuzzy Hash: 4a14f5c41efe0c57633b2c806eb334a5605a47c4c3e6f15bda656988a7c1f97f
        • Instruction Fuzzy Hash: 4671923361494182F7628B6AD454FEA2390E78DBE4F665211FF5A83AF4DF39C8848740
        Function 0000000140057400 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 542COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: wcsncpy$DialogParam
        • String ID: AutoHotkey v1.1.37.02$Memory limit reached (see #MaxMem in the help file).$Out of memory.$The InputBox window could not be displayed.$The maximum number of InputBoxes has been reached.
        • API String ID: 403427445-39691387
        • Opcode ID: 058d6deef732e5c9f85a9b2543fb250d95a53723d8f41ce6236cfc5ec9fcf558
        • Instruction ID: 47aa7d7e0f20c3c3fb7e886d0339fb474e8df69cbe4799195574a573751f1847
        • Opcode Fuzzy Hash: 058d6deef732e5c9f85a9b2543fb250d95a53723d8f41ce6236cfc5ec9fcf558
        • Instruction Fuzzy Hash: 3932F072604A8485FB27DB22F014BE963A2E74DBD4F544216EB5E177F8DB3AC841E348
        Function 00000001400B12E0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 119clipboardmemoryCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Global$Clipboard$Unlock$AllocCloseDataEmptyLock
        • String ID: Can't open clipboard for writing.$GlobalLock$Out of memory.
        • API String ID: 3906930916-2567692066
        • Opcode ID: 5477054b1ee72a468c1515e5d367db1430e7065205917cf1f915a336e4a14905
        • Instruction ID: 5f495e8a53ffb7fe39243be73deebc53c09a7f67f6972764e21802068eda5bf1
        • Opcode Fuzzy Hash: 5477054b1ee72a468c1515e5d367db1430e7065205917cf1f915a336e4a14905
        • Instruction Fuzzy Hash: DE512636202B4181EA169F53B9847E963B4FB8DFE5F980015EB492BA78DB7CC984C740
        Function 00000001400A02F0 Relevance: 24.5, APIs: 2, Strings: 14, Instructions: 482COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID: $Memory limit reached (see #MaxMem in the help file).$Menu does not exist.$Menu item name too long.$Menu name too long.$Nonexistent menu item.$Out of memory.$Parameter #2 invalid.$Parameter #3 must not be blank in this case.$Submenu does not exist.$Submenu must not contain its parent menu.$Target label does not exist.$Too many menu items.$tray
        • API String ID: 0-887232450
        • Opcode ID: e00901725a639cf25e5e0b2961d1850ec99df1f92d94468ef944f22abcd0578c
        • Instruction ID: 94d3eb00d3b92ccf6201390e56d394bde4ad131b7cf5417d1340fe69b6120a1f
        • Opcode Fuzzy Hash: e00901725a639cf25e5e0b2961d1850ec99df1f92d94468ef944f22abcd0578c
        • Instruction Fuzzy Hash: A512C172604B8486EA67DB13A4103EA63A1B7ADBD4F444312FF8917BB9DB78D5C5CB00
        Function 000000014005A440 Relevance: 23.7, APIs: 8, Strings: 5, Instructions: 939COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID: $ $ $Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 0-1407833225
        • Opcode ID: 2393a578187edcca432e6b3d46f40448de4afeaad80a1efcdbd39f1829826e43
        • Instruction ID: 7f564e3d5df9fb7a6caab6b89f2b87df36e4684ed0c6316d15f0fe698d28a268
        • Opcode Fuzzy Hash: 2393a578187edcca432e6b3d46f40448de4afeaad80a1efcdbd39f1829826e43
        • Instruction Fuzzy Hash: 5292DE72606A8485FB67DB23D0143EA27A2E74EBD4F594112FB4A0B6F5DB3EC885C340
        Function 000000014006D160 Relevance: 23.3, APIs: 1, Strings: 12, Instructions: 580COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno_invalid_parameter_noinfo_itow
        • String ID: ERCP$ERCP$ERCP$ERCP$Len%d$Len%s$PCRE$PCRE$PCRE$PCRE$Pos%d$Pos%s
        • API String ID: 331763463-1878916919
        • Opcode ID: af2e78a512d21fd14fe0beccadae663071b853843c225cf57d34ecaf11e4a81e
        • Instruction ID: ae0648f5d52ffd2d2203050f8f09539fdbe47e61e13668fb72b5f01ed14406f1
        • Opcode Fuzzy Hash: af2e78a512d21fd14fe0beccadae663071b853843c225cf57d34ecaf11e4a81e
        • Instruction Fuzzy Hash: 4C329072601A818AEB66CF26D8547EC37A2F74C7D8F544916FB4D4BBA9EB34CA44C700
        Function 000000014005F450 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 123COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: SendString$LabelVolumewcsncpy
        • String ID: \$close cd wait$closed$open$open %s type cdaudio alias cd wait shareable$set cd door %s wait$set cdaudio door %s wait
        • API String ID: 2486362098-1210049163
        • Opcode ID: 2b05aac162f55ea902263f406af139a35e42c78ef8e7101250fb7ed9650bfc42
        • Instruction ID: ddfeba876d40e27839f482eafa708575b5b3b69fa3fa457b6cd1fb0b3a49813f
        • Opcode Fuzzy Hash: 2b05aac162f55ea902263f406af139a35e42c78ef8e7101250fb7ed9650bfc42
        • Instruction Fuzzy Hash: 1241FE3121464481FB22DB73A854BEA2250FB9CBD4F804512FB4A979F5EF3DCA86DB40
        Function 0000000140097237 Relevance: 22.6, APIs: 15, Instructions: 147windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$Long$ErrorLast$Rect
        • String ID:
        • API String ID: 986955251-0
        • Opcode ID: 22ff196be06b8f920bad6c8addaecbcccfe3a07d3f514e16312c04aaf3b62738
        • Instruction ID: 18b9c8419a3c7512c655e07643af5975125c7ebbb78fc95ee74ba05df36d2fe0
        • Opcode Fuzzy Hash: 22ff196be06b8f920bad6c8addaecbcccfe3a07d3f514e16312c04aaf3b62738
        • Instruction Fuzzy Hash: CD51B33760495082F762877BD454FAA23D0A78D7E1F669201FFAA83AF0DF38C8848750
        Function 00000001400751E0 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 417windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$_errno_invalid_parameter_noinfo
        • String ID: Check$Col$Focus$Icon$Select$Vis
        • API String ID: 4293396861-2776904722
        • Opcode ID: 6196bfaf0f949b3e9e33ac2e49bc5d9a296451d121b6d7bb2fcd0768d5a463c9
        • Instruction ID: 219f4e7ba34ec2fa69aa4cbce338524cf86e7c235219485c154c753eea380c88
        • Opcode Fuzzy Hash: 6196bfaf0f949b3e9e33ac2e49bc5d9a296451d121b6d7bb2fcd0768d5a463c9
        • Instruction Fuzzy Hash: F602A03260468086EB66AF27E5003EA77A1F78CBD9F548115FF4947AB9DBBCC941CB00
        Function 0000000140097200 Relevance: 21.1, APIs: 14, Instructions: 144windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: LongWindow$ErrorLast$MessageSend
        • String ID:
        • API String ID: 3883446408-0
        • Opcode ID: 3bfdb41cdc8b1dfc31b7be44f9caa48db5b207ad1402d45fea5cf34dbae02090
        • Instruction ID: 96a37cbea5e61ff72190d4c3eed1f997b3b7708ff1a59391635f4f99a79de3c9
        • Opcode Fuzzy Hash: 3bfdb41cdc8b1dfc31b7be44f9caa48db5b207ad1402d45fea5cf34dbae02090
        • Instruction Fuzzy Hash: BD51D63760494082F7A28777D454FEA22D4A78D7E4F669201FFAA83AF0DF38C8849750
        Function 0000000140097221 Relevance: 21.1, APIs: 14, Instructions: 142windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: LongWindow$ErrorLast$MessageSend
        • String ID:
        • API String ID: 3883446408-0
        • Opcode ID: 24723276136957833ac007c395f314dd127c39ac74bf7ec40bc7df2bf39718f1
        • Instruction ID: 2754cca556b3536d3700448921addf3c9900b824467f58221637dfbb16206945
        • Opcode Fuzzy Hash: 24723276136957833ac007c395f314dd127c39ac74bf7ec40bc7df2bf39718f1
        • Instruction Fuzzy Hash: F051C33760495082F762877BD455FEA26D0A79D7E0F669201FFAA83AF0DF38C8849750
        Function 000000014009712B Relevance: 21.1, APIs: 14, Instructions: 139windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$Long$ErrorLast$Rect
        • String ID:
        • API String ID: 986955251-0
        • Opcode ID: fae43b30a415d1e3a86d5332e9111596ee3c8ff00aa3f6295ace6cb6b03df076
        • Instruction ID: f8b6d5fc0b509c9229ce332ab147e6b7e4d86b4396fd3b42422c88260dfbc63b
        • Opcode Fuzzy Hash: fae43b30a415d1e3a86d5332e9111596ee3c8ff00aa3f6295ace6cb6b03df076
        • Instruction Fuzzy Hash: 6251B33760495082F7A28777D454FEA22D4A78D7E4F669201FF9A83AF0EF38C8849750
        Function 0000000140097139 Relevance: 21.1, APIs: 14, Instructions: 137windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$Long$ErrorLast$Rect
        • String ID:
        • API String ID: 986955251-0
        • Opcode ID: 061dbbea7afb87abea976c5d78eb11b606a230fec3e4f43b919c51ad8393ceab
        • Instruction ID: bcf726da935bf662f5fbfa16621ebb5425d57e8ac3ab675bf1d05344e65fdcce
        • Opcode Fuzzy Hash: 061dbbea7afb87abea976c5d78eb11b606a230fec3e4f43b919c51ad8393ceab
        • Instruction Fuzzy Hash: E451B33760495082F7628777D454FEA22D4A78D7E4F669201FF9A83AF0DF38C8849750
        Function 0000000140097219 Relevance: 21.1, APIs: 14, Instructions: 137windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$Long$ErrorLast$Rect
        • String ID:
        • API String ID: 986955251-0
        • Opcode ID: e19550fe67db181aeb470707920506b65ae695e47400da7eb5c08a9a8c94b327
        • Instruction ID: 1df80e03fba35d513f2974025de2bfafa9bc9c2328690894e8429a780e39faa9
        • Opcode Fuzzy Hash: e19550fe67db181aeb470707920506b65ae695e47400da7eb5c08a9a8c94b327
        • Instruction Fuzzy Hash: 0A51B33760495082F7628777D454FEA22D4A78D7E4F669201FFAA83AF0EF38C8849750
        Function 0000000140017240 Relevance: 19.9, APIs: 13, Instructions: 363threadCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CurrentThread
        • String ID:
        • API String ID: 2882836952-0
        • Opcode ID: 2368e6e2beea2748245229d6f63b1074d97eb7c61fae3b98091d0fc456dafc55
        • Instruction ID: d16959d0936be5cddac07b6c47536e7fcb1159c0c4d36ed28bd6f08170dce804
        • Opcode Fuzzy Hash: 2368e6e2beea2748245229d6f63b1074d97eb7c61fae3b98091d0fc456dafc55
        • Instruction Fuzzy Hash: 6DF1C0321186908AF76B8B27A444BE93AF1F74D798F544116FB8A0BAF5CB3EC844D711
        Function 000000014008E1E0 Relevance: 19.8, APIs: 9, Strings: 2, Instructions: 506COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 0-457448710
        • Opcode ID: 12232ada3b8d623f987c6ca85692442ef7fd75572e59ac8aca0b6975a51bee98
        • Instruction ID: 0bca324407d045662cd63ac92765200540e1d4394f93a57ec394a406a546441d
        • Opcode Fuzzy Hash: 12232ada3b8d623f987c6ca85692442ef7fd75572e59ac8aca0b6975a51bee98
        • Instruction Fuzzy Hash: 0E32BE33204B8081EB27CB27E4447EA67A1F74DBD8F545212EB5A17BB5EB38C696D700
        Function 00000001400993D0 Relevance: 18.0, APIs: 6, Strings: 4, Instructions: 453COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno_invalid_parameter_noinfo
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$Submit$Text
        • API String ID: 2959964966-2602533059
        • Opcode ID: a4f5612e0c03c7cc6acded0b8ad398a76075edf0ac57e18db0b15bcf24eced0a
        • Instruction ID: 97a7e9a50630956f72d39171c059fbfd4cf4572b18903744004427e0363890a8
        • Opcode Fuzzy Hash: a4f5612e0c03c7cc6acded0b8ad398a76075edf0ac57e18db0b15bcf24eced0a
        • Instruction Fuzzy Hash: F112EF72209B8081EB26DB26D5543EE67A1FB4EBE4F558212FB5A077F9DB38C445C380
        Function 00000001400672D0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 283timefileCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: FileTime$Find$CloseErrorFirstLastLocalSystem
        • String ID: %04d%02d%02d%02d%02d%02d$Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 3800350769-3698116793
        • Opcode ID: f3713e2c57f3e66316d76b69488437579b00b003424ee968ee0f96ab75fec5c3
        • Instruction ID: 8c6f25a595f206b9dc050db86c14bab021700c033f59c415a096e0aecec4a942
        • Opcode Fuzzy Hash: f3713e2c57f3e66316d76b69488437579b00b003424ee968ee0f96ab75fec5c3
        • Instruction Fuzzy Hash: 35C1C272204B4085EB669B26E8047E963A2F74DBE8F604612FB5E077F9DB78C985C740
        Function 00000001400BE0C0 Relevance: 17.2, Strings: 13, Instructions: 941COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$NO_START_OPT)$UCP)$UTF16)$no error
        • API String ID: 0-3688278424
        • Opcode ID: 33d343a0d8d9eb0a9fab28d6d21af677664b37192003fe34fcf9508b46e49389
        • Instruction ID: f6a331eb084333d806aee9149bdeeb885d6ea38ec262f3a354d7ea3ccd50694f
        • Opcode Fuzzy Hash: 33d343a0d8d9eb0a9fab28d6d21af677664b37192003fe34fcf9508b46e49389
        • Instruction Fuzzy Hash: CB829C72614B908AE766CFA6D4403EE3BF4F758798F504126FB498B7A4EB78C944CB00
        Function 000000014005D3B0 Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 562COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _wcstoi64malloc
        • String ID: $Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 4111414685-1193006554
        • Opcode ID: cdbae4f3ce25a9a4cce6ed508733af80f1213151cac81626803f5e2c3bf69721
        • Instruction ID: 3e5d3eba2846e0de6a201ff80701ddb959896699979624e8650980289ce5c2fd
        • Opcode Fuzzy Hash: cdbae4f3ce25a9a4cce6ed508733af80f1213151cac81626803f5e2c3bf69721
        • Instruction Fuzzy Hash: 4E32BC72604B8486EB76DB26D5143EA73A2F74CBD8F594203EB5A077E9DB3AC845C340
        Function 00000001400110D0 Relevance: 16.3, APIs: 5, Strings: 4, Instructions: 555COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: KeyboardLayout
        • String ID: "%s" is not a valid key name.$"%s" is not allowed as a prefix key.$Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 194098044-3611355349
        • Opcode ID: 3622fd0739d8be3aff94471d87839d543190a132c98ca22be4e72d4503e9cc8b
        • Instruction ID: 95249991710123cf20388be561c76b02cf063fc6c899445c4c1649df59cbb59c
        • Opcode Fuzzy Hash: 3622fd0739d8be3aff94471d87839d543190a132c98ca22be4e72d4503e9cc8b
        • Instruction Fuzzy Hash: 3332E232204A5192FB6B9B27D1103E963A1F79D7D8F884512FB5A0FAF6DB3AC595C300
        Function 00000001400570D0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 121windowCOMMON
        Download Yara Rule
        APIs
        Strings
        • Script info will not be shown because the "Menu, Tray, MainWindow"command option was not enabled in the original script., xrefs: 000000014005710C
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$ForegroundMessageSendShow$IconicVisible
        • String ID: Script info will not be shown because the "Menu, Tray, MainWindow"command option was not enabled in the original script.
        • API String ID: 631031280-1556141417
        • Opcode ID: 79fe8a5b091500552ebc8169623915eb08e2c14fdec9d382d513c9221960e628
        • Instruction ID: b7d9f164e73cfbf817a1132ff8461a06a1203a6d2661dc15ef612809bc5fef06
        • Opcode Fuzzy Hash: 79fe8a5b091500552ebc8169623915eb08e2c14fdec9d382d513c9221960e628
        • Instruction Fuzzy Hash: C3515E3122494081FA77DB5BF850BE922A0FB9C7D4F840025FB4E479F6DA3AC944AB49
        Function 000000014009D420 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 307COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountCurrentDirectoryTickfreewcsncpy
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$call
        • API String ID: 782406583-3963558559
        • Opcode ID: f102e685979a01a8e33d2449d977a07489cbf06aeee870abef9322bdebf746bd
        • Instruction ID: b714db8ed9f80be2baa0864a130e15b997dd5fee670f11c2dd3be97bebb24934
        • Opcode Fuzzy Hash: f102e685979a01a8e33d2449d977a07489cbf06aeee870abef9322bdebf746bd
        • Instruction Fuzzy Hash: 63E19D72248B8082EB62DB26E4443E9B3A1F79CBD4F554117EB9E477B9EB38C481C740
        Function 00000001400201C3 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 309timeCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Time$CurrentDirectoryFileSystem
        • String ID: ErrorLevel$Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 2903961910-844184505
        • Opcode ID: 2810ee7d07e3f91f7d7af5e877f731afefc6c27dea3b98fccd464bed97545885
        • Instruction ID: 9e3cb2f553ede8efab173d78332db090ae6bd55484888d087a95391fc8f66fe9
        • Opcode Fuzzy Hash: 2810ee7d07e3f91f7d7af5e877f731afefc6c27dea3b98fccd464bed97545885
        • Instruction Fuzzy Hash: 56E19C71201B5482FB669B27E4987E963A1F78CBD8F48411AEF4E1B7B6DB78C841C700
        Function 0000000140063180 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 298COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _wcstoi64$CreateInstanceVolumewave
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 2637947298-457448710
        • Opcode ID: 22f65e08f296c3b0c8ca66a3cb99f585648a28a04bf4dc78fe5f64e552cab95a
        • Instruction ID: 8c19f16e6dc8ca844ad1d897f452bf0c76c17ee66a3d1f9c2780c1fe5e6c46cc
        • Opcode Fuzzy Hash: 22f65e08f296c3b0c8ca66a3cb99f585648a28a04bf4dc78fe5f64e552cab95a
        • Instruction Fuzzy Hash: 9BC1A572604B4182EB179B27E8103E9A792EB4DBD4F644A12FB5E577B5DB38C483C780
        Function 00000001400D63D0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno$_invalid_parameter_noinfo$_cftoe_l_getptd
        • String ID: gfffffff
        • API String ID: 1282097019-1523873471
        • Opcode ID: 8bfec8f4effaedea1a1cb1219e30dd48b273e96fc3afd06b771b3d8695ea29a2
        • Instruction ID: cc0ceb34bfd40c70bfadf2dc8b1a449d2b21289b3b5e9ac471473ca9f7151275
        • Opcode Fuzzy Hash: 8bfec8f4effaedea1a1cb1219e30dd48b273e96fc3afd06b771b3d8695ea29a2
        • Instruction Fuzzy Hash: 27B166737087C886EB12CB36D6453DD6BA5EB197D8F048621EF59077EAEA38D416C320
        Function 000000014003F1C0 Relevance: 12.4, APIs: 4, Strings: 4, Instructions: 353COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID: $ $Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 0-4280895764
        • Opcode ID: ed83b2958b0e83fe6cd725dade945639a77b351f2e6ad5f48bc1eae467f1a0a1
        • Instruction ID: 7c034145604c88201603fcd7dc4384495e66ce72dab27bffb086c87cb70081f4
        • Opcode Fuzzy Hash: ed83b2958b0e83fe6cd725dade945639a77b351f2e6ad5f48bc1eae467f1a0a1
        • Instruction Fuzzy Hash: A2E1EF72204A4096FA67AB23E5113FB63A1FB5D7D0F484612FB9A1B6F1DB78C491E340
        Function 00000001400501F8 Relevance: 10.9, APIs: 4, Strings: 3, Instructions: 436COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: freemalloc
        • String ID: %s1$Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 3061335427-3843752144
        • Opcode ID: 3f514d22eca492697ad6796379104b0b282f18c79c99a9e2c4bc0dc7031427ad
        • Instruction ID: 317b041f9b34c7787d65f0f4b9d2edcbe05b9ff6930c8689c2c7ba1a9f14de7f
        • Opcode Fuzzy Hash: 3f514d22eca492697ad6796379104b0b282f18c79c99a9e2c4bc0dc7031427ad
        • Instruction Fuzzy Hash: 1512FE72604A4482FB63DF22D1153EE63A1B74DBD8F584512FB4A172F5EB7AC981C780
        Function 000000014005B290 Relevance: 10.8, APIs: 3, Strings: 4, Instructions: 350COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: free
        • String ID: 1aA$Memory limit reached (see #MaxMem in the help file).$Out of memory.$UseErrorLevel
        • API String ID: 1294909896-1816934842
        • Opcode ID: 9d9844013896876395a003a2e1cf17a0860c7db06111750f4c8d9c7cd6d04c20
        • Instruction ID: 21af7aa01a4d1a9cdf9ae0d0eb3ca1d2f56a7247cfe29225193f22a2f569d97e
        • Opcode Fuzzy Hash: 9d9844013896876395a003a2e1cf17a0860c7db06111750f4c8d9c7cd6d04c20
        • Instruction Fuzzy Hash: 29E1FF72208B94C1EB27DB2791513E967A1FB8CBE4F444202FB99176F6DB39E841C340
        Function 00000001400393D9 Relevance: 9.5, APIs: 2, Strings: 4, Instructions: 512COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID: $ $.$.
        • API String ID: 0-1066414380
        • Opcode ID: b28e865c725036669516a9e33d9ea9b827d3a689475c6b179583a32b18edcd6f
        • Instruction ID: ffcb88003b91ebe48f5864756d13e0f4571e1e71b80e62f9893ad62d76856b8a
        • Opcode Fuzzy Hash: b28e865c725036669516a9e33d9ea9b827d3a689475c6b179583a32b18edcd6f
        • Instruction Fuzzy Hash: ED129072A1565141FAB76B1B94513FB6391A79DBC0F848126FF9A47BF5EA38CC82C300
        Function 000000014003A0A5 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 448COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno_invalid_parameter_noinfo
        • String ID: $ $.$.
        • API String ID: 2959964966-1066414380
        • Opcode ID: 9dbaa2750c01e854354486858f5dd62ce9b662767f66054c3fdfd5a84dd89eeb
        • Instruction ID: ddb0a5007798117db278d20b3b9832ae053dcee10a0c380da9f2785bbe707b2e
        • Opcode Fuzzy Hash: 9dbaa2750c01e854354486858f5dd62ce9b662767f66054c3fdfd5a84dd89eeb
        • Instruction Fuzzy Hash: EF029035A0165081FEBB5A1BA4513FB63D1A79FBC0F448026FF9A577F5EA3DC8828210
        Function 000000014004C410 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 313windowtimeCOMMON
        Download Yara Rule
        APIs
          • Part of subcall function 0000000140067BD0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,0000000140048B02), ref: 0000000140067C03
          • Part of subcall function 0000000140067BD0: IsWindowVisible.USER32 ref: 0000000140067C24
        • SendMessageTimeoutW.USER32 ref: 000000014004C48E
          • Part of subcall function 0000000140006150: GlobalAlloc.KERNEL32(?,?,?,00000001400060F5), ref: 0000000140006178
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$AllocForegroundGlobalMessageSendTimeoutVisible
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 2992753689-457448710
        • Opcode ID: 4b8c11ff9414561d058b4d90c955651d97e8e0e3a6c8c8ccae2dd621bea36da5
        • Instruction ID: eeeb4a49b101f38dc8a859a60ff30b39799abdb97ff51e6c48fe8a822efb52b7
        • Opcode Fuzzy Hash: 4b8c11ff9414561d058b4d90c955651d97e8e0e3a6c8c8ccae2dd621bea36da5
        • Instruction Fuzzy Hash: 43D10172624B8082FBA78F23D104BE967A1A74DBD4F568225EF4D077F9DB38C8458708
        Function 000000014004C070 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 240windowtimeCOMMON
        Download Yara Rule
        APIs
          • Part of subcall function 0000000140067BD0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,0000000140048B02), ref: 0000000140067C03
          • Part of subcall function 0000000140067BD0: IsWindowVisible.USER32 ref: 0000000140067C24
        • SendMessageTimeoutW.USER32 ref: 000000014004C0ED
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$ForegroundMessageSendTimeoutVisible
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 578228273-457448710
        • Opcode ID: 206a8b320df605913402dee927e3fc4c34e1f148e2cd8900c12461ea67957036
        • Instruction ID: 87576be7f3668b39d699dab9602887bc1bb3fc6b238abe50dfbaf210042ebf74
        • Opcode Fuzzy Hash: 206a8b320df605913402dee927e3fc4c34e1f148e2cd8900c12461ea67957036
        • Instruction Fuzzy Hash: FFA12272614B4082EBA39F27E004BE963A1E74DBD8F558222FB4E177B9DA78C841C344
        Function 000000014004A010 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 269COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$ForegroundVisible_errno_invalid_parameter_noinfo
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$ahk_parent
        • API String ID: 1550069138-3360053881
        • Opcode ID: cd926120bef3842384914a3d2408a64406e1e8dbdacc24a496c4a25c59385d21
        • Instruction ID: 05a3c042f1a00e0dd6de62e2c7af3eba40ef928d340a51d0751eb1e6144aff9c
        • Opcode Fuzzy Hash: cd926120bef3842384914a3d2408a64406e1e8dbdacc24a496c4a25c59385d21
        • Instruction Fuzzy Hash: 0AB1B072704B4081EB129F2BE4003E9A391E78EBD4F594122FF5D577A9EA7CC882C744
        Function 00000001400D4140 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
        • String ID:
        • API String ID: 1445889803-0
        • Opcode ID: 0970cab9c5be77d9a39cdc5d48b36c61e8207fb72ec45b32786bebe28e3c87fc
        • Instruction ID: 3af3064ba5592bf335494bce85be6d48570a468d73a99406de20778f5bec8ec9
        • Opcode Fuzzy Hash: 0970cab9c5be77d9a39cdc5d48b36c61e8207fb72ec45b32786bebe28e3c87fc
        • Instruction Fuzzy Hash: 9E016D36325A0086EB828F22E8443996360F74DBE0F446621EF9E57BB0DB38CDD58740
        Function 00000001400AE180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68fileCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: FileFind$AttributesCloseFirst
        • String ID: \\?\
        • API String ID: 48322524-4282027825
        • Opcode ID: d4e52f6d08b75a674ab8acda50374d4abab3f09d2fd8cf008a1539c545d14897
        • Instruction ID: 5059126414bbf14c0c8412e0e1d29896b2d441993a7729747f630cad7dae4bbc
        • Opcode Fuzzy Hash: d4e52f6d08b75a674ab8acda50374d4abab3f09d2fd8cf008a1539c545d14897
        • Instruction Fuzzy Hash: 9421C57660469181EF668F56E4443E923A1E768BE4F484320EF69076E4EB38CDC4CB00
        Function 00000001400B4320 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: AddressLibraryLoadProc
        • String ID: DwmGetWindowAttribute$dwmapi.dll
        • API String ID: 2574300362-1753671286
        • Opcode ID: 5c42b44d3bd11502840503fb3a9a7e556bde06c569d05dd72d793f96ad82625a
        • Instruction ID: 84c9776bb610b245565895121c5e0d34377812e601fbec750f1f3dc3743fab98
        • Opcode Fuzzy Hash: 5c42b44d3bd11502840503fb3a9a7e556bde06c569d05dd72d793f96ad82625a
        • Instruction Fuzzy Hash: EC014C72614F8186EF46CFE6B9803D977A0F78CB94F441425EB4A47A74EA38D685CB40
        Function 0000000140017FF0 Relevance: 4.6, APIs: 3, Instructions: 140keyboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: BlockInput$free
        • String ID:
        • API String ID: 984266599-0
        • Opcode ID: cc07ff5b0a7ab586d9090d4978c8951e65fb49b64582b6e74e059618cef89eee
        • Instruction ID: 589f30f9c845b92306a9957eca63cfad6c462d12bc7dc9edb27c3ca065958e4e
        • Opcode Fuzzy Hash: cc07ff5b0a7ab586d9090d4978c8951e65fb49b64582b6e74e059618cef89eee
        • Instruction Fuzzy Hash: 3361AB311082C48AE7BB8B17A8447EA7BA1F35D794F40411AEF954B6B5CB7DCA44CF10
        Function 000000014001F420 Relevance: 4.6, APIs: 3, Instructions: 56clipboardwindowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Clipboard$ChainChangeMessagePostViewer
        • String ID:
        • API String ID: 1822368796-0
        • Opcode ID: 4d2639be15d289644b7e00e38bf24626c38f1a4f6cbd3b3f866b6a4a7de71f6d
        • Instruction ID: 7af564547c66976fcf599a45886754f0e41598ee9a5c9986cc78b71697be81c6
        • Opcode Fuzzy Hash: 4d2639be15d289644b7e00e38bf24626c38f1a4f6cbd3b3f866b6a4a7de71f6d
        • Instruction Fuzzy Hash: 7D214C31615A80C2EB9A8B17F8807E92791FB9CBE4F581011EB5D0B7B5CE38C4D5C701
        Function 00000001400693F0 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Name$ComputerUser
        • String ID:
        • API String ID: 4229901323-0
        • Opcode ID: f4f50debfc151e7c1126dc1dd43a38d7796c7dee54f646407ef832135c12787f
        • Instruction ID: f8b8f737a0549dbc17ccbdf42e00f8d7d5370dc9c363184f7e44db896d439c6a
        • Opcode Fuzzy Hash: f4f50debfc151e7c1126dc1dd43a38d7796c7dee54f646407ef832135c12787f
        • Instruction Fuzzy Hash: 7501622130458096EF628B65E5557AA6375FB48BE8F604312F7AC43AE4EF3CC68AC750
        Function 000000014004624B Relevance: 1.5, Strings: 1, Instructions: 267COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _wcstoi64
        • String ID: 0
        • API String ID: 1512447906-4108050209
        • Opcode ID: e09ceef80edcdc023dd6ec69a41145e40283d9eada8d169eda9f00c5d7b1367a
        • Instruction ID: 24b4e164b160f00da4b982d5e6d294841971849d2e9e470880d43ff4a7bf4db8
        • Opcode Fuzzy Hash: e09ceef80edcdc023dd6ec69a41145e40283d9eada8d169eda9f00c5d7b1367a
        • Instruction Fuzzy Hash: 1CA18F76A0459141FFBA2A3B91113FA2191EB9DBC5F868036FF82531F4F6748C82990F
        Function 00000001400BC1B0 Relevance: .6, Instructions: 584COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 718d620fb34a8c7fae20ded747aad93edac20b88f11f9b353b7bd6387dd95983
        • Instruction ID: 49311328bee6fefa73093c8f33784ead408e8bafd88b2471741b6c2d76bc17f8
        • Opcode Fuzzy Hash: 718d620fb34a8c7fae20ded747aad93edac20b88f11f9b353b7bd6387dd95983
        • Instruction Fuzzy Hash: 18329136B10A91CAE7618FAAD440BED37B1F358BD8F554126EF6997BA8DB34C841C700
        Function 000000014005C100 Relevance: .3, Instructions: 331COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 2e477b23f3ecea56f461c696358fb7c9bd269ae031a8591b9aea2e73004fd9bb
        • Instruction ID: 773602da423cf50f9cb545c6fe22bdc6a6bd62315a039e0ff8e125dbdb88a9e5
        • Opcode Fuzzy Hash: 2e477b23f3ecea56f461c696358fb7c9bd269ae031a8591b9aea2e73004fd9bb
        • Instruction Fuzzy Hash: FCD1DC72221B8489EB66CF679454BE923E1FB4DBD4F448116EF0A477E5EB3AC881C340
        Function 000000014000A400 Relevance: .1, Instructions: 142COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 85789c11792fc48d90b6161d011240e4be3dc5371aebc8dd8522116747c55a3f
        • Instruction ID: b50798b4cb4ab5291e4b2f33cd493b45a05c835d173190d7a8d1219bc1277c7c
        • Opcode Fuzzy Hash: 85789c11792fc48d90b6161d011240e4be3dc5371aebc8dd8522116747c55a3f
        • Instruction Fuzzy Hash: 5141E3979149A04BFB068623A4E23F577E1E365BA3F894416B7C4436C7D16CC68FEB20
        Function 00000001400D41F4 Relevance: 107.7, APIs: 86, Instructions: 180COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: free$ErrorFreeHeapLast_errno
        • String ID:
        • API String ID: 1012874770-0
        • Opcode ID: 466021e10641f46c777374750456f6931892017341f90ec9393ac2dada329de8
        • Instruction ID: 65aa7e1f3f58e04b665c3b67e795055deab772522dea627dc095263361e34d18
        • Opcode Fuzzy Hash: 466021e10641f46c777374750456f6931892017341f90ec9393ac2dada329de8
        • Instruction Fuzzy Hash: B5A1553129574485EA4ABB32CCA53EC2361ABCAB84FC84132BF4D5B677DE31C9468354
        Function 000000014009F000 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 157libraryloaderwindowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Prop$Window$ColorLong$AddressBrushDeleteHandleMessageModeModuleObjectParentPointsProcRemoveSendText
        • String ID: IsAppThemed$uxtheme
        • API String ID: 2418046611-1805297701
        • Opcode ID: 615567465c6646be8ec2aa6e0cede64e0193fcae8ce1256dd4dcba1851c25ccd
        • Instruction ID: 4d315be8ca49740bfe0a7e7d97e314376389fd55b0b53697bf6d1ddc51acb0f2
        • Opcode Fuzzy Hash: 615567465c6646be8ec2aa6e0cede64e0193fcae8ce1256dd4dcba1851c25ccd
        • Instruction Fuzzy Hash: FE519F74305B4081EA6ADB57AA443F96392BB8CFD4F444015EF4A17BB5DE7CC886D740
        Function 00000001400763E0 Relevance: 28.5, APIs: 8, Strings: 8, Instructions: 451windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend
        • String ID: Bold$Check$Expand$First$Icon$Select$Sort$Vis
        • API String ID: 3850602802-3745070880
        • Opcode ID: 3b7b51b1c6f3c011e9194161d7ee2e27de6e7c3318f560449a79c28f48c8d378
        • Instruction ID: 8f838d434c88a088b380fe20e5f036ac38e36cd56ec22c4d960ab948dda1ef89
        • Opcode Fuzzy Hash: 3b7b51b1c6f3c011e9194161d7ee2e27de6e7c3318f560449a79c28f48c8d378
        • Instruction Fuzzy Hash: 7F12CA3270464189FBA6AB37D4503EE26A5E74DBC8F884015FF4A576F9EB38C842C341
        Function 00000001400090A0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 401threadkeyboardwindowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Unicode$ThreadWindow$Process$ClassForegroundInfoKeyboardLayoutMessageNamePostState
        • String ID: ApplicationFrameWindow
        • API String ID: 4050567146-3747838517
        • Opcode ID: 08e79724d6d757f305a48704243ed7e87a528b6258428db456a95d65cf121206
        • Instruction ID: f6165acdba985ad87adc3d91926bde904afb6367531fa7f8e101a89f2ab0b5a1
        • Opcode Fuzzy Hash: 08e79724d6d757f305a48704243ed7e87a528b6258428db456a95d65cf121206
        • Instruction Fuzzy Hash: 3312C17220879186EB66CF27B8407EA7BA1F78DB94F480116FB89076B8DB3DC545CB10
        Function 000000014008C160 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 338COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: malloc
        • String ID: +LastFoundExist$Could not create window.$Invalid Gui name.$Out of memory.$Parameter #1 invalid.
        • API String ID: 2803490479-3585094845
        • Opcode ID: bee27aa427894d5c9c4fb5885959b5ae286c0f25a8b147dc762b0e1190f1eb8b
        • Instruction ID: 4653871446c5d13017409fdd587a9e3dac0e7c3ce0b6be9add1e22e2c0005e97
        • Opcode Fuzzy Hash: bee27aa427894d5c9c4fb5885959b5ae286c0f25a8b147dc762b0e1190f1eb8b
        • Instruction Fuzzy Hash: ADE18A72215B4581EA5BDF17A490BE923B4F78DBD4F484425EB4A0B7B6EF38CA498300
        Function 0000000140093218 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$MessageSend$MovePointsRect$CreateObjectReleaseSelect
        • String ID: Can't create control.$msctls_updown32
        • API String ID: 2453842347-2413529272
        • Opcode ID: 0189b6f047dbad8c36edf6a30534c2244e2d65400a43a21192ad93d24fb40338
        • Instruction ID: 6b08d038255340a76557b47bb83cb2fa20bba41763ef86b0d39871dcf97f43d0
        • Opcode Fuzzy Hash: 0189b6f047dbad8c36edf6a30534c2244e2d65400a43a21192ad93d24fb40338
        • Instruction Fuzzy Hash: 8BA136766047808AE762CF6AD8447DD3BB1F348B98F148116EF4957BB8DB38D985CB40
        Function 0000000140092343 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 131windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSendWindow$CreateMoveObjectReleaseSelect
        • String ID: Can't create control.$Combobox
        • API String ID: 3127342912-1217126716
        • Opcode ID: e8d4538bd071f692524f900d37c87bd01975b62eb79d80b9a622cba2655c3d26
        • Instruction ID: 6aaaec5869fa5c8e3721ba17681c14f8b31eeaeda5bfd8c0b21ac692d7fc27e0
        • Opcode Fuzzy Hash: e8d4538bd071f692524f900d37c87bd01975b62eb79d80b9a622cba2655c3d26
        • Instruction Fuzzy Hash: 5D518B72604B40CAEB52CF26E4907DE77A1F74CB98F148125EB4957BB4DB38D986CB40
        Function 00000001400AA1F0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 95registrylibraryloaderCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CloseDelete$AddressErrorHandleLastModuleOpenProcValue
        • String ID: RegDeleteKeyExW$advapi32
        • API String ID: 1329167188-3857959575
        • Opcode ID: f12804048b18ccdf25c577746a5236d4afa9e580c06cbbeae97f95c006cfb154
        • Instruction ID: 4b2f74d67cedbfbe38514e54e626765ccfb345fa00649e44f5e728a7272b3c6e
        • Opcode Fuzzy Hash: f12804048b18ccdf25c577746a5236d4afa9e580c06cbbeae97f95c006cfb154
        • Instruction Fuzzy Hash: AF414C32700B4185EE569F67A8447E967A0BB6EFE0F044621FF4A47BB1DB7DC9858B00
        Function 00000001400A9210 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 244COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: PrivateProfile$Section$FullNameNamesPathString
        • String ID: ERROR$Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 4060383694-2798329188
        • Opcode ID: 50cbd1345f6eae290aa0e331215d1b2769cb6f01cba9ea33091c187d6b0fe672
        • Instruction ID: 36e0c3c49935bf4af2eac06470458e86ecd97b25278878f328ed38177b905060
        • Opcode Fuzzy Hash: 50cbd1345f6eae290aa0e331215d1b2769cb6f01cba9ea33091c187d6b0fe672
        • Instruction Fuzzy Hash: 19B10432705B8085EB239FA2E0513E96361F76CBD4F544212FB9A176E8DB78C9C6CB40
        Function 000000014003332C Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 241windowclipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTickfree$ClipboardCloseGlobalMessagePeekUnlockmalloc
        • String ID: Out of memory.
        • API String ID: 2261973038-4087320997
        • Opcode ID: 9d6f0bf57e7fdf7351c8508e6c249e6bdef568ad4bd8798a7fdc5fc8cb5ce37b
        • Instruction ID: 4f35984bdacec5c1c9fe8739b4f1d8ce1f6db9fbd92a5740a22ee401ca8d0a64
        • Opcode Fuzzy Hash: 9d6f0bf57e7fdf7351c8508e6c249e6bdef568ad4bd8798a7fdc5fc8cb5ce37b
        • Instruction Fuzzy Hash: E7C18D72604B408AEB6BCB26E8803EA77A1F74DBD4F140116EB9947BB5DF38D881C700
        Function 0000000140038249 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 238windowclipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
        • String ID: %%%s%s%s$Float$Integer
        • API String ID: 130734711-2931010843
        • Opcode ID: 240c7d56f43ea74b65e58d77b9d6e8acc20fb47bbf599287c6609ea3b7af78b7
        • Instruction ID: b463e45ca59adde006ff25223be624469cbf681a637fbf406e2a6bc45ff005eb
        • Opcode Fuzzy Hash: 240c7d56f43ea74b65e58d77b9d6e8acc20fb47bbf599287c6609ea3b7af78b7
        • Instruction Fuzzy Hash: 59C17931205B4086FB6B8B27E8847EA67A2B74DBD4F540126FB5A877F5DB38C881C740
        Function 0000000140044002 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 198COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CreateObjectText$BrushCapsDeviceFaceMetricsSelectSolidStockwcsncpy
        • String ID: DISPLAY
        • API String ID: 1918898772-865373369
        • Opcode ID: 64acbd78b8afa826982a18a1dc5bfd3beeb8ba4160218508d2ae081d29aa437d
        • Instruction ID: 7b711a298caa5ca98f0b38c72c14a300ed993a05eeca2533c277b9e5c745c53b
        • Opcode Fuzzy Hash: 64acbd78b8afa826982a18a1dc5bfd3beeb8ba4160218508d2ae081d29aa437d
        • Instruction Fuzzy Hash: 6481123260069186FB2A8F2294503ED37E0F798BDDF524629FB5617AF8DB38C991C744
        Function 00000001400442E2 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 99COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ObjectText$CapsCreateDeviceFaceMetricsSelectStock_errno_invalid_parameter_noinfo
        • String ID: DISPLAY$Hide
        • API String ID: 2877261776-1671811882
        • Opcode ID: 7ca45cc382354c7eda3d27ee10c9f2f2cc6684681f3a52a492581d037a7252b8
        • Instruction ID: f8bb59ca9c972b1cb3cb0cfca10ede274a6419cdc77d5765a149c999ff38b83f
        • Opcode Fuzzy Hash: 7ca45cc382354c7eda3d27ee10c9f2f2cc6684681f3a52a492581d037a7252b8
        • Instruction Fuzzy Hash: 9341B23160178186FB6A8F2294503E937A0F38DBDDF514029EF4A57BB8DB39C981CB84
        Function 00000001400921BC Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 95windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$CreateLongObjectReleaseSelect
        • String ID: Can't create control.$button
        • API String ID: 841324528-1804316079
        • Opcode ID: a05c52d3d54e6efae770d1f2596ec72e6be64b93865aa0dffd4c1bdcd55146de
        • Instruction ID: 6e3a4506b1df561b7e5899ce8ebd38ea4a0091c3c24feb1f06ddd8c7866cc20f
        • Opcode Fuzzy Hash: a05c52d3d54e6efae770d1f2596ec72e6be64b93865aa0dffd4c1bdcd55146de
        • Instruction Fuzzy Hash: B5411876705A8086EB62CF2AE48479973B0F78CB98F144122EF4957B78DF39C985CB40
        Function 000000014004F342 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 91COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$Long$ErrorLast$InvalidateRect
        • String ID: +-^$7
        • API String ID: 189950902-219994616
        • Opcode ID: 617337d7036434c2a9ecc605b48b5d0ad4ee05d507f2ec36b386c03962299483
        • Instruction ID: 733cb986ad0821ed767a84d679ad93982106c3db35482fe4a1adeb95f2768207
        • Opcode Fuzzy Hash: 617337d7036434c2a9ecc605b48b5d0ad4ee05d507f2ec36b386c03962299483
        • Instruction Fuzzy Hash: 4F31E43230094082FA679B27A8943FA6291B7CCBE9F554135FF0A876B5DF3CD885A604
        Function 00000001400D13E4 Relevance: 15.2, APIs: 10, Instructions: 206COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ByteCharMultiStringWide$_errnofreemalloc$AllocHeap_callnewh
        • String ID:
        • API String ID: 1080698880-0
        • Opcode ID: 8b94b1efe24bbeb5f9c2dae9d551b5dd8f74e24a509077e83292b00b0708575b
        • Instruction ID: 69e46fe6c586d9a651b93c21acb5ee76bc9a6d111528acf0d7c6efdcdb2198ab
        • Opcode Fuzzy Hash: 8b94b1efe24bbeb5f9c2dae9d551b5dd8f74e24a509077e83292b00b0708575b
        • Instruction Fuzzy Hash: C8816F32304780A6EB268F66D4407DD76A5FB8CBE8F584225FB5957BE4EF38C9428710
        Function 00000001400D804C Relevance: 15.1, APIs: 10, Instructions: 123COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno$_invalid_parameter_noinfo$ByteCharErrorLastMultiWide
        • String ID:
        • API String ID: 2295021086-0
        • Opcode ID: 8d4ea634b2d2ada256a542e9dd5cc9de4b662ccb9a966e6639f0803ca8076cf5
        • Instruction ID: faf8b7c293f865d0e22efce0c883b9dc30b4706e007303f431fa4a71f4cfeeef
        • Opcode Fuzzy Hash: 8d4ea634b2d2ada256a542e9dd5cc9de4b662ccb9a966e6639f0803ca8076cf5
        • Instruction Fuzzy Hash: 4651B7326047808AFBB79B62D8403EC3AB4AF497E4F184110FF1507AF5CB38888B8721
        Function 0000000140001142 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 236COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _i64tow$CharUpperx64tow
        • String ID: $Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 789761669-1193006554
        • Opcode ID: ad393062bd0669106b5458e5e2cb539dd6922c9950858116007e2932a900667d
        • Instruction ID: 97b0f747ee716e8ac0c6a42fd28bf3b44786591152b7124e93d5cede32e92a26
        • Opcode Fuzzy Hash: ad393062bd0669106b5458e5e2cb539dd6922c9950858116007e2932a900667d
        • Instruction Fuzzy Hash: EAB19DB2208B8085EB66CF22F5543EA63A1F78DBD8F544202FB5A57AF9DB38C555C340
        Function 000000014003635D Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 182windowtimeclipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
        • String ID: Environment
        • API String ID: 3716859204-3233436149
        • Opcode ID: a4277965e5af97a245481dad8bb0a6286528eb68b5c713a57f54c85a136f801b
        • Instruction ID: a352cdda06138efb39d9baf7b6950f852ba629cafca0125f62967e2953884633
        • Opcode Fuzzy Hash: a4277965e5af97a245481dad8bb0a6286528eb68b5c713a57f54c85a136f801b
        • Instruction Fuzzy Hash: EF916E32205B4486FB6B8B26E8847EA37A1F74DBD4F540116EB5947AF5DB38D880CB40
        Function 00000001400812B0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 169COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: FullNamePath$AttributesFile
        • String ID: :$\$\*.*
        • API String ID: 2214166259-1634566093
        • Opcode ID: ea9ee2eac927e62cff7dee933299914b5664a47733676ef8a6449d018e4ea75c
        • Instruction ID: 8287bc34fd43579edcb1be05949d17706ae5b2effbb521ca0842c933f0217dbc
        • Opcode Fuzzy Hash: ea9ee2eac927e62cff7dee933299914b5664a47733676ef8a6449d018e4ea75c
        • Instruction Fuzzy Hash: A9718133508A8086EB628B75A4003EA63E5FBC87B4F541316F7A9579F8EB78C685C740
        Function 000000014004F18E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$Long$AttributesLayered_errno_invalid_parameter_noinfo
        • String ID: Off
        • API String ID: 9511289-334568355
        • Opcode ID: bc572507185fcd48d6bee78820c775b7f3f79346e26528645059c8f0ca57d472
        • Instruction ID: d7d921a05befdc21490f10f967540a2e2d982f9a5b2dcd13f01930adb07f3559
        • Opcode Fuzzy Hash: bc572507185fcd48d6bee78820c775b7f3f79346e26528645059c8f0ca57d472
        • Instruction Fuzzy Hash: 1851F23A70416182EB729B2BA4003FAA290F798BD8F864131FF46876F5DE78C845A744
        Function 0000000140044257 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Object$DeleteText$CapsCreateDeviceFaceIconInfoMetricsRectSelectStock
        • String ID: DISPLAY
        • API String ID: 2624006087-865373369
        • Opcode ID: 7f75e93dc04f375c431505c4f7255d9deb99c393e07adf6a370a8fcfe1cfa7f0
        • Instruction ID: 57279c7950419f1c45b904bd17f0ddbe79ea1e2287f7a97d93df353362d8a338
        • Opcode Fuzzy Hash: 7f75e93dc04f375c431505c4f7255d9deb99c393e07adf6a370a8fcfe1cfa7f0
        • Instruction Fuzzy Hash: 3851A3726017818AFB6A8F2394903ED37A0F78DB99F514029EF4557BB4DB39C981CB44
        Function 000000014008A1C0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 315COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: freemalloc
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 3061335427-457448710
        • Opcode ID: 3952aaeb542630f8eed55199ef17d6245a48a0f40f4df9c499f2dc1fe48f7096
        • Instruction ID: bea7a777fb31d1cbd55591d04112391db0f51e2147ef09d2eb0260febcbbf838
        • Opcode Fuzzy Hash: 3952aaeb542630f8eed55199ef17d6245a48a0f40f4df9c499f2dc1fe48f7096
        • Instruction Fuzzy Hash: AEE19F72605B8481FB628B16A4047EA77A5FB4EBD8F440116EB9907BB8DB7CC695C700
        Function 000000014005F060 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 238COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: DiskFreeSpacewcsncpy
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$\
        • API String ID: 340609953-3887087261
        • Opcode ID: a57039f876d61874456d7c3df9fcb96f8092fcb0b5444c862aeb547096fe15b2
        • Instruction ID: b5b8dbeab608ca898f4adede869faa9a51234a4995db989feeb7c27570bb5004
        • Opcode Fuzzy Hash: a57039f876d61874456d7c3df9fcb96f8092fcb0b5444c862aeb547096fe15b2
        • Instruction Fuzzy Hash: E1A1EC72604A8092FB62DB23E5443E963A1F78CBD4F444222EB5A1BBF5DB7DC595E300
        Function 00000001400330D8 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 225windowclipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
        • String ID: CSV
        • API String ID: 130734711-2651001053
        • Opcode ID: 2571c6cd75cca247666939278f462bfbbf6cca7ea84cc96d71b33113f93168c2
        • Instruction ID: e3a4817ddb17f0a0565de77c4a27dfc75c71579afeb289edebabff1b708afb2a
        • Opcode Fuzzy Hash: 2571c6cd75cca247666939278f462bfbbf6cca7ea84cc96d71b33113f93168c2
        • Instruction Fuzzy Hash: 1AB16E76604B4486EB678B27E8807DA77A1F74DBD4F140116EB9D87BB8DB38D881C740
        Function 00000001400371C0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 219windowclipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID: Target label does not exist.
        • API String ID: 1623861271-2507343300
        • Opcode ID: cf08b72a1f85ef528d4b876a264b641fef72119f9f906f0e8bf8fc7b2ae7870a
        • Instruction ID: aace4068658c82635329fa8fc78d7488498a5df07afcc4a8738732627e58b01e
        • Opcode Fuzzy Hash: cf08b72a1f85ef528d4b876a264b641fef72119f9f906f0e8bf8fc7b2ae7870a
        • Instruction Fuzzy Hash: CFB16B32205B4485FB6B8B2BE8847EA27A1FB4DBE4F540116EB9D476F5DB38D881C740
        Function 0000000140083010 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 197COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: String$FreeFrom
        • String ID: class$clsid$iid$name
        • API String ID: 2678186706-3724380462
        • Opcode ID: 3e8e12931563aef98b3a42a4bb7d5856e4da5e6590fd0fb3d232fcfcee604ea7
        • Instruction ID: 1381a9711b17c7dcfaacef3f86432853d6837ad83d27059a8dc87ff0e196a8ba
        • Opcode Fuzzy Hash: 3e8e12931563aef98b3a42a4bb7d5856e4da5e6590fd0fb3d232fcfcee604ea7
        • Instruction Fuzzy Hash: 1D917C36204B4082EB669B2BE4503AA67A0F7CDBD8F546116FF8A477B9DF38C555C700
        Function 00000001400381D1 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 183windowclipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID: Parameter #1 invalid.
        • API String ID: 1623861271-1208927624
        • Opcode ID: 07e6a40e08aac53d5fd7d628a088f45312c2f44835cafe26ad10f286e764194c
        • Instruction ID: 30d188d6ab8ac60033a158e048a00c4180f0f62e663e2c38c7cb11da4888db4d
        • Opcode Fuzzy Hash: 07e6a40e08aac53d5fd7d628a088f45312c2f44835cafe26ad10f286e764194c
        • Instruction Fuzzy Hash: 95917F72205B4486FB6B8B27E9847EA37A1F74DBE4F540116EB59876F5CB38C881C740
        Function 00000001400380ED Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 177windowclipboardCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
        • String ID: Play
        • API String ID: 130734711-4273697156
        • Opcode ID: 3fd01e4027b3d9650c6466650cf8e3ab190afa939c549a132e297a51e6705630
        • Instruction ID: 1747f8b5322398b0e1493671b2351a7ebaeb0362ff10759a50ced827d42cfff3
        • Opcode Fuzzy Hash: 3fd01e4027b3d9650c6466650cf8e3ab190afa939c549a132e297a51e6705630
        • Instruction Fuzzy Hash: 87918D32604B4086FB6B8B27E8847EA37A1F74DBE4F540116EB5A876F5DB38D881C740
        Function 000000014007D36C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177windowtimeCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSendTimeout$ClassName
        • String ID: Combo$List$SysListView32
        • API String ID: 639069792-371123625
        • Opcode ID: 7de485ba91aa5027f2a1d50c9b93aaee24f09d49bb42ee2803a20293ff77a702
        • Instruction ID: e7c10ea6e444e9311a5984f2a3343e0db309b8b53552d069bf3c98c5a2967718
        • Opcode Fuzzy Hash: 7de485ba91aa5027f2a1d50c9b93aaee24f09d49bb42ee2803a20293ff77a702
        • Instruction Fuzzy Hash: 8C719B72204B8086EB628F2698447E977A1F74DBECF481617FB5E17BE9DB38C6458700
        Function 000000014004435A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Object$DeleteText$CapsCreateDeviceFaceIconInfoMetricsRectSelectStock
        • String ID: DISPLAY
        • API String ID: 2624006087-865373369
        • Opcode ID: 007506d76ac344f2e3b66a4e33841752d8411c0504c85668f831f219e3872546
        • Instruction ID: 5377500f95dacf339b2644e87d777914b115cb7502a944bac2daf7022b9f2fde
        • Opcode Fuzzy Hash: 007506d76ac344f2e3b66a4e33841752d8411c0504c85668f831f219e3872546
        • Instruction Fuzzy Hash: 504192726016818AFB6ACF2294513ED37A0F39DBDDF514025EB4657BB8DB38C981C784
        Function 00000001400441F6 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Object$CreateDeleteText$CapsDeviceFaceFontIconInfoMetricsRectSelectStock
        • String ID: DISPLAY
        • API String ID: 3544818348-865373369
        • Opcode ID: a1d7a25d5e06a9988a7b028382f00c7053b5d89d882773703802621f1868f8c3
        • Instruction ID: 7bd8496eb3f8e331928d6969a3b62b30f35a169dbc2732244e4f3777f54f1151
        • Opcode Fuzzy Hash: a1d7a25d5e06a9988a7b028382f00c7053b5d89d882773703802621f1868f8c3
        • Instruction Fuzzy Hash: 4941D4326017818AFB6A8F2290513ED37E0F38DB9DF524029EF4957BA4DB39C985C744
        Function 0000000140084160 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 93windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: FreeString$FormatMessage
        • String ID: Source:%wsDescription:%wsHelpFile:%wsHelpContext:%d$0x%08X - $No valid COM object!
        • API String ID: 1522831054-3028990165
        • Opcode ID: 184dd49d8221f6094194c858502fe487139c0727381068df04108684fdb01643
        • Instruction ID: 3e574229208271e0652739833001e61f0b6b993698a75bfe69a30d5957325b13
        • Opcode Fuzzy Hash: 184dd49d8221f6094194c858502fe487139c0727381068df04108684fdb01643
        • Instruction Fuzzy Hash: B141D272218B9081EB759B26E8443E9B3A5FB9CBC8F484115EB8817BB9DF3CC595C740
        Function 00000001400441B2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ObjectText$CapsCreateDeviceFaceMetricsSelectStock
        • String ID: DISPLAY
        • API String ID: 2440455471-865373369
        • Opcode ID: db2c7b62caa1502c90c4692a64aad69af234af233acf7d5f76a536d283ef3c19
        • Instruction ID: 54469ac6916066de2ddc44dadd6764576386d4ad38e7a6b39ee952ac9e894666
        • Opcode Fuzzy Hash: db2c7b62caa1502c90c4692a64aad69af234af233acf7d5f76a536d283ef3c19
        • Instruction Fuzzy Hash: C541D4356017818AFB7A8F2694503E933A0F39DB9DF524029EF4617BB8DB39C981C784
        Function 00000001400441DC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 84windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Object$Create$FontSelectText$Delete$Draw$CapsDeviceFaceIconInfoMetricsRectStock
        • String ID: DISPLAY
        • API String ID: 287169048-865373369
        • Opcode ID: 79cc43e1e6b7c5b56ba145ab2fa071fb583259bd71ecbb3b2d6f0637a8729805
        • Instruction ID: 02ce41ec8f36144a1fcafbfded04e66a7fd84603d954e2f6789a5b5be7dde9ab
        • Opcode Fuzzy Hash: 79cc43e1e6b7c5b56ba145ab2fa071fb583259bd71ecbb3b2d6f0637a8729805
        • Instruction Fuzzy Hash: AF31B4316017818AFB6A8F2294503ED37A0F39DB9DF514029EF4A57BB8DB39C881C784
        Function 000000014004433A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Object$Create$FontSelectText$Delete$Draw$CapsDeviceFaceIconInfoMetricsRectStock
        • String ID: DISPLAY
        • API String ID: 287169048-865373369
        • Opcode ID: 8c94b54f97151126f6a3dbc8e35f525c2f7b06ba765cb74cd4d01cb4ef1739de
        • Instruction ID: 574bf68584c60e5c647a62c336327c5122b78c94baca402dbd1a45f3a61bd061
        • Opcode Fuzzy Hash: 8c94b54f97151126f6a3dbc8e35f525c2f7b06ba765cb74cd4d01cb4ef1739de
        • Instruction Fuzzy Hash: 9631A4316017818AFB7A8F2294513E933A0F39DB9DF514029EF4A57BB8DB39C981C784
        Function 0000000140044348 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Object$Create$FontSelectText$Delete$Draw$CapsDeviceFaceIconInfoMetricsRectStock
        • String ID: DISPLAY
        • API String ID: 287169048-865373369
        • Opcode ID: 93dfc2e08d65218b920f8a286016c4f413a753766af2ec05e16299fae07c7944
        • Instruction ID: 6ad6f091a518b6764e5f923eff79435a75e8f0d1c80be343dc921ce39c708716
        • Opcode Fuzzy Hash: 93dfc2e08d65218b920f8a286016c4f413a753766af2ec05e16299fae07c7944
        • Instruction Fuzzy Hash: 9F31A4316017818AFB7A8F2294513E933A0F39DB9DF514029EF4A57BB8DB39C981C784
        Function 0000000140044249 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Object$Create$FontSelectText$Delete$Draw$CapsDeviceFaceIconInfoMetricsRectStock
        • String ID: DISPLAY
        • API String ID: 287169048-865373369
        • Opcode ID: b58c7a80ffbae7d0a77c10089ad137fb5fb82dc478809a4d40b45f9db5b76e13
        • Instruction ID: c2ee0f9b6322619961a75c4894c09fe7c31f050da9442a91dd70dabf2c36835d
        • Opcode Fuzzy Hash: b58c7a80ffbae7d0a77c10089ad137fb5fb82dc478809a4d40b45f9db5b76e13
        • Instruction Fuzzy Hash: B031A53160178186EB7A8F2294507E937E0F39DB9DF514028EF4957BB8DB39C981C784
        Function 0000000140093161 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$CreateObjectReleaseSelectWindow
        • String ID: Can't create control.$msctls_hotkey32
        • API String ID: 3196501506-3973893855
        • Opcode ID: 2301e64a71ee3aa2c1bfefc54c5068a70f0baefa7c0a93070309763d01877511
        • Instruction ID: e90e5f1733ab73a77ab6744f97fdb76dbf7be91986c7bca6f702f49f029a746e
        • Opcode Fuzzy Hash: 2301e64a71ee3aa2c1bfefc54c5068a70f0baefa7c0a93070309763d01877511
        • Instruction Fuzzy Hash: F6310476605B4086EB52CF2AE8447DA73A1F74CB94F004026EF4D57B78EB39C9858B40
        Function 00000001400CF29C Relevance: 12.1, APIs: 8, Instructions: 59COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        • _FF_MSGBANNER.LIBCMT ref: 00000001400CF2C3
          • Part of subcall function 00000001400CF0A0: _set_error_mode.LIBCMT ref: 00000001400CF0A9
          • Part of subcall function 00000001400CF0A0: _set_error_mode.LIBCMT ref: 00000001400CF0B8
          • Part of subcall function 00000001400CEE40: _set_error_mode.LIBCMT ref: 00000001400CEE85
          • Part of subcall function 00000001400CEE40: _set_error_mode.LIBCMT ref: 00000001400CEE96
          • Part of subcall function 00000001400CEE40: GetModuleFileNameW.KERNEL32 ref: 00000001400CEEF8
          • Part of subcall function 00000001400CAC68: ExitProcess.KERNEL32 ref: 00000001400CAC77
          • Part of subcall function 00000001400D0A90: malloc.LIBCMT ref: 00000001400D0ABB
          • Part of subcall function 00000001400D0A90: Sleep.KERNEL32(?,?,00000000,00000001400CF2FD,?,?,?,00000001400CF3A7,?,?,00000000,00000001400CE795,?,?,00000000,00000001400CE84C), ref: 00000001400D0ACE
        • _errno.LIBCMT ref: 00000001400CF305
        • _lock.LIBCMT ref: 00000001400CF319
        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00000001400CF3A7,?,?,00000000,00000001400CE795,?,?,00000000,00000001400CE84C,?,?,00000000,00000001400CE883), ref: 00000001400CF32F
        • free.LIBCMT ref: 00000001400CF33C
        • _errno.LIBCMT ref: 00000001400CF341
        • LeaveCriticalSection.KERNEL32(?,?,?,00000001400CF3A7,?,?,00000000,00000001400CE795,?,?,00000000,00000001400CE84C,?,?,00000000,00000001400CE883), ref: 00000001400CF364
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _set_error_mode$CriticalSection_errno$CountExitFileInitializeLeaveModuleNameProcessSleepSpin_lockfreemalloc
        • String ID:
        • API String ID: 113790786-0
        • Opcode ID: 9d2ad0cb5c3aa132dad9e8f2cd8e9d540916b23bcb062c7166a64acad54b91c9
        • Instruction ID: 70ea712b3aa96bde6a20baaca860df2a5f9cd2f9b9615de6e2662fdcb8acb3ee
        • Opcode Fuzzy Hash: 9d2ad0cb5c3aa132dad9e8f2cd8e9d540916b23bcb062c7166a64acad54b91c9
        • Instruction Fuzzy Hash: 77216A3160978092F66BAB63E4447FE62A4E78DBC4F584024BB4B476F2CF38C840A352
        Function 000000014003C120 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 353COMMON
        Download Yara Rule
        APIs
        • free.LIBCMT ref: 000000014003C1C5
          • Part of subcall function 00000001400CB13C: HeapFree.KERNEL32(?,?,00000000,00000001400CE860,?,?,00000000,00000001400CE883,?,?,?,00000001400CA7AB,?,?,00000000,00000001400CFD3B), ref: 00000001400CB152
          • Part of subcall function 00000001400CB13C: _errno.LIBCMT ref: 00000001400CB15C
          • Part of subcall function 00000001400CB13C: GetLastError.KERNEL32(?,?,00000000,00000001400CE860,?,?,00000000,00000001400CE883,?,?,?,00000001400CA7AB,?,?,00000000,00000001400CFD3B), ref: 00000001400CB164
          • Part of subcall function 0000000140032530: GlobalUnlock.KERNEL32 ref: 00000001400325F1
          • Part of subcall function 0000000140032530: CloseClipboard.USER32 ref: 00000001400325FE
          • Part of subcall function 0000000140032530: GetTickCount.KERNEL32 ref: 0000000140032611
          • Part of subcall function 0000000140032530: PeekMessageW.USER32 ref: 0000000140032645
          • Part of subcall function 0000000140032530: GetTickCount.KERNEL32 ref: 0000000140032659
        • free.LIBCMT ref: 000000014003C283
        • free.LIBCMT ref: 000000014003C511
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: free$CountTick$ClipboardCloseErrorFreeGlobalHeapLastMessagePeekUnlock_errno
        • String ID: Next$_NewEnum
        • API String ID: 837015515-2558596721
        • Opcode ID: a915b90e06ef80db93b94624eabc9a832a7ceb1fc68cb4a4a75ee571b4c7e0ae
        • Instruction ID: f673d8de0596612d9df3e71b8a84b1e73f218a0612a7808c57e5157c685c8a0b
        • Opcode Fuzzy Hash: a915b90e06ef80db93b94624eabc9a832a7ceb1fc68cb4a4a75ee571b4c7e0ae
        • Instruction Fuzzy Hash: 00F17C32225B4086EB678B66E490BEA73A0F78CBC4F104116FB8A87BB4DB38C555C700
        Function 0000000140033194 Relevance: 10.8, APIs: 7, Instructions: 261clipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ClipboardCloseCountGlobalInfoTickUnlock
        • String ID:
        • API String ID: 3668674636-0
        • Opcode ID: c582d519fab311d654f38cffc0f10be5404751ce0c511796446b2bfb4ece11d5
        • Instruction ID: e036c066776a3bb8ad3e7c7ecc3197cb02cda619ffb32ceca40dca7c2bf38de4
        • Opcode Fuzzy Hash: c582d519fab311d654f38cffc0f10be5404751ce0c511796446b2bfb4ece11d5
        • Instruction Fuzzy Hash: 52D15C72605B8489EB778F26E8807DA37A1F74DB98F140216EB594BBF8DB38C585C740
        Function 000000014003342D Relevance: 10.7, APIs: 7, Instructions: 231registrywindowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CloseCountTick$ClipboardGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 4107439908-0
        • Opcode ID: 31e9dbe00c167eb086e47e98f41aae961fee4f32809cdf6f03e109c25ba99e43
        • Instruction ID: 036ddfd78b5369459cc7606da6939e5f1cbf79a038acaaaa356241006e3216a0
        • Opcode Fuzzy Hash: 31e9dbe00c167eb086e47e98f41aae961fee4f32809cdf6f03e109c25ba99e43
        • Instruction Fuzzy Hash: 90C17C32605B848AEB678B27E8803DA77A1F74DBD4F140116EB9D47BB9DB38D881C740
        Function 0000000140036335 Relevance: 10.7, APIs: 7, Instructions: 176windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseEnvironmentGlobalMessagePeekUnlockVariable
        • String ID:
        • API String ID: 2791281230-0
        • Opcode ID: 20a08d5f949345fa6a2ffb47ef86632a8ceddeee645a111e3fd5a67181b52d70
        • Instruction ID: 890309bedc1a62689f78676692d84190fb97ff4fcbc2eee27db7e42531541b00
        • Opcode Fuzzy Hash: 20a08d5f949345fa6a2ffb47ef86632a8ceddeee645a111e3fd5a67181b52d70
        • Instruction Fuzzy Hash: 2F917E32205B4486FB6B8B27E9847EA37A1F74DBE4F140116EB59876F5CB38C881C740
        Function 0000000140012330 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 155sleepCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CharUpper$Sleep
        • String ID: %s%c${Raw}${Text}
        • API String ID: 3503790639-2444501380
        • Opcode ID: 4a69ece173c122f29f30c6244c732ff2e1cb9200d53ce880c7de8c75735feae2
        • Instruction ID: 290e6ca51a4438a4e51793e6a76c297ed545bf9ca9ec17b9afdb8059faadc4e6
        • Opcode Fuzzy Hash: 4a69ece173c122f29f30c6244c732ff2e1cb9200d53ce880c7de8c75735feae2
        • Instruction Fuzzy Hash: 0161E6762046A086EBA2DF26A0503ED77E5F74CBD8F449206EF99176E4DB39C5A2C700
        Function 000000014007D14D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 144windowtimeCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSendTimeout$ClassName
        • String ID: Combo$List
        • API String ID: 639069792-1246219895
        • Opcode ID: ef34387278649e0a9e3090b024ebc4a9cda159660c225d96397582d42d10a6e9
        • Instruction ID: 1171324b8003e5d6b66f89a91c7b67f486758408702dbb99bc1053b83e97d334
        • Opcode Fuzzy Hash: ef34387278649e0a9e3090b024ebc4a9cda159660c225d96397582d42d10a6e9
        • Instruction Fuzzy Hash: 3561AD72204B8085EB628F22A8547E93B61F74DBE8F481717EB6917AE6CB7CC546C740
        Function 000000014008D0CD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 118COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ClientRectTextWindowfree
        • String ID: *$*$Icon
        • API String ID: 2069302144-1089620501
        • Opcode ID: a8d24be868176e6fccca1b2e79c796d3fcd5aca649af1eb40841a52a45553679
        • Instruction ID: a2bdb3aecaf9a529164ee71dc03c76f05c5d70ab16559ea24ed4d896a9f9ebc6
        • Opcode Fuzzy Hash: a8d24be868176e6fccca1b2e79c796d3fcd5aca649af1eb40841a52a45553679
        • Instruction Fuzzy Hash: 40419B7361064091EB229F27A4447EA77A0FB4DBD4F444213FF5A076F5EB38CA808341
        Function 000000014009D0A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CallProcWindow$ClipFillParentRect
        • String ID: G
        • API String ID: 2087348582-985283518
        • Opcode ID: c4665897967729e916852879166124e0a89fe792a3a6f193528a72de363e4987
        • Instruction ID: 6da50deb0444ec1dfe4370dd1496a6be5560bacb1a1a81d5764b524f10b4ae77
        • Opcode Fuzzy Hash: c4665897967729e916852879166124e0a89fe792a3a6f193528a72de363e4987
        • Instruction Fuzzy Hash: 8A416B32244B8096EB228F17E944799B7A1F79DFC4F884016EB8957BA9CF3CD492C740
        Function 000000014008D09C Relevance: 10.6, APIs: 7, Instructions: 97windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSendTextWindowfree
        • String ID:
        • API String ID: 1940615249-0
        • Opcode ID: f0b39ff7a4c28e5b1fdfe792067065d9acff5515c104baa729600cdfd527192d
        • Instruction ID: 4bee30611761156c8798d0a7da4842659b3641d1f09ae16251bd38757665d3ad
        • Opcode Fuzzy Hash: f0b39ff7a4c28e5b1fdfe792067065d9acff5515c104baa729600cdfd527192d
        • Instruction Fuzzy Hash: 4B41A07660464082FB668B17E454BEE7362F38DBE4F504217EFA907AF5DE38CA848741
        Function 000000014008D432 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: wcsncpy$LongWindow$MessageSendfree
        • String ID: LongDate$Time
        • API String ID: 3861369536-1184810688
        • Opcode ID: f131f44946ca2faca27cde7eb1b1c0c99926b2dc73491f76e2e0a9f24068757a
        • Instruction ID: b974b46f52c4f13ae4eb666a5d379edbf1e9fd90c3fd6ad36df029d6ec87be13
        • Opcode Fuzzy Hash: f131f44946ca2faca27cde7eb1b1c0c99926b2dc73491f76e2e0a9f24068757a
        • Instruction Fuzzy Hash: 7B319A36301A0082FA22CB17A4147DA73A1B79EBE0F945213FF6947AF4EA7CC684C641
        Function 00000001400D3244 Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: __doserrno_errno
        • String ID:
        • API String ID: 921712934-0
        • Opcode ID: ad545a7a5eb9d23abb68cf3b12463611f57dc2d6637280295658be55f9464df7
        • Instruction ID: ec6dacf67ef8c237a30f63c2e458a0bc4d95c248734e0a6a7e4581654313df3e
        • Opcode Fuzzy Hash: ad545a7a5eb9d23abb68cf3b12463611f57dc2d6637280295658be55f9464df7
        • Instruction Fuzzy Hash: F421AE3271868086F61B6F67E9413EE7661AB8DBE1F094115BF150B3F2CBBC8842C761
        Function 00000001400922B9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$ClientCreateLongObjectRectReleaseSelect
        • String ID: Can't create control.$button
        • API String ID: 2656910855-1804316079
        • Opcode ID: 50f25d0ea784d3a1144de906f5d81eb5a4215fa7e32e3f6438b99134fd7a1411
        • Instruction ID: 9e45261d2f1b510f2a73e4d2978b169b6d92b1913de311270dde9a9ecedbd82c
        • Opcode Fuzzy Hash: 50f25d0ea784d3a1144de906f5d81eb5a4215fa7e32e3f6438b99134fd7a1411
        • Instruction Fuzzy Hash: 4C310776605B418AEB52CF6AE8447DA73A0F74C794F044026EF4D57B78DB38C9858B40
        Function 00000001400610DD Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: SendString
        • String ID: close cd wait$open %s type cdaudio alias cd wait shareable$status cd mode
        • API String ID: 890592661-1182961480
        • Opcode ID: b623008924e6aa41acf57bcff2d582ea6a37b8a727334a20b9c3bc4becfc83f0
        • Instruction ID: 413c981e9c5f973b78b4bf7a5a7af0ff5cea8937b5b9c5e84bddf9f7d0e327a8
        • Opcode Fuzzy Hash: b623008924e6aa41acf57bcff2d582ea6a37b8a727334a20b9c3bc4becfc83f0
        • Instruction Fuzzy Hash: 2F117C727149C184F7329BA6EC10BDA2351F79C7F8F801212ABAD4BDE5AE38C685C750
        Function 0000000140037359 Relevance: 9.3, APIs: 6, Instructions: 271windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 11f1efa6304c6e14f19f0f5e0f5bc303de5e70dc929964bb0bc86006a2ce64c0
        • Instruction ID: 256026de99d9cf3ff002d92b8d3527f4485dda61e8902aabdc844707c29aa2bd
        • Opcode Fuzzy Hash: 11f1efa6304c6e14f19f0f5e0f5bc303de5e70dc929964bb0bc86006a2ce64c0
        • Instruction Fuzzy Hash: 14C1C031604B4086EB678B27A4907EA7792BB8DBD4F544216FB5A877F5CB38D881C740
        Function 0000000140037104 Relevance: 9.2, APIs: 6, Instructions: 209windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 4f9453b816e19bcec56ecb85bb6a6c256d7ede63f7291ba5723efc997ddce093
        • Instruction ID: 3062a13442cdb81b198be0dc333b27c03537e0049c1c2e0fc2dee1fafefcf519
        • Opcode Fuzzy Hash: 4f9453b816e19bcec56ecb85bb6a6c256d7ede63f7291ba5723efc997ddce093
        • Instruction Fuzzy Hash: 98A15E32604B4086FB6B8B27E9847EA37A2F78DBD4F540116EB594B6F5DB38D881C740
        Function 000000014003301F Relevance: 9.2, APIs: 6, Instructions: 204windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 4d605923c47389e9cc02143b470628ecc5b39cb261d8f93954f228e6492b11c4
        • Instruction ID: a4602782116666506e0fd3a0ad5bfefcd1b9966ea6b24ed31e46a5ebd05d8295
        • Opcode Fuzzy Hash: 4d605923c47389e9cc02143b470628ecc5b39cb261d8f93954f228e6492b11c4
        • Instruction Fuzzy Hash: CFA18E32605B448AEB6B8B27E8807EA37A1F74DBD4F140116EB9947BF5DB38C885C740
        Function 0000000140033032 Relevance: 9.2, APIs: 6, Instructions: 200windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 235567b4a539b84e1b81d919603877acefeee53b2943336f8ebd81acfbe19734
        • Instruction ID: 93c240c575e31bc1aedfd5c41dd4c06a756d8b00d4753da70155ebfec874e4fa
        • Opcode Fuzzy Hash: 235567b4a539b84e1b81d919603877acefeee53b2943336f8ebd81acfbe19734
        • Instruction Fuzzy Hash: D8A17E72605B448AEB6B8B27E8807EA37A1F74DBD4F140116EB9947BF5DB38C885C740
        Function 00000001400372B7 Relevance: 9.2, APIs: 6, Instructions: 199windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
        • String ID:
        • API String ID: 130734711-0
        • Opcode ID: 9f07d58d0d4aa81e37f2da7414d3382a665a53c98a9daa0cc3974cca9eea0101
        • Instruction ID: b7b6c6495f5e1853da77f15ece4a05a12a4ddb9dbf7fed96c9a9668c7ed4089e
        • Opcode Fuzzy Hash: 9f07d58d0d4aa81e37f2da7414d3382a665a53c98a9daa0cc3974cca9eea0101
        • Instruction Fuzzy Hash: 95A18E32205B4086FB6B8B27E9947EA27A2F74DBD4F540116FB5A47AF5DB38C881C740
        Function 00000001400330A4 Relevance: 9.2, APIs: 6, Instructions: 196windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$free$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 2285768414-0
        • Opcode ID: 5b17608751a2a164f42a96357fd4133f88a9332afe6b4f15cb5daf2bf8fbab40
        • Instruction ID: 52f847c03b826b23b247fa03328dac30ee99f23286bbf4326b9fc937114cde34
        • Opcode Fuzzy Hash: 5b17608751a2a164f42a96357fd4133f88a9332afe6b4f15cb5daf2bf8fbab40
        • Instruction Fuzzy Hash: 31A17E72605B448AEB6B8B27E8807EA37A1F74DBD4F140116EB5947BF5DB38C881C740
        Function 0000000140033075 Relevance: 9.2, APIs: 6, Instructions: 195windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: c2121accbc250d7c23e7a0c62bfa4c0ccf5337ab98f8c4eae53243ba9920d64c
        • Instruction ID: adc9ad99e7b5c9d920b62b5e1cd2f392e971b6f5eb3158599f56def3a74d26cf
        • Opcode Fuzzy Hash: c2121accbc250d7c23e7a0c62bfa4c0ccf5337ab98f8c4eae53243ba9920d64c
        • Instruction Fuzzy Hash: CCA17D72605B448AEB6B8B27E8807EA37A1F74DBE4F140116EB5947BF5DB38C881C740
        Function 0000000140037081 Relevance: 9.2, APIs: 6, Instructions: 193windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
        • String ID:
        • API String ID: 130734711-0
        • Opcode ID: fda96e2a8a9bc7cc17e84f70c67a8b7b9356e97c7db0b368c7509fb5501b6c3c
        • Instruction ID: 1b0914023163c2e64a45956e7af399aa0c4867361e990f590feb0060999324e5
        • Opcode Fuzzy Hash: fda96e2a8a9bc7cc17e84f70c67a8b7b9356e97c7db0b368c7509fb5501b6c3c
        • Instruction Fuzzy Hash: 37A18232205B4486FB6B8B27E8847DA77A1F74DBE4F140216EBA9476F5DB38D881C740
        Function 00000001400383AB Relevance: 9.2, APIs: 6, Instructions: 189windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 6e4b562abde269d2ffce79ad3eb3f33088fa22258cb07a6ee9b7c19f147c17d9
        • Instruction ID: 16975150cb37f0c415594a513e949aeede9941befb4e18578397c8f657ba842e
        • Opcode Fuzzy Hash: 6e4b562abde269d2ffce79ad3eb3f33088fa22258cb07a6ee9b7c19f147c17d9
        • Instruction Fuzzy Hash: F9A15B72205B4486EB6B8B27E8947EA37A1F74DB94F540116EB9A877F5DB38C880C740
        Function 000000014003725C Relevance: 9.2, APIs: 6, Instructions: 187windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 29d46daecfd6c1ab94754c8e42f08b483b4b7ad33dcc187a5e2b26371c78edb2
        • Instruction ID: 0e045dce7a7ac05f1727797ea70e3533dc301ca18eb65ea9c70cbd7f7ed64eab
        • Opcode Fuzzy Hash: 29d46daecfd6c1ab94754c8e42f08b483b4b7ad33dcc187a5e2b26371c78edb2
        • Instruction Fuzzy Hash: 02917C32205B4486FB6B8B27E9847EA27A2F74DBE4F540116FB5947AF5DB38C881C740
        Function 0000000140036127 Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTickWindow$ClipboardCloseForegroundGlobalIconicMessagePeekShowUnlockVisible
        • String ID:
        • API String ID: 1891409732-0
        • Opcode ID: 474db3361d6cb00c851422da59491b9fe19f6d6e608f2924dd988dc52ddf978d
        • Instruction ID: 108dd4720717dc297064358b89f323d10a91c8bb459f775f1ed9779adc1728a3
        • Opcode Fuzzy Hash: 474db3361d6cb00c851422da59491b9fe19f6d6e608f2924dd988dc52ddf978d
        • Instruction Fuzzy Hash: 1B915B32605B4486FB6B8B26E9847EA27A1F74DBE4F140216EB59477F5DB38C881C740
        Function 0000000140038450 Relevance: 9.2, APIs: 6, Instructions: 178windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 7282b611e91975fc39ddc2a89ade70938e04e85031ca618922a3173ec0b826eb
        • Instruction ID: 78785c3cbe08bfba237a871a8be01342995a798ea286aa3158a64a0582c0db41
        • Opcode Fuzzy Hash: 7282b611e91975fc39ddc2a89ade70938e04e85031ca618922a3173ec0b826eb
        • Instruction Fuzzy Hash: 8D916E72605B4486FB6B8B27E8847EA37A1F74DBD4F140116EB99876F5DB38C880C740
        Function 000000014003841E Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 097400ee377d71015732fe70d44ad5a25a5464047df3ee7aac297d07749a10d9
        • Instruction ID: 24258ca19ae4cc376ea46207ffc257fe1ddea7c0f722d8a74cb40f6ec1306204
        • Opcode Fuzzy Hash: 097400ee377d71015732fe70d44ad5a25a5464047df3ee7aac297d07749a10d9
        • Instruction Fuzzy Hash: 37916C32605B4486FB6B8B27E9847EA37A1F74DBE4F140116EB99876F5DB38C881C740
        Function 0000000140038486 Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 20937d07b7ec443d1290ccb3687e343834777417b315d4c58962611b6f3c9465
        • Instruction ID: 9ede9284b01ad9c54fa9553e724d8f5eaf42f20ea0b45159e10fb819c5f11bf2
        • Opcode Fuzzy Hash: 20937d07b7ec443d1290ccb3687e343834777417b315d4c58962611b6f3c9465
        • Instruction Fuzzy Hash: 0F916D32605B4486FB6B8B27E9847EA37A1F74DBE4F540116EB59876F5CB38C881C740
        Function 0000000140037FEE Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 89bed825c10a8107c2bdd71ce8bdbcd5eda30dcc88ab4f522c63f73569ed4c61
        • Instruction ID: 8d5b52684aa429c7ee70d31da494f3550016cab0babc622c643ff50bf017b42f
        • Opcode Fuzzy Hash: 89bed825c10a8107c2bdd71ce8bdbcd5eda30dcc88ab4f522c63f73569ed4c61
        • Instruction Fuzzy Hash: C8819232604B4486FB6B8B27E9847EA37A1F74DBD4F540116EB59876F5CB38C881C740
        Function 00000001400381A6 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 13c65b8809adb2771ee3ee3802194ef110178492ea5e1fd7a7bb93b5b5393b89
        • Instruction ID: 44bea928dbf1d718e2dcfe6261f4a1a9470d8100de863f413b05a363a9f97bca
        • Opcode Fuzzy Hash: 13c65b8809adb2771ee3ee3802194ef110178492ea5e1fd7a7bb93b5b5393b89
        • Instruction Fuzzy Hash: 9E819F32605B4486FB6B8B27E9847EA37A1F74DBE4F140116EB5987AF5CB38C881C740
        Function 00000001400363A7 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountInternetTick$CloseOpen$ClipboardGlobalHandleMessagePeekUnlock_wcstoi64
        • String ID:
        • API String ID: 2751744677-0
        • Opcode ID: 294336bac3d7c789dc46a71d9fc15464a765e6c2eabe80b3a43f82402f17de1c
        • Instruction ID: 59822f3d5b07b7ced912f3e283c707f6eeb56b668b6f5dfc93c5f8bd2cf687a7
        • Opcode Fuzzy Hash: 294336bac3d7c789dc46a71d9fc15464a765e6c2eabe80b3a43f82402f17de1c
        • Instruction Fuzzy Hash: E0817E72605B4486FB6B8B27E9847EA37A1F74DBE4F140116EB59876F5CB38C881C740
        Function 0000000140035FE9 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
        • String ID:
        • API String ID: 4284707085-0
        • Opcode ID: efb604493175c8fb7e7ff0e03cb91f20f8723b5744976cdd8e6ada504cb0779b
        • Instruction ID: 36d95e66d007a8a1702a47698cd9b2a5230d39607dfe82fb474ea644de980a3e
        • Opcode Fuzzy Hash: efb604493175c8fb7e7ff0e03cb91f20f8723b5744976cdd8e6ada504cb0779b
        • Instruction Fuzzy Hash: 1B818E32605B4086FB6B8B27E9847EA37A1F74DBE4F540116EB5947AF5CB38C881C740
        Function 0000000140038237 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 123a06987ecf8c68c36598631fe68ac086bdb585f4291db41096250623765460
        • Instruction ID: d372c14478e038978bf52c0b34d9c52277e846fd01df17490c32a7e7b1a393da
        • Opcode Fuzzy Hash: 123a06987ecf8c68c36598631fe68ac086bdb585f4291db41096250623765460
        • Instruction Fuzzy Hash: A0819F32605B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5A876F5CB38C881C740
        Function 0000000140037341 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalKeyboardLayoutMessagePeekUnlock
        • String ID:
        • API String ID: 2243892272-0
        • Opcode ID: 1901fdd2645866d56a98b11b3b4c0bb1e7609c20aa904f69cdda5b055c0becaf
        • Instruction ID: c96983479b17fdde475b0f50e44497174fa8529c2231265a3e3e9b4271bfab20
        • Opcode Fuzzy Hash: 1901fdd2645866d56a98b11b3b4c0bb1e7609c20aa904f69cdda5b055c0becaf
        • Instruction Fuzzy Hash: 6C817E32605B4486FB6B8B27E9847EA37A1F74DBE4F140116EB59876F5CB38C881C740
        Function 0000000140038393 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 6d056b46ac2f48d444ca0ef7efcdfc88a25621fc441d703d756864a16657adbd
        • Instruction ID: 5cf0ce040c48bd4e97a3c20b0c30d7139442da201f03fc45af4066b4fa01dbfd
        • Opcode Fuzzy Hash: 6d056b46ac2f48d444ca0ef7efcdfc88a25621fc441d703d756864a16657adbd
        • Instruction Fuzzy Hash: 60817E32605B4486FB6B8B27E9847EA37A1F74DBE4F140116EB5987AF5CB38C881C740
        Function 000000014003820B Relevance: 9.2, APIs: 6, Instructions: 167windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: cfb7359b5f75b4019ebd8be0a8b89bbec5e4653d2b16b609817c35d838be6548
        • Instruction ID: 5e2923f897fe513f2e3a7ab9933315d18b27bae760ae73d00eaa2373f2707fc5
        • Opcode Fuzzy Hash: cfb7359b5f75b4019ebd8be0a8b89bbec5e4653d2b16b609817c35d838be6548
        • Instruction Fuzzy Hash: F6819032604B4486FB6B8B27E9847EA37A1F74DBE4F140116EB5947AF5CB38C881C740
        Function 000000014003821B Relevance: 9.2, APIs: 6, Instructions: 167windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 8bd50bdc9f44a6e81e26301daec8a8591ef9c6b9d41d691b31a5051d0f2cbb18
        • Instruction ID: a8d325e737a768574cd6545b6052048c37d5ca1428fe52325d3bd1e965384067
        • Opcode Fuzzy Hash: 8bd50bdc9f44a6e81e26301daec8a8591ef9c6b9d41d691b31a5051d0f2cbb18
        • Instruction Fuzzy Hash: 6481AF32604B4486FB6B8B27E8847EA37A1F74DBE4F140116EB5987AF5CB38C881C740
        Function 0000000140038224 Relevance: 9.2, APIs: 6, Instructions: 167windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 10b5a820dcae4762e7fec9a5713a5cc860debfb8a06dee147a4ccc748156b657
        • Instruction ID: cab89d96ecfced6d3122158effd6b8ee9174d2f78fc40e5ec4ef27a80affa3ab
        • Opcode Fuzzy Hash: 10b5a820dcae4762e7fec9a5713a5cc860debfb8a06dee147a4ccc748156b657
        • Instruction Fuzzy Hash: 4D818032605B4486FB6B8B27E9847EA37A1F74DBE4F140116EB5947AF5CB38D881C740
        Function 00000001400381FE Relevance: 9.2, APIs: 6, Instructions: 166windowclipboardCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
        • String ID:
        • API String ID: 1623861271-0
        • Opcode ID: 5310c27edf3264255273b9b238ebac3364617d6b5671075f11a92825f77b75ae
        • Instruction ID: 9352bc3e8c24dcb03e778793e608d2337ff5949a586c76a5c309c754917cbfc7
        • Opcode Fuzzy Hash: 5310c27edf3264255273b9b238ebac3364617d6b5671075f11a92825f77b75ae
        • Instruction Fuzzy Hash: 65818032605B4486FB6B8B27E9847EA37A1F74DBE4F140116EB5947AF5CB38D881C740
        Function 00000001400CE184 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        • _getptd.LIBCMT ref: 00000001400CE1A3
          • Part of subcall function 00000001400CE878: _amsg_exit.LIBCMT ref: 00000001400CE88E
          • Part of subcall function 00000001400CDDC0: _getptd.LIBCMT ref: 00000001400CDDCA
          • Part of subcall function 00000001400CDDC0: _amsg_exit.LIBCMT ref: 00000001400CDE67
          • Part of subcall function 00000001400CDE7C: GetOEMCP.KERNEL32 ref: 00000001400CDEA6
          • Part of subcall function 00000001400D0A90: malloc.LIBCMT ref: 00000001400D0ABB
          • Part of subcall function 00000001400D0A90: Sleep.KERNEL32(?,?,00000000,00000001400CF2FD,?,?,?,00000001400CF3A7,?,?,00000000,00000001400CE795,?,?,00000000,00000001400CE84C), ref: 00000001400D0ACE
        • free.LIBCMT ref: 00000001400CE22E
          • Part of subcall function 00000001400CB13C: HeapFree.KERNEL32(?,?,00000000,00000001400CE860,?,?,00000000,00000001400CE883,?,?,?,00000001400CA7AB,?,?,00000000,00000001400CFD3B), ref: 00000001400CB152
          • Part of subcall function 00000001400CB13C: _errno.LIBCMT ref: 00000001400CB15C
          • Part of subcall function 00000001400CB13C: GetLastError.KERNEL32(?,?,00000000,00000001400CE860,?,?,00000000,00000001400CE883,?,?,?,00000001400CA7AB,?,?,00000000,00000001400CFD3B), ref: 00000001400CB164
        • _lock.LIBCMT ref: 00000001400CE25E
        • free.LIBCMT ref: 00000001400CE301
        • free.LIBCMT ref: 00000001400CE32D
        • _errno.LIBCMT ref: 00000001400CE332
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: free$_amsg_exit_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
        • String ID:
        • API String ID: 3894533514-0
        • Opcode ID: 109706b8a66771fc516ae501ca6e0cea2c3d92e95fc340ac98deb16d56ffc451
        • Instruction ID: ce9c465b5f9671af8fabbfb1ec33ac92ab35e6e81bac7191a63f217f3f5ab8f5
        • Opcode Fuzzy Hash: 109706b8a66771fc516ae501ca6e0cea2c3d92e95fc340ac98deb16d56ffc451
        • Instruction Fuzzy Hash: E7516A326087C086E76A9B26A4503ED7BA5F78CBD4F584116EB5A477F6CB38C442C701
        Function 000000014009F310 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$PointsRect
        • String ID:
        • API String ID: 467674420-0
        • Opcode ID: 0b0b22af914a2d0afc4da98d83331fd535dbec743a4d1b94c18d9b66846e12a3
        • Instruction ID: 59eaf44d3465d8b35417c64751a2ed678019201740f9ddbd26216175fbe25e1a
        • Opcode Fuzzy Hash: 0b0b22af914a2d0afc4da98d83331fd535dbec743a4d1b94c18d9b66846e12a3
        • Instruction Fuzzy Hash: B2316F7221458486E7658B26E454BE96361F38CBA8F248315EBB947EE4CB3CC985DB00
        Function 0000000140053347 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 244COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: DisplayEnumMonitors
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 2950131505-457448710
        • Opcode ID: a6169deb700a0e06f37d64f9ab29cc62b220a76634873c38644ab5e33e9c4608
        • Instruction ID: 96d1a0763dbeee97bcac7c2d280f6e143df5d11a56b7374a967e5be6b0df98fa
        • Opcode Fuzzy Hash: a6169deb700a0e06f37d64f9ab29cc62b220a76634873c38644ab5e33e9c4608
        • Instruction Fuzzy Hash: 0C910333704A4485FB53CB26E5053E963A5E74CBE8F944226EF1D076E5EB7AC986C340
        Function 0000000140052FED Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 215COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: DisplayEnumMonitors
        • String ID: %sBottom$%sLeft$%sRight$%sTop
        • API String ID: 2950131505-791481470
        • Opcode ID: 1b9fb7368a7a5ec7767aa46219a4a426b4fea46ff8534c9f762eca01c8b13fa5
        • Instruction ID: 6104fbdd180b1ebbca2dd57d5ea3ef4db4be125a42b8e785361d8841bedf7361
        • Opcode Fuzzy Hash: 1b9fb7368a7a5ec7767aa46219a4a426b4fea46ff8534c9f762eca01c8b13fa5
        • Instruction Fuzzy Hash: E991C232315A4596EB26DF62A8503EE67A0F78CBC8F84411AFB4D177A9DB38CA05C740
        Function 00000001400B0330 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 206COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _ui64towx64tow
        • String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
        • API String ID: 1462570195-457448710
        • Opcode ID: 7c0da6fabf652102797557f9628538cc1f138ae57cd20c1162d02663d21464b3
        • Instruction ID: e1e60c201c17dd59cff7637964c0dd54fa8a0926c9b49d58692abcb5b6801267
        • Opcode Fuzzy Hash: 7c0da6fabf652102797557f9628538cc1f138ae57cd20c1162d02663d21464b3
        • Instruction Fuzzy Hash: 2091DFB2604F8081EB62DF66D4443D963B2E79CBD8F548212EB5E17AE9DB78C842C700
        Function 000000014009B300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 197COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID: 0
        • API String ID: 0-4108050209
        • Opcode ID: ecd6a1a0488ee25ef857c356cbce38797bf3ad880ef3e3f6284c6a284c5b08ce
        • Instruction ID: df47dac0959f8134fbde6b7bf792d9b721d089bc68ee7e9e8f38af09b3997321
        • Opcode Fuzzy Hash: ecd6a1a0488ee25ef857c356cbce38797bf3ad880ef3e3f6284c6a284c5b08ce
        • Instruction Fuzzy Hash: 7571DE32601A1582EF669B1796987FE6395F78CBE4F898025FF49477F5DB38C8828304
        Function 000000014007E07E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 147COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: LongWindow_errno_invalid_parameter_noinfo
        • String ID: 0x%08X$Memory limit reached (see #MaxMem in the help file).
        • API String ID: 2099978093-1054076255
        • Opcode ID: e4935590cbc62a702f174648dc692bf73cee3755c9a1e52cea24068a89b4d623
        • Instruction ID: af5fdc5f26cf2f9e228e43a7565cac3d066cbcd2e19132fa692e3dbde0dfaddd
        • Opcode Fuzzy Hash: e4935590cbc62a702f174648dc692bf73cee3755c9a1e52cea24068a89b4d623
        • Instruction Fuzzy Hash: 0061B132205AC085EB239F26D4153E86762F74DBE8F544212FB6E176FADB78C985C341
        Function 00000001400DD334 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _getptd$CallTranslator_amsg_exit
        • String ID: MOC$RCC
        • API String ID: 1374396951-2084237596
        • Opcode ID: f0490d82c3152d226713c68da8ad3ed72ecbe5da1afd90ea43171ad09c610d99
        • Instruction ID: 618cddc3978ddaf1eda6e7762d9c092d86c6106030b4caabdf5e1d2aa95b0d50
        • Opcode Fuzzy Hash: f0490d82c3152d226713c68da8ad3ed72ecbe5da1afd90ea43171ad09c610d99
        • Instruction Fuzzy Hash: 2E61AF72204AC196EF21DF06E1843EDB3A1FB89BD8F444526FB8E436A9DB78C156C710
        Function 000000014008D208 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 137windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSendTextWindowfree
        • String ID: $.
        • API String ID: 1940615249-3929174939
        • Opcode ID: ef4354657f3a90f0dddbe7cf17e695981790e630a7beee99e456c061524a9924
        • Instruction ID: d88c4c12fb166030a45d8ba9f873245aa0f10129152134ecffbe905dc60b18a5
        • Opcode Fuzzy Hash: ef4354657f3a90f0dddbe7cf17e695981790e630a7beee99e456c061524a9924
        • Instruction Fuzzy Hash: E651AD77A0565081FBBA5B07A6907FA73A1B72D7E0F544317FF66076F4EA38CA818201
        Function 00000001400401C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CloseHandleInfofree
        • String ID: %s (%d) : ==> Warning: %s$This variable has not been assigned a value.
        • API String ID: 3828278840-1383411024
        • Opcode ID: 1e6362a6c0a85336ba1fe3f2ae1b3fbafeb69316f478db661aee68edd0b1e3fc
        • Instruction ID: fb0eac697b5f55007fa4abc33d582baeb4f189838cc25100ec0d8e8fa4020945
        • Opcode Fuzzy Hash: 1e6362a6c0a85336ba1fe3f2ae1b3fbafeb69316f478db661aee68edd0b1e3fc
        • Instruction Fuzzy Hash: 0B413636B10B608AE711DFA6D8447DD37B5F708BB8F150319EE6927AE8CB74894AC740
        Function 00000001400572A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85registryCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CloseOpenQueryValue
        • String ID: InstallDir$SOFTWARE\AutoHotkey
        • API String ID: 3677997916-1488329376
        • Opcode ID: b466d426b49704074212477563699983142115fa842fe7501527ebdb8d9179d4
        • Instruction ID: c4cef63d70eccadabbb6e46286a49b338ab0521d67edae509f39682bae8ba37a
        • Opcode Fuzzy Hash: b466d426b49704074212477563699983142115fa842fe7501527ebdb8d9179d4
        • Instruction Fuzzy Hash: 2131B772718B8581EB75CB16F0947AE7360F788BA4F445218EF4D03B68EB79C544EB44
        Function 00000001400920FC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$ClientCreateDestroyIconLongObjectRectReleaseSelect
        • String ID: Can't create control.$static
        • API String ID: 95896621-3511495095
        • Opcode ID: b9c9e5cf28bbfc12fa7f1ded94f36d5b7ba181e00f6f085c62c93e8a6c72827b
        • Instruction ID: 586b41cfcac70b225bb06d45e52b89bd9bc2ab7f57b92327c33eb7e6637d0895
        • Opcode Fuzzy Hash: b9c9e5cf28bbfc12fa7f1ded94f36d5b7ba181e00f6f085c62c93e8a6c72827b
        • Instruction Fuzzy Hash: 4D311872705B808AEB52CF2AE8807D977A1F78C798F148026EF4D57B68DB38C945CB00
        Function 00000001400920F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$ClientCreateLongObjectRectReleaseSelect
        • String ID: Can't create control.$SysLink
        • API String ID: 2656910855-3028581624
        • Opcode ID: 187dacbb8b5fff3ff1a32d70668f6491b4fea5f9171416759f30824f2cabf329
        • Instruction ID: 2cfabf15e7c1e96764ab6fee26cfd8654ef4d23826f6ae420ef9f437b0e89eaa
        • Opcode Fuzzy Hash: 187dacbb8b5fff3ff1a32d70668f6491b4fea5f9171416759f30824f2cabf329
        • Instruction Fuzzy Hash: 9B21F576615B448AE752CF2AE8847D9B3A0F74C798F144026EF4D97B78DB38C985CB00
        Function 0000000140092092 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Window$ClientCreateLongObjectRectReleaseSelect
        • String ID: Can't create control.$static
        • API String ID: 2656910855-3511495095
        • Opcode ID: 74a460700f89ba3631fccc509e9a503001f12f21eafbafbeaf1e3d31e356fc6d
        • Instruction ID: 24443537530292a5bba8a5bbc44f5f6151a38f243848a12f11cb1f8d14d4f26f
        • Opcode Fuzzy Hash: 74a460700f89ba3631fccc509e9a503001f12f21eafbafbeaf1e3d31e356fc6d
        • Instruction Fuzzy Hash: 9521F576605B448AE752CF2AE8847D9B3A0F74C7A4F044026EF4D57B78DB38C985CB40
        Function 0000000140006150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50memoryCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Global$AllocFreeLock
        • String ID: GlobalAlloc$GlobalLock
        • API String ID: 1811133220-3672399903
        • Opcode ID: 8f22c79f6ff120e713cba6eef59eb92bb55781e15e9997acd70aed08b5eb5b7b
        • Instruction ID: cfcc7725783d3f4ebcc837005b3bde5563758961b10d454640ff62f38f04c752
        • Opcode Fuzzy Hash: 8f22c79f6ff120e713cba6eef59eb92bb55781e15e9997acd70aed08b5eb5b7b
        • Instruction Fuzzy Hash: 1B117CB1601B4180EF4ACF2AF4953D963A1EB5CBD4F488026EB0D57375EE38C895C780
        Function 00000001400B4270 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: IsHungAppWindow$user32
        • API String ID: 1646373207-934392274
        • Opcode ID: 79ec18cd1f680e3375ba6980ca63f5e8a7abe44e8477829b0f09d8bf2ef3148d
        • Instruction ID: f93818421c4755a5979725df5a17ac61cb9549587fe780a3e60af5a008abf7a4
        • Opcode Fuzzy Hash: 79ec18cd1f680e3375ba6980ca63f5e8a7abe44e8477829b0f09d8bf2ef3148d
        • Instruction Fuzzy Hash: 85116171611B4082FF56CFA6B85179A27A0AB8C795F481024FF0E57770EB3CC9949740
        Function 00000001400823E0 Relevance: 7.6, APIs: 5, Instructions: 125comCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: From$CreateInstanceString$Prog
        • String ID:
        • API String ID: 3834119650-0
        • Opcode ID: 61031ba02ab02c2ce1f3a224b7187c486455ee52ea18fdb3234dfc2014831d33
        • Instruction ID: 23b2d654c57cc6e0fc67192e4f5bcbdb9c33aa0a897bf8a07065a27dbdc390f4
        • Opcode Fuzzy Hash: 61031ba02ab02c2ce1f3a224b7187c486455ee52ea18fdb3234dfc2014831d33
        • Instruction Fuzzy Hash: 3A516A37215B4586EB66CF27E0147E937A1F788BC4F849026EB4907BA9EF78C644CB50
        Function 000000014009F440 Relevance: 7.6, APIs: 5, Instructions: 117windowstringCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$lstrcmpi
        • String ID:
        • API String ID: 2977491028-0
        • Opcode ID: 9bce079cc20f1bcf9d1422d9de44bf83f4e7d442afdd32916aa2e3bbe7eec63d
        • Instruction ID: 9d4538e7ea393475f8f0eca14e56e09922df181b40cfccdc9911cea4f57f5e8e
        • Opcode Fuzzy Hash: 9bce079cc20f1bcf9d1422d9de44bf83f4e7d442afdd32916aa2e3bbe7eec63d
        • Instruction Fuzzy Hash: 02512D76608E8087E7729F36E4003FA63A1F7897E4F654212EBA747AE4DF78D4459700
        Function 0000000140048230 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 111COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errnomalloc$AllocHeap_callnewhfree
        • String ID: ,$Out of memory.
        • API String ID: 801159779-2084262015
        • Opcode ID: 39c7bdd641382003473a023146e476accbbc6efc536198e0aabeaef59b00f238
        • Instruction ID: f0bdb3a6ac0edf0eb3f6e3df36ed78b83a06a650254888ccf9f0234c1c38cfc0
        • Opcode Fuzzy Hash: 39c7bdd641382003473a023146e476accbbc6efc536198e0aabeaef59b00f238
        • Instruction Fuzzy Hash: 16516772A01B41CAEB66DF16D0803AD37B1F748F88F458526EF49033A9EB79D891C748
        Function 00000001400592E0 Relevance: 7.6, APIs: 5, Instructions: 108windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$EnabledRectVisible
        • String ID:
        • API String ID: 2297660776-0
        • Opcode ID: aa785951e507a372b261fe4d728c313563e9fb9c58a45a18e7f7726c26542c96
        • Instruction ID: 8da9e8644e730bf84fe4861cbdc8a0aaf3f88b09ab2c37935d7e747201010214
        • Opcode Fuzzy Hash: aa785951e507a372b261fe4d728c313563e9fb9c58a45a18e7f7726c26542c96
        • Instruction Fuzzy Hash: 84416072514B408AE713DF36D400789B3A9FB99BC4F148316FB8567579D735D892CA40
        Function 0000000140077400 Relevance: 7.6, APIs: 5, Instructions: 103windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: IconImageList_$DeleteDestroyMaskedObjectReplaceSize
        • String ID:
        • API String ID: 1613341713-0
        • Opcode ID: cc46fdd3826f36c433099d306a1208928640b41f1a1c1845d98bba346ec6dff1
        • Instruction ID: beb1e7f1496934889a74a1e9d72987837c3f345f5f5bd178a284d4fdbb5ccdc2
        • Opcode Fuzzy Hash: cc46fdd3826f36c433099d306a1208928640b41f1a1c1845d98bba346ec6dff1
        • Instruction Fuzzy Hash: CE31B032204B8082EB66DF17A4547AAB2A1F789BD0F044124FF9E57BA5DF3CC895CB40
        Function 0000000140066310 Relevance: 7.6, APIs: 5, Instructions: 101fileCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: File$CloseCreateErrorHandleLastWritefree
        • String ID:
        • API String ID: 2877028684-0
        • Opcode ID: 6d00a70b2e4780eefcc1c3f61eafca73d111171ff2b15f883417e8a98f270794
        • Instruction ID: cae7f3b278f804fd398ce67a8515daf625ebec1ccf9aa7c391d63a747e42341a
        • Opcode Fuzzy Hash: 6d00a70b2e4780eefcc1c3f61eafca73d111171ff2b15f883417e8a98f270794
        • Instruction Fuzzy Hash: 9841B17220465086E766CF27E9407DA6691B74CBE4F584229EF6D47BE5CF38C9498700
        Function 0000000140085220 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ArraySafe$BoundData$AccessElemsizeUnaccessmalloc
        • String ID:
        • API String ID: 3034385915-0
        • Opcode ID: a288e77af3a30e16dd64c0d593562bd2df9877f7609cf98968f937762e46a890
        • Instruction ID: c68ac87437bc80a01c2a5de600b48a5821ac1887ea8dee9998c1ffa3f6014606
        • Opcode Fuzzy Hash: a288e77af3a30e16dd64c0d593562bd2df9877f7609cf98968f937762e46a890
        • Instruction Fuzzy Hash: 39315C76304B4082E7169F16F5403AAABA5FB8CBD4F044125EF8A47B64DF38D595CB00
        Function 00000001400CB1C0 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        • DecodePointer.KERNEL32(00000000,?,?,00000001400CB2D5,?,?,?,?,00000001400CBDDB), ref: 00000001400CB1E9
        • DecodePointer.KERNEL32(?,?,?,?,00000001400CBDDB), ref: 00000001400CB1F9
          • Part of subcall function 00000001400CD85C: _errno.LIBCMT ref: 00000001400CD865
          • Part of subcall function 00000001400CD85C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CD870
        • EncodePointer.KERNEL32(?,?,?,?,00000001400CBDDB), ref: 00000001400CB277
          • Part of subcall function 00000001400D0B94: Sleep.KERNEL32(?,?,?,?,?,?,00000000,00000001400CB267,?,?,?,?,00000001400CBDDB), ref: 00000001400D0BDB
        • EncodePointer.KERNEL32(?,?,?,?,00000001400CBDDB), ref: 00000001400CB287
        • EncodePointer.KERNEL32(?,?,?,?,00000001400CBDDB), ref: 00000001400CB294
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Pointer$Encode$Decode$Sleep_errno_invalid_parameter_noinfo
        • String ID:
        • API String ID: 3588582179-0
        • Opcode ID: 389e76b12a1bb8edd79487aaf6e67214a8ca23d3a200486bba08ca852d1ce5c5
        • Instruction ID: 294d77211481f233aaf18b32e2664592c98510119121c20d1f7562fd27639c63
        • Opcode Fuzzy Hash: 389e76b12a1bb8edd79487aaf6e67214a8ca23d3a200486bba08ca852d1ce5c5
        • Instruction Fuzzy Hash: DA215E7131AB4081EA4A9B53F9883D9A3A1B78CBD0F444825EB0E1B7B5EF3CC485C740
        Function 00000001400AA0C0 Relevance: 7.6, APIs: 5, Instructions: 70registryCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Enum$CloseDeleteOpen
        • String ID:
        • API String ID: 2095303065-0
        • Opcode ID: 0fd04eeb47e737fe728a8ef04234e80c67d53f31ee84a57d475950a7ca86ddd7
        • Instruction ID: 686ce5e9e7a5a1083982448075d12c01550f8405be44116c87185ecfb276fdf3
        • Opcode Fuzzy Hash: 0fd04eeb47e737fe728a8ef04234e80c67d53f31ee84a57d475950a7ca86ddd7
        • Instruction Fuzzy Hash: C4312332214B8592E7618F62F4847DA63A5F7897D4F500221FB8D43EA4EF3DC99ACB00
        Function 00000001400041D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 191timeCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: CountTick$KillTimerwcsncpy
        • String ID: call
        • API String ID: 2737708082-3431870270
        • Opcode ID: 9ba35ae6d852eab9cc4f5e2c017a26cf3e1cefcf921943f121d85382a6f7e51f
        • Instruction ID: f95e5607c05e947690bac7165b8c783dc35a94b9d358afc1e5d52d72a08c9308
        • Opcode Fuzzy Hash: 9ba35ae6d852eab9cc4f5e2c017a26cf3e1cefcf921943f121d85382a6f7e51f
        • Instruction Fuzzy Hash: 16914EF6205A8085EB6BDF23B5407EA77A4F74CBC8F584019EB4907ABACB38C954C745
        Function 00000001400411A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 86COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: DebugOutputString
        • String ID: Specifically: %s$%s (%d) : ==> Warning: %s$static
        • API String ID: 1166629820-2897262835
        • Opcode ID: e8bf98ab860bfc104ec213d741de2fed6d7cb7235f427265240e90bdc4af1321
        • Instruction ID: a569e6c1d9b8b4a063e14540578c1636ce7e1f2ac5a1e0d1c6cd25646f5bf84e
        • Opcode Fuzzy Hash: e8bf98ab860bfc104ec213d741de2fed6d7cb7235f427265240e90bdc4af1321
        • Instruction Fuzzy Hash: 01310032314A9081EA629F13E540BEE6360F39CBC8F894032FF499B6A5DB7CC951CB44
        Function 000000014007D0E2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73windowtimeCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ClassMessageNameSendTimeout
        • String ID: Combo$List
        • API String ID: 1632441287-1246219895
        • Opcode ID: 21cdfcbd7e9d3514e49a9d69b3896e6c74861b260b999655f644f05842b0c17d
        • Instruction ID: 8be66f84869190e859fe06f2c03a979eaae2e268e10ac28d2c71cebfdc21f0cc
        • Opcode Fuzzy Hash: 21cdfcbd7e9d3514e49a9d69b3896e6c74861b260b999655f644f05842b0c17d
        • Instruction Fuzzy Hash: 2C315E71204A8085EB228F26A8103E93761F74D7FCF482312AF7D1BAE9DB78D645D741
        Function 0000000140019440 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Window$CountForegroundTextTick
        • String ID: N/A
        • API String ID: 3416458291-2525114547
        • Opcode ID: a8c7e94dea92ce166af4baa1c13c7675e1374f56dd6da2e29878908e67691d45
        • Instruction ID: 0ff4e04d2c09255709d978ec1afe1c238b77e7ff07147b96e45302bd49f5d766
        • Opcode Fuzzy Hash: a8c7e94dea92ce166af4baa1c13c7675e1374f56dd6da2e29878908e67691d45
        • Instruction Fuzzy Hash: DD310872220A4486EB1B8B57E4903A4BBA2FB4DF91F859217EB4A1B774DB3CC955C700
        Function 000000014007C40B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66windowtimeCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ClassMessageNameSendTimeout
        • String ID: Combo$List
        • API String ID: 1632441287-1246219895
        • Opcode ID: acce48bc362dadf2973d1392184fb4927ab118aee4c695d91edc31ebb8035b55
        • Instruction ID: 0a9b2bd02132481ba659bfbcc8eb86b5e897211ae441ff3479110348ddbd53b8
        • Opcode Fuzzy Hash: acce48bc362dadf2973d1392184fb4927ab118aee4c695d91edc31ebb8035b55
        • Instruction Fuzzy Hash: 8E218932310A4486EB628B26A4507E93361E78CBF8F54131AAE7E17BE5CB38C9468750
        Function 00000001400D844C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno$_invalid_parameter_noinfo
        • String ID: 1
        • API String ID: 2819658684-2212294583
        • Opcode ID: b66b18a0ad2e5606eb3a2c2ce67122ce02e6b3723ecac1807372755083fef892
        • Instruction ID: 2a874c7145d78bbc8a20808d5612bedfd8fe2b9bc817f2ada25311b96d18bdda
        • Opcode Fuzzy Hash: b66b18a0ad2e5606eb3a2c2ce67122ce02e6b3723ecac1807372755083fef892
        • Instruction Fuzzy Hash: 1621D1322196D186F77B9F2694503EC6AA4AF0DBC4F99C051BB46072E3D6398942C331
        Function 00000001400A3010 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: DeleteDestroyIconInfoItemMenuObject
        • String ID: P
        • API String ID: 2083505926-3110715001
        • Opcode ID: d302b8c7f35972131082b0032d13252aeb2466c1298656b786be5eaf2f3cf4d8
        • Instruction ID: c449cd8ef24ddf93437870978801a00ded9cbf335fcb4e69138917d6f148c5f9
        • Opcode Fuzzy Hash: d302b8c7f35972131082b0032d13252aeb2466c1298656b786be5eaf2f3cf4d8
        • Instruction Fuzzy Hash: CE0168B2605600C7F7668F11E454B5A3760F758F59F540204F7990B6A4DB7EC8D9CB80
        Function 00000001400CC40C Relevance: 6.2, APIs: 4, Instructions: 195COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno$_getptd_invalid_parameter_noinfoiswctype
        • String ID:
        • API String ID: 2104083562-0
        • Opcode ID: 5f5cea9316339b8af21edcc742db5d28af49afbffbc74d08e007f4a513abdd7d
        • Instruction ID: 94f4c59394c95d84e7f7619928f4ba3920827baa7310f5e315ffdab792fd20d2
        • Opcode Fuzzy Hash: 5f5cea9316339b8af21edcc742db5d28af49afbffbc74d08e007f4a513abdd7d
        • Instruction Fuzzy Hash: 4E61E472A2879041FBBF9A17D505BFA61C0B70CBE4F549221FF66472E4E678D885D302
        Function 00000001400AD420 Relevance: 6.2, APIs: 4, Instructions: 166COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: dc6609f98a321d457719d17f248d254f1e515cd4716de93c8bfb96e4aad9c818
        • Instruction ID: 912611a06b7140c93094ae95e9d2ab4761e6273defb0a97a32100e0eb9b7f05b
        • Opcode Fuzzy Hash: dc6609f98a321d457719d17f248d254f1e515cd4716de93c8bfb96e4aad9c818
        • Instruction Fuzzy Hash: 4D51847260565086E7628B23A4443BA72A2F76CBD9F550317FF9A076F4D7B8C9C2CB00
        Function 0000000140083420 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ArraySafe$CreateDestroy_wcstoi64
        • String ID:
        • API String ID: 2980161006-0
        • Opcode ID: a92a3b1dae550654e6899fed9ee5c30a56ef72f4ab902b8eb9e34a27a048be99
        • Instruction ID: 70fb15a203683e5e89c7b5be89388dc9d4cd4f6a1675ed924eda75c4c9fec99f
        • Opcode Fuzzy Hash: a92a3b1dae550654e6899fed9ee5c30a56ef72f4ab902b8eb9e34a27a048be99
        • Instruction Fuzzy Hash: 07516E73605B4582EB6A9F1794143EA77A1F7CCBC0F58A425EB4A077B1DB38CA91C340
        Function 00000001400CF464 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: DecodePointer_errno_invalid_parameter_noinfo_lock
        • String ID:
        • API String ID: 27599310-0
        • Opcode ID: fc451fa2b97929f991582e03dcc6565a7d1408add17b792135b44005ccd0b83b
        • Instruction ID: c7881b183dd333681dfb32222ecf5adabdc7b3d0edcf91fa4c5d4c0e17bf7bf1
        • Opcode Fuzzy Hash: fc451fa2b97929f991582e03dcc6565a7d1408add17b792135b44005ccd0b83b
        • Instruction Fuzzy Hash: 0D517D32608B4086FA6F9F17A5843FA76A1E78D7D4F64411AFB5B477B4CB38C841E602
        Function 000000014009E110 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Rect$Window$IntersectParent
        • String ID:
        • API String ID: 3824346474-0
        • Opcode ID: 4163e854287d7cbbe7da3c3610b07b5988a1dd8210547b099a12a64f5cea7c80
        • Instruction ID: 6b9d86e798b214da7b80190168c11cf2d04dfbdc4b67f8a63cf84e121ea38342
        • Opcode Fuzzy Hash: 4163e854287d7cbbe7da3c3610b07b5988a1dd8210547b099a12a64f5cea7c80
        • Instruction Fuzzy Hash: 8B3182332186819ADA62CF36E44079EB7A1F788FC4F044311FB89579A9CB39DD52CB40
        Function 000000014009E000 Relevance: 6.1, APIs: 4, Instructions: 77windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MessageSend$Color
        • String ID:
        • API String ID: 3922397608-0
        • Opcode ID: 90ca506bcc4f3a7fc2fe7924679c0295cbdaa10ad3c3741bfd465a38438a5401
        • Instruction ID: 9511c27309409c6a75130a34226e57c59c453d0376197965d87765e8dc615cf0
        • Opcode Fuzzy Hash: 90ca506bcc4f3a7fc2fe7924679c0295cbdaa10ad3c3741bfd465a38438a5401
        • Instruction Fuzzy Hash: 24318E3270058086FBB68B26D5507EA26A1E78CBE4F144221FB5987BF9DB76CCD1C740
        Function 00000001400A30A0 Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Object$Delete$IconInfo
        • String ID:
        • API String ID: 507670407-0
        • Opcode ID: 730c27fdcce52354a3bc1d284028051d1f64c5cdcc607ba8388cf660ab0ce672
        • Instruction ID: 4aff32f9beea35d12e4bf2dfcb074e717c96d91b896d250f04c407ba4d6c7c9a
        • Opcode Fuzzy Hash: 730c27fdcce52354a3bc1d284028051d1f64c5cdcc607ba8388cf660ab0ce672
        • Instruction Fuzzy Hash: D5311CB230164487EF568F56E5807A9B7E1FBA9FC4F08A215FB0957664DB38C8D1CB40
        Function 000000014008D3D9 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Windowfree$LongTextmalloc
        • String ID:
        • API String ID: 1796630370-0
        • Opcode ID: 8c33109241ee787565c54830d447b44589db6a645cdcfd2c4102219424397f47
        • Instruction ID: bcd6f01a33b12c44c436348fd04a0aa8f56ff1e8d3ff647d4178df68728b19a1
        • Opcode Fuzzy Hash: 8c33109241ee787565c54830d447b44589db6a645cdcfd2c4102219424397f47
        • Instruction Fuzzy Hash: 53118236305A4481FA678B07A5587E9B361B74CBE4F184217EF6D07BB8DE39C6848342
        Function 00000001400A2180 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: InfoItemMenufreemalloc
        • String ID: P
        • API String ID: 2847912382-3110715001
        • Opcode ID: 9e4dc5af44de59166f36d269e2cd61a9e01f1f36d6046bbace37f2e7ea0a9525
        • Instruction ID: 7603b72c84fbafec5b5317aec64b85d6f0775059242fc097d1520b8c29dce9fe
        • Opcode Fuzzy Hash: 9e4dc5af44de59166f36d269e2cd61a9e01f1f36d6046bbace37f2e7ea0a9525
        • Instruction Fuzzy Hash: F251A53230564086EB669B2BA4007AA62A1F79DBD4F144335FF5A47BE5DB3DC981CB40
        Function 0000000140028160 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: wcsncpy
        • String ID: This line does not contain a recognized action.${
        • API String ID: 322933527-101845141
        • Opcode ID: 78744dfd9af17a6e3ba67543173e6e5efc6e7af8fc2d58f7abebf6389824d46a
        • Instruction ID: b839ceabcc494670c74d03b30e9105ac2ded656d5ecb838e657dee74d31672ee
        • Opcode Fuzzy Hash: 78744dfd9af17a6e3ba67543173e6e5efc6e7af8fc2d58f7abebf6389824d46a
        • Instruction Fuzzy Hash: 0441E52961968085E7318F5AE10036EB261EB5CBD0F54621AFF99C7BE8E73DCD41C709
        Function 00000001400DB250 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _set_statfp
        • String ID: !$atan
        • API String ID: 1156100317-1342027943
        • Opcode ID: d1cffada53ad10265deae4f2fe55daa25edcc7d4d4d276b5a928eb95b7e0e825
        • Instruction ID: a7890210c86891647214b1f542aa41041c729023b3e3af1c8e5411bcbc6a564e
        • Opcode Fuzzy Hash: d1cffada53ad10265deae4f2fe55daa25edcc7d4d4d276b5a928eb95b7e0e825
        • Instruction Fuzzy Hash: F65180B1A15F50C9E6A3DB3798213EA6768AF5A7D4F408303EB5B22E71DB78D0438204
        Function 00000001400792B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Caps
        • String ID: 4
        • API String ID: 130273448-4088798008
        • Opcode ID: 12358aba9ce78f40959dd8e9d12ac1e2c88cbe73b8fa400dce645dd726b32cd5
        • Instruction ID: d25c8e2c0ba6728fba8cc23f5b386ffbda2ec32888b89444d184945559d76d21
        • Opcode Fuzzy Hash: 12358aba9ce78f40959dd8e9d12ac1e2c88cbe73b8fa400dce645dd726b32cd5
        • Instruction Fuzzy Hash: 5841B53271464086E72ACF26E4443AE73A5FB9D7D8F458116EB4D176E8EB7CC545CB00
        Function 00000001400AC229 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _itow
        • String ID: UTF-16$UTF-8
        • API String ID: 1169376501-557455392
        • Opcode ID: 7b1403d5914d4530fe47a8f82c8270930137f2c179ec5486ae11f4d63eebea58
        • Instruction ID: ce2663d095ed31aeab88efff22b8dc1b4c2bba8b507dabe6f4105b5f9e9763fb
        • Opcode Fuzzy Hash: 7b1403d5914d4530fe47a8f82c8270930137f2c179ec5486ae11f4d63eebea58
        • Instruction Fuzzy Hash: F431A43632574082E7B6DF6AE540BDE23A1F79C7C0F454616EB4A876E1DB38C990CB40
        Function 00000001400CD43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno_invalid_parameter_noinfo
        • String ID: B
        • API String ID: 2959964966-1255198513
        • Opcode ID: f142854bbd35509e0e6cf6d1b19321f8302ce735d6d42cf7474cb3ceb48b450d
        • Instruction ID: 4c29f18453707743488baf9c562445ff6073951acd49dd0199948b569ea73218
        • Opcode Fuzzy Hash: f142854bbd35509e0e6cf6d1b19321f8302ce735d6d42cf7474cb3ceb48b450d
        • Instruction Fuzzy Hash: 23317C72B14B648AFB1A9F66D4407DC76B4B748BD8F580216EF1A17BA9CB34D401D710
        Function 00000001400CC274 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: _errno_invalid_parameter_noinfo
        • String ID: B
        • API String ID: 2959964966-1255198513
        • Opcode ID: 3dbffe0ecb4f73c39fb9b65c97a116103d8a13a35a2cb64abf06d926933e568d
        • Instruction ID: 21f6b6ba8bc4f901c143108b015d77873a37f058539977df2aaa5f9727886b27
        • Opcode Fuzzy Hash: 3dbffe0ecb4f73c39fb9b65c97a116103d8a13a35a2cb64abf06d926933e568d
        • Instruction Fuzzy Hash: 4D217372B18BA489F71BDBA6E440BDC7A70A7087E8F544211FF1A17AE9CB3485458310
        Function 000000014006A430 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69timeCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Time$File$LocalSystem
        • String ID: %04d%02d%02d%02d%02d%02d
        • API String ID: 1748579591-4847443
        • Opcode ID: da853acb75203b9197ee7e39166a25ca6d04b4a46699a2b6eec94314b825f63d
        • Instruction ID: 543d6ab66f39a653baa6eca2ce8bb5353151caec1cb0951d654299c145d38e2f
        • Opcode Fuzzy Hash: da853acb75203b9197ee7e39166a25ca6d04b4a46699a2b6eec94314b825f63d
        • Instruction Fuzzy Hash: 9D317472218640C1D7659F16E8403AEB7B1F7C9BA0F154216FB9A43AE8DB7CC550CB50
        Function 00000001400A2400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: MenuWindow$InfoItem$RedrawVisible
        • String ID: P
        • API String ID: 4094535373-3110715001
        • Opcode ID: 1c50f4f2c919c2d43725ae82c15717623c3478abc8f7f097317918e0ad62bfbc
        • Instruction ID: 366fa4dc9fe67773129d5df7824e50ab7173fee0d9b2a875714e7a57374eb872
        • Opcode Fuzzy Hash: 1c50f4f2c919c2d43725ae82c15717623c3478abc8f7f097317918e0ad62bfbc
        • Instruction Fuzzy Hash: E11167363146808BE762CF26E84479A73A0F79CBD4F585226EB9943E65CB38D991CF40
        Function 00000001400691F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: SystemTime
        • String ID: %04d%02d%02d%02d%02d%02d
        • API String ID: 2656138-4847443
        • Opcode ID: 2ff4b1820d2364d9f577b191bec8b04824b767bcd333dad6373aca0fc83f01a2
        • Instruction ID: 081afddc60d746bfe1a987099392737971544f35c784718eac0e83f34709faf6
        • Opcode Fuzzy Hash: 2ff4b1820d2364d9f577b191bec8b04824b767bcd333dad6373aca0fc83f01a2
        • Instruction Fuzzy Hash: E2018072608240C6D7558F56E4503AAB7B6F789BA1F244316FBA943EE8E73DC194CB10
        Function 00000001400B4110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: ClassNameProcessThreadWindow
        • String ID: #32770
        • API String ID: 2910564809-463685578
        • Opcode ID: e8047d1e42999be60de19a6cc0ad454134824f98375cbbf849391dc593281c5a
        • Instruction ID: e63c6177215d44839a19a194d6d884bbe473a4af60b4672c8e870eaa7599cc95
        • Opcode Fuzzy Hash: e8047d1e42999be60de19a6cc0ad454134824f98375cbbf849391dc593281c5a
        • Instruction Fuzzy Hash: 07011232704A84D6EB628F59E4443A973B5F358BC8F584111EB8C57A68DF3CD9D6CB00
        Function 00000001400D2338 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3395015508.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
        • Associated: 00000000.00000002.3395001386.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395079548.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395118774.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395147142.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395163641.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_140000000_ftFxGrU7W4.jbxd
        Similarity
        • API ID: Stringwcsnlen
        • String ID: Link Source
        • API String ID: 1747122221-2774405599
        • Opcode ID: c080c2e9a6ea1d9ecb8d26c4e5a31789c6608c63ac5bcbbdbaeffb88547775a7
        • Instruction ID: 6036e2388dbd086b456f7592fa0f4c4355c3acd6c29aa9ac2c869fe03fc3d7c7
        • Opcode Fuzzy Hash: c080c2e9a6ea1d9ecb8d26c4e5a31789c6608c63ac5bcbbdbaeffb88547775a7
        • Instruction Fuzzy Hash: D9F0FE36704B4082DB258B07B441B5EABA5FBEEBD4F588125EF8857B29CA3CC9518B40